Welcome to the Treehouse Community

Want to collaborate on code errors? Have bugs you need feedback on? Looking for an extra set of eyes on your latest project? Get support with fellow developers, designers, and programmers of all backgrounds and skill levels here with the Treehouse Community! While you're at it, check out some resources Treehouse students have shared here.

Looking to learn something new?

Treehouse offers a seven day free trial for new students. Get access to thousands of hours of content and join thousands of Treehouse students and alumni in the community today.

Start your free trial

PHP

Posted by Andrea Zepeda
Andrea Zepeda
90 Points

User Login

Hi! Im making a login system and i finally make the thing work... But now i have to check wich user logged in and direct him to a profil page. Of course is a profile page that i already made and cant be modify just know.

But i dont know how to do it... Could you please give and advice? That would be great! :) Thanks!

2 Answers

Andrew McCormick
Andrew McCormick
17,730 Points
Andrew McCormick
Andrew McCormick
17,730 Points

if you log the user name to $_SESSION. Then you can do something like:

 redirect_to($_SESSION['username']."_profile.php");
Andrea Zepeda
Andrea Zepeda
90 Points

Oh ok ok... so i have to redirect to the new page. If i use an if to select a username in particular, where should i give that parameter to the command?

My code for the login form is this:

<?php

ob_start();
 $host="localhost";
 // Host name $username="";
 // Mysql username $password="";
 // Mysql password $db_name="test";
 // Database name $tbl_name="members";
 // Table name

// Connect to server and select databse.
 mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
 $myusername=$_POST['myusername'];
 $mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
 $myusername = stripslashes($myusername);
 $mypassword = stripslashes($mypassword);
 $myusername = mysql_real_escape_string($myusername);
 $mypassword = mysql_real_escape_string($mypassword); 
$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'"; 
$result=mysql_query($sql);

// Mysql_num_row is counting table row 
$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row
 if($count==1){
 // Register $myusername, $mypassword and redirect to file "login_success.php"
 $_SESSION['myusername'];
 $_SESSION['mypassword']; 
header("location:../perfil.html"); 
} else {
 echo "Wrong Username or Password"; 
}
 ob_end_flush(); ?>
Andrew McCormick
Andrew McCormick
17,730 Points 
 if($count==1){
 // Register $myusername, $mypassword and redirect to file "login_success.php"

//Process the $result from the query and assign the session variable
$found_user = mysql_fetch_array($result);
 $_SESSION['myusername'] = $found_user['username'];
/*You probably don't want to store the password to the session  $_SESSION['mypassword'];   */
redirect_to($_SESSION['myusername']."_profilepage.html");
} 
else {
 echo "Wrong Username or Password"; 
}

as a side note. Before you go any further, you might want to check out PDO

Andrea Zepeda
Andrea Zepeda
90 Points
Andrea Zepeda
Andrea Zepeda
90 Points

jmmm