hi everybody,

i am looking for a php login script that send users depending on their login to a login specific site.

its supposed to be a client area.

example: there is a login form on the website (html not flash), t he client enters his given username and password an will be transported to the site specified for him. client a gets to see client a site, client b gets to see client b site. i hope this is not too confusing.

i found the following script which uses .htaccess and a form, but unfortunatly it doesn't work with multiple logins.


$server = "www.yourdomain.com/protecteddirectory/";

if(isset($HTTP_POST_VARS['username']))
{
$username = $HTTP_POST_VARS['username'];
}

if(isset($HTTP_POST_VARS['password']))
{
$password = $HTTP_POST_VARS['password'];
}

?>
<script>
function redirect()
{
window.location.replace("http://<?=$username?>:<?=$password?>@<?=$server?>");
}
setTimeout("redirect();", 1000);

can anybody help? i don't have much experience with programming stuff.

thanks,
funkyfly

Depends on how much users you want to have access. For a couple of users, it's not so hard:



<?

$username = $_POST['username'];
$password = $_POST['password'];

if ($username = "User 1" && $password = "User 1 password"){
header("Location: http://www.yourserver.com/user1page.html");
}

if ($username = "User 2" && $password = "User 2 password"){
header("Location: http://www.yourserver.com/user2page.html");
}

if ($username = "User 3" && $password = "User 3 password"){
header("Location: http://www.yourserver.com/user3page.html");
}
?>


That should do it. If it doesn't work, I'll leave this to JubJub :) Remove the a href stuff, only keep the http:// address, so that it become "Location: url"The whole a href part is autmoatically added. That's kinda annoying :-\

hi voetsjoeba,

thanks a lot for you reply and help. sorry to ask such stupid questions but where do i store the users and passwords. this doesn't work with .htaccess anymore. the script should handle different directories. (clients/client a or clients/client b)

do i store it in the php file? if so it would seem pretty unsecure. doesn't it?

the script should handle only a few users (5). does this script ensure that user a can't see user b stuff?

i will never learn that stuff :-(

greets,
funkyfly

Well, the php script can't be viewed by the browser, especially not because it will redirect very fast. And by the way, that's no stupid question :). The passwords should be 'stored' inside your users brains. You should tell them the user name and password which they can use to go to their page. And if your users do not pass them along, they won't get to see the other's pages.

The directories are no problem at all. Just replace the link (http://www.yourserver.com/userpage1.html) with any link you want.

it's me again :)

i'm doing something wrong i guess, because its not working. here is the code i use:




<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Untitled</title>
</head>

<body>
<form action="phplogin.php" method="post">
<input type="text" name="username">
<input type="password" name="password">
<input type="submit" value="Submit">
</form>


</body>
</html>[PHP]

the phplogin:

[PHP]
<?php
<?

$username = $_POST['username'];
$password = $_POST['password'];

if ($username = "test" && $password = "test"){
header("Location: "http://www.mydomain.com/clients/clientsa/index.html/");
}

if ($username = "test1" && $password = "test1"){
header("Location: "http://www.mydomain.com/clients/clientsb/index.html/")
}
>


maybe i can't get the php quotes right?

funkyfly

header() has to go before any HTML

You used " inside other ones, which makes PHP think that the location to go to has already ended at "Location :". This should work:



<?

$username = $_POST['username'];
$password = $_POST['password'];
$user1url = "http://www.mydomain.com/clients/clienta/index.html";
$user2url = "http://www.mydomain.com/clients/clientb/index.html";
$user3url = "http://www.mydomain.com/clients/clientc/index.html";

if ($username = "test" && $password = "test"){
header("Location: $user1url");
}

if ($username = "test2" && $password = "test2"){
header("Location: $user2url");
}

if ($username = "test3" && $password = "test3"){
header("Location: $user3url");
}

?>


This should be placed entirely BEFORE the HTML code. Use this for your form: action="
<? echo($PHP_SELF) ?>". It should work when doing that.

this is really driving me nuts :hangover:

i don't know if it is too much but could send me the file by mail? the php file and the form, i just can't get it to work

i still don't get it. i feel like a dumb *** :(

mail (funkyfly@gmx.net)

thanks for your help. thats a really cool community.

funkyfly

I'd love to, but my host is down for the moment. I've attached the php file that should do it.

thanks for the file, i really appreciate your help but something is still wrong.

take a look at test link (http://www.vollhias.com/test)

i renamed the pass.php into index.php and uploaded it there, but it automatically redirects to user3url without even showing the form? i don't get the chance to login.

funky

Oh well, let's just do it the good ol' fashion way then. Make sure to upload them both in the same directory, or else change the link to the php file in the html.

well what can i say? i'm starting to feel really dumb.

you probably won't believe but it's still not working. regardless of the pass i enter i'm getting the clientc page (login nr. 3)

i mean, i took your files uploaded them to the same directory and tried. i don't see why i screw up.

if you give up i can understand ;-)

funkyfly

You did fill in the html file right ?

what you mean by that?

Well, you have to fill in the fields in the HTML file and click submit for it to work.

yeah, i dit that. just renamed pass.html to index.html

Weird. Can you tell me where you've put it online ?

sure! you can find it here (http://www.vollhias.com/test)

btw, i removed one of the users to see if it makes any difference. now its redirecting mit to $user2url

Replace pass.php please, it prints the inputted data. Just to test.

done

the warning message is new by the way

Doesn't matter, at least I know that the filling in isn't the problem. Replace again with this one.

uploaded the new file

Still not working :-\ I'll leave this to Jubba ... :sleep::hair:

thanks for all your help m8!

Well, I didn't help much :-\:P

but you tried really hard and that's what counts ;-)

Here is a file that I created to help someone else with their login stuff... it might help you.


edit the file "include.php"

The first array is the usernames, the second array is the passwords.

If you can understand how that works and everything, then we'll work on the redirect.

hi jubba,

thanks alot for the files. i edited the include.php. i think i figured it pretty much out: it looks up the user and pass if its in the array you get access, if not you're screwed ;-)

although i have to admit that i do not know what
$arrayLength = sizeof($userArray); is for.

i'm really curious how the redirect works.

ff

Ok, now that just gets the length so I know how many users to check for.

Then the for loop checks to see if the user is in the array and if their password has the same array position.

for redirection I would add another array to "include.php"



// Name these pages whatever they need to be to match
// the user that the page belongs to.
$redirect = array("page1.htm", "page2.htm", "page3.htm", "page4.htm");


then in the file "login.php"

replace this:



print "Login Acceptable. Proceed.";


with this:



header("Location: ".$redirect[$x]);


that should work.

it works like a charm. great! you should see the smile on my face :) can i ask you one more thing:

actually its possible to call the pages directly from the browser because they are not protected. i mean there is the login, but if you skip that you can still view the pages that are supposed to be protected. know what i mean? so if user 1 finds out user 2's site he can just type it in the adress field and voila. but if i protect them with .htaccess files the login site will not work anymore.

ff

yeah. I would do this:

when the login is correct, before the redirect, set a cookie and then at the top of each page, check to see if the cookie is set. If its not, then redirect them to an error page...

if you need help with that I can give you a hand, but I can't until Monday morning or so..

hi jubba,

would be great if you could help me with that. i get back to you tomorrow. thanks!

ff

Ok here's the deal. Since we're going to be using PHP, we're going to want to do it the correct way. So all those files that you are redirecting people have to be PHP files. All your HTML will work correctly, but just change the extention to PHP so we can get this security to work. Now we can have mid-level security and use cookies, or we can have a bit higher level and use sessions. I'm going to show you how to use cookies because, well I don't think that this needs to be super secure. There are going to be ways around this, but not without creating a cookie and editing its properties.

What you're going to want to do is, when the login and password are correct, before you send them to another location with your header() code, is set a cookie. So now our code on the login.php page should look like this:


<?
/* Catch the variables with $_POST[]; Since the new versions of PHP have
global variables turned off due to safety features, its best to use this
with your script so that you can be sure the script will work on all
servers (global vars off or not)*/
$user = $_POST['user'];
$pass = $_POST['pass'];

include("include.php");

$failure = array();

for($x=0; $x<$arrayLength; $x++)
{
if($user == $userArray[$x] && $pass == $passArray[$x])
{
setcookie("user", $userArray[$x]);
setcookie("page", $redirect[$x]);
header("Location: " . $redirect[$x]);
}
else
{
array_push($failure, $x);
if(sizeof($failure) >= $arrayLength)
{
print "Login not acceptable. User does not exist, or invalid password entered. Please try again.";
}
}
}
?>


ok that will set our cookies.

now, on each of your pages that you send people to place this code, and it will perform a check for the user name, and make sure that the user's cookie matches the name of the page...


<?
include("include.php");

$page = $PHP_SELF;
$page = split("/", $page);
$num = sizeof($page) - 1;
$page = $page[$num];

for($x=0;$x<sizeof($userArray); $x++)
{
if($user == $userArray[$x])
{
if($page != $location)
{
header("Location: error.php");
}
}
}
if(!$user || !$location)
{
header("Location: error.php");
}

?>


Ok, now that code will redirect them to the page "error.php" if:

The $user cookie is not set, the $lcoation cookies is not set, or if the cookie that is set does not match the page that they are trying to view. Just place that at the top of each page that is in your redirect array. Make sure that it goes before any HTML.

can someone please send me the zip file with ready files please, i cant figure out what goes to what.


(marius26@ntlworld.com)
Email
(marius26@ntlworld.com)

THis is a bit old...