1

at the moment, i'm taking POST information from a form and passing it to a login.php page which runs them through this function:

function verify_Username_and_Pass($un, $pwd) {

    $query = "SELECT *
            FROM users
            WHERE username = ? AND password = ?
            LIMIT 1";

    if($stmt = $this->conn->prepare($query)) {
        $stmt->bind_param('ss', $un, $pwd);
        $stmt->execute();

        if($stmt->fetch()) {
            $stmt->close();
            return true;
        }
    }

}

At the moment, the only thing this checks for is whether a matching record exists, which in turn redirects the user to secret.php with this:

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        header("location: ../secret.php");
    } else {
        header("location: ../index.php");
    }

}

But what i need to do is, instead of one secret page, have a PHP page for each user in the DB (theres only going to be a couple) so i need the function to return the name of the username if successful and redirect them to [username].php and also set a session with the username in it, so on the secret pages i can check whether the right user is coming to the right page? That make sense?

Improve this question
2
  • 1
    I get everything but the 'secret' pages, why do you need to create one for each user? why not just use sessions and one 'secret' page? Commented Jan 20, 2011 at 9:45
  • see comment on Matt Lowdens answer Commented Jan 20, 2011 at 9:48

6 Answers 6

Reset to default
2

Or, don't pass the username as get parameter, but save the username in the session:

if($ensure_credentials) {
    $_SESSION['status'] = 'authorized';
    $_SESSION['username'] = $un;
    header("location: ../secret.php");
}

and in secret.php:

if ($_SESSION['username'] == 'Jack') {
    echo 'Hey Jack!';
}
elseif ($_SESSION['username'] == 'Jill') {
    echo 'Hello Jill!';
}
else {
    // die / send 404
}

or match username against database for custom page content.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1 
function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        $_SESSION['username'] = $un;
        header("location: ../secret.php");
    } else {
        header("location: ../index.php");
    }

}

secret.php

<?php
session_start(); //important;

if($_SESSION['status'] != 'authorized') { 
    header("Location: ../index.php");  // not logged in
}

/* user specific stuff.. */
echo '<h1>' . $_SESSION['username'] . '</h1>';

$query = 'SELECT * FROM `user_profile` WHERE `username`="' . $_SESSION['username'] . '"';
//etc

edit if you're insisting on having specific pages, have something like this:

inside ross.php

<?php
session_start();
if($_SESSION['username'] != 'Ross') { die('you shouldn\'t be here..'); }

// ok it's Ross, carry on
?>

probably all better done using DB + sessions

Improve this answer

Comments

1

I don't discuss about if this is or not a right and clear implementation. I just try to "fix" your code:

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        $_SESSION['username'] = $un;
        header("location: ../{$un}.php");
    } else {
        header("location: ../index.php");
    }

}

Into <username>.php you can check if $_SESSION['username'] is equals to the file name minus the .php extensions

But! Maybe there is a better implementation...for instance instead of having N php files (onece for user) you can have just one php file that will load the right data based on $_SESSION['username'] value

UPDATED: At the head of <username>.php

<?php
session_start();
if ($_SESSION['status'] == 'authorized' && preg_match("/^{$_SESSION['username']}\\.php$/",__FILE__)){
  echo "OK";!
}else{
  header("location: ../index.php");
}
?>
Improve this answer

1 Comment

Thanks for giving me a solution that works, i would love to just have one page for all but like i said i'm going to be have varying content on each page.
0

Redirect them to header secret.php?user=$un

Improve this answer

Comments

0

You could have a page called member.php and pass the username as a parameter.

for instance member.php?username=benhowdle89.

Would this suffice? What is on the 'secret' page?

If you really need a separate page for each then you could do:

if(!is_file($username.'.php')){
    $user_file = fopen($username.'.php', 'w');
    fwrite($user_file, '<p>User content</p>');
}

header('Location:'.$username.'.php', true, 302);
exit;

It still doesn't seem like the best solution to the problem. I'd personally just save the user id/name to a session like:

session_start();
$_SESSION['user_id'] = 23;

And then I could build the content for each user page dynamically, based on that value.

Improve this answer

1 Comment

I see your point but i'm going to have slightly different content on each page. And its imperative that one user doesnt see another users page. But i cant tell whats going to be on these pages yet, so that why i was going to have one page per user
0

It does make sense and it doable, although I do not see why would you want to do something complicated like that. First of all you need to return the data from your query instead of true, I do not know what library are you using, although that $stmt->fetch() stuff should return an array, an object, an array of objects, so do something like this $data = $stmt->fetch(); return $data; an put a print_r($data) to see what is inside. Afterwords use the thing with member.php form the aswer above.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.