Alex T
2008-11-10 13:03:54 UTC
I am having a problem with logging in. my wife wants a website create which i can do but she also wants a "login" section for her clients to view their photos. now i have managed to follow certain steps for a registration page and login bit. But thus far i do not know how to create a form of code or summit along those lines to where we can get the username to goto said folder. for instance
Bill Banks types in his username Billy123 and password 1234546 and it logs him into his section for instance www.domain.com/billbanksphotos/ (domain not working just example) and sarah logs into her account and gets sent to /sarahsfolder but they cannot access each others folders without the other persons username and password. i have unlimited mysql databases and willing to learn anything i can. this is the code for my registration pageto whihc my wife will post peoples data on like username password and clientfolder
// Connects to your Database
mysql_connect("www.alextovey.co.uk", "usernamedatbase", "password") or die(mysql_error());
mysql_select_db("databasename") or die(mysql_error());
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match. ');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password)
VALUES ('".$_POST['username']."', '".$_POST['pass']."')";
$add_member = mysql_query($insert);
?>
Registered
Thank you, you have now registered your clients.
}
else
{
?>
}
?>
i have created 4 fields in the db ID,USERNAMES,PASSWORD,CLIENTFOLDER
while this is the code for the login page:-
// Connects to your Database
mysql_connect("www.alextovey.co.uk", "username", "password") or die(mysql_error());
mysql_select_db("databasename") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: members.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That username does not exist in our database.');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POS