at the moment, i'm taking POST information from a form and passing it to a login.php page which runs them through this function:
function verify_Username_and_Pass($un, $pwd) {
$query = "SELECT *
FROM users
WHERE username = ? AND password = ?
LIMIT 1";
if($stmt = $this->conn->prepare($query)) {
$stmt->bind_param('ss', $un, $pwd);
$stmt->execute();
if($stmt->fetch()) {
$stmt->close();
return true;
}
}
}
At the moment, the only thing this checks for is whether a matching record exists, which in turn redirects the user to secret.php with this:
function validate_user($un, $pwd) {
$mysql = New Mysql();
$ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
header("location: ../secret.php");
} else {
header("location: ../index.php");
}
}
But what i need to do is, instead of one secret page, have a PHP page for each user in the DB (theres only going to be a couple) so i need the function to return the name of the username if successful and redirect them to [username].php and also set a session with the username in it, so on the secret pages i can check whether the right user is coming to the right page? That make sense?
Or, don't pass the username as get parameter, but save the username in the session:
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
$_SESSION['username'] = $un;
header("location: ../secret.php");
}
and in secret.php
:
if ($_SESSION['username'] == 'Jack') {
echo 'Hey Jack!';
}
elseif ($_SESSION['username'] == 'Jill') {
echo 'Hello Jill!';
}
else {
// die / send 404
}
or match username against database for custom page content.
I don't discuss about if this is or not a right and clear implementation. I just try to "fix" your code:
function validate_user($un, $pwd) {
$mysql = New Mysql();
$ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
$_SESSION['username'] = $un;
header("location: ../{$un}.php");
} else {
header("location: ../index.php");
}
}
Into <username>.php
you can check if $_SESSION['username']
is equals to the file name minus the .php extensions
But! Maybe there is a better implementation...for instance instead of having N php files (onece for user) you can have just one php file that will load the right data based on $_SESSION['username']
value
UPDATED: At the head of <username>
.php
<?php
session_start();
if ($_SESSION['status'] == 'authorized' && preg_match("/^{$_SESSION['username']}\\.php$/",__FILE__)){
echo "OK";!
}else{
header("location: ../index.php");
}
?>
function validate_user($un, $pwd) {
$mysql = New Mysql();
$ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);
if($ensure_credentials) {
$_SESSION['status'] = 'authorized';
$_SESSION['username'] = $un;
header("location: ../secret.php");
} else {
header("location: ../index.php");
}
}
secret.php
<?php
session_start(); //important;
if($_SESSION['status'] != 'authorized') {
header("Location: ../index.php"); // not logged in
}
/* user specific stuff.. */
echo '<h1>' . $_SESSION['username'] . '</h1>';
$query = 'SELECT * FROM `user_profile` WHERE `username`="' . $_SESSION['username'] . '"';
//etc
edit if you're insisting on having specific pages, have something like this:
inside ross.php
<?php
session_start();
if($_SESSION['username'] != 'Ross') { die('you shouldn\'t be here..'); }
// ok it's Ross, carry on
?>
probably all better done using DB + sessions
You could have a page called member.php
and pass the username as a parameter.
for instance member.php?username=benhowdle89
.
Would this suffice? What is on the 'secret' page?
If you really need a separate page for each then you could do:
if(!is_file($username.'.php')){
$user_file = fopen($username.'.php', 'w');
fwrite($user_file, '<p>User content</p>');
}
header('Location:'.$username.'.php', true, 302);
exit;
It still doesn't seem like the best solution to the problem. I'd personally just save the user id/name to a session like:
session_start();
$_SESSION['user_id'] = 23;
And then I could build the content for each user page dynamically, based on that value.
将它们重定向到header secret.php?user = $ un
It does make sense and it doable, although I do not see why would you want to do something complicated like that. First of all you need to return the data from your query instead of true, I do not know what library are you using, although that $stmt->fetch() stuff should return an array, an object, an array of objects, so do something like this $data = $stmt->fetch(); return $data; an put a print_r($data) to see what is inside. Afterwords use the thing with member.php form the aswer above.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.