Help With Login & Redirect

yukino_girl · May 25, 2011, 6:07am

Hey,

I’m working on a user login script with redirect and I’m hitting a brick wall. I’m fairly new to PHP and wonder if anyone could assist me.

So far I have the follwing:

login.php

<?PHP

// Call Your Database Variables
include_once 'includes/db.php';

// Start The Session
session_start();

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];


$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;


$sql = "SELECT * FROM users WHERE userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql, $connect);


// Did the user enter a password/username and click submit?
if($_POST && !empty($uid) && !empty($pwd)) {
	$response = "Please enter a correct client id and password";
}
?>

<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Login</title>
</head>

<body>

	<form action="login.php" method="post">
		<p>
			<label>Client Id:</label>
			<input name="uid" type="text">
		</p>
		<p>
			<label>Password:</label>
			<input name="pwd" type="password">
		</p>
		<p>
			<input name="submit" type="submit" value="Login">
		</p>
	</form>
	
	<?php 
	
		if(isset($response)) echo "<h4 class='alert'>" . $response . "</h4>"; 
		
	?>
	
	<p>You must log in to access this area of the site. If you are
     not a registered user <a href="#">contact us</a> for access.</p>
	
</body>
</html>

db.php

<?PHP

/**********************************************************************
 *Contains all the basic Configuration
 *dbHost = Host of your MySQL DataBase Server... Usually it is localhost
 *dbUser = Username of your DataBase
 *dbPass = Password of your DataBase
 *dbName = Name of your DataBase
 **********************************************************************/

$db_host = 'localhost';
$db_user = 'root';
$db_pass = '';
$db_name = 'login';

$connect = mysql_connect($db_host, $db_user, $db_pass, $db_name)
        or die('Error Connecting to MySQL DataBase');


?>

I have my database set up as follows:

CREATE TABLE user ( ID INT PRIMARY KEY AUTO_INCREMENT, userid VARCHAR(100) UNIQUE NOT NULL, password CHAR(16) NOT NULL, fullname VARCHAR(100) NOT NULL, email VARCHAR(100) NOT NULL, notes TEXT);

I’m sure it’s simple but for the life of me I can’t figure out how to get my Admin user with an ID of 1 to go to an admin.php page and everyone else to go to a client.php page.

I know it has something to do with adding: header (“Location: admin.php”); or header ("Location: client.php); but none of the methods I’ve tried have worked.

If anyone can shed some light on this I’d appreciate it.

Cups · May 25, 2011, 8:08am

Ok, here is a rough pseudo code flow which should start you off:


start the session

if (the pwd and uid are not already in the session)

    { redirect to the login form; exit; }

if (the pwd and uid match the record in the database)

    { happy path :) : redirect to admin page with appropriate $response; exit; }

else

  {unhappy path : (ie BAD DATA SENT) : redirect to login, 
   set $response to appropriate message; exit; }

There are different ways to write the code, but have a crack at doing that first, and post your attempt here if you want to start a discussion on those alternatives.

nb - if you want to make sure the flow is working correctly then you could mock up your session and your database with a couple of fixed variables - and use the GET method temporarily in a really stripped down form in order that you can easily fiddle around with it and try and break things. Then incrementally add the other dependencies, database, session, pretty html page/form and so on.


<?php
$good_uid = '123';
$good_pwd = 'abc';
?>

When creating conditional checks always var_dump() the incoming variables onto the page in order to make sure your tests, !empty() etc, really do match your expectations too.