login then go direct to personal download page

Report · May 04, 2010

Hi - I can't get my head round how I can accomplish this. I have a db table where users can have up to 10 items to download, the idea being that each of these will be personal to that user. What I want to be able to do is have a login page where the user will enter their username and password, then be taken direct to "their" download page. I've put together a login page and a download results page in PHP, and although I can get the login page to redirect to the results page, nothing's appearing on that page...

I assume that there must be a way of coding the redirect part of the page so that it's looking for a user id to display the correct results, but I can't see where this would go.

Any assistance with this would be greatly appreciated.

Report · May 04, 2010

On the download page create a recordset and filter the recordset where session variable = table row for users ID then place the bindings on the page for the recordset.

Report · May 04, 2010

Hi - thanks for the suggestion. I've tried that and am having problems still - nothing displays on the results page. When you enter the username and password, it redirects to the results page and there's a box where the results should be appearing, but no results....

this is the code for the search page (login page):

<?php require_once('Connections/connSRSclients.php');?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

$colname_rsClients = "-1";

if (isset($_SESSION['client_id'])) {

$colname_rsClients = (get_magic_quotes_gpc()) ? $_SESSION['client_id'] : addslashes($_SESSION['client_id']);

}

mysql_select_db($database_connSRSclients, $connSRSclients);

$query_rsClients = sprintf("SELECT * FROM clients WHERE client_id = %s", GetSQLValueString($colname_rsClients, "int"));

$rsClients = mysql_query($query_rsClients, $connSRSclients) or die(mysql_error());

$row_rsClients = mysql_fetch_assoc($rsClients);

$totalRows_rsClients = mysql_num_rows($rsClients);

?><?php

// *** Validate request to login to this site.

if (!isset($_SESSION)) {

session_start();

}

$loginFormAction = $_SERVER['PHP_SELF'];

if (isset($_GET['accesscheck'])) {

$_SESSION['PrevUrl'] = $_GET['accesscheck'];

}

if (isset($_POST['username'])) {

$loginUsername=$_POST['username'];

$password=$_POST['password'];

$MM_fldUserAuthorization = "";

$MM_redirectLoginSuccess = "download_Results.php";

$MM_redirectLoginFailed = "index.html";

$MM_redirecttoReferrer = false;

mysql_select_db($database_connSRSclients, $connSRSclients);

$LoginRS__query=sprintf("SELECT client_user, client_pass FROM clients WHERE client_user=%s AND client_pass=%s",

GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $connSRSclients) or die(mysql_error());

$loginFoundUser = mysql_num_rows($LoginRS);

if ($loginFoundUser) {

$loginStrGroup = "";

//declare two session variables and assign them

$_SESSION['MM_Username'] = $loginUsername;

$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {

$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];

}

header("Location: " . $MM_redirectLoginSuccess );

}

else {

header("Location: ". $MM_redirectLoginFailed );

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Search clients</title>

<!--

-->

</style>

function validateWADASearchForm(formNode){

var formValidatorInstance = new FormValidator(formNode);

formValidatorInstance.addRule('S_client_pass','Sorry, you don\'t appear to be registered','required');

return formValidatorInstance.validate();

}

</script>

</head>

<body>

<tr>

<td>Username:</td>

</tr>

<tr>

<td>Password:</td>

</tr>

<tr>

</tr>

</table>

</form>

</div>

</div>

<a href="portfoliodesign.html">PORTFOLIO DESIGN</a><br />

<a href="download_Search.php">CLIENT LOGIN</a><br />

<a href="marketblog.php">MARKET BLOG</a><br />

<a href="contact.html">CONTACT US</a> </div>

</div>

<div id="adress">client address</div>

</div>

</body>

</html>

<?php

mysql_free_result($rsClients);

?>

--------------------------------------------

this is the code for the results page:

<?php require_once('Connections/connSRSclients.php'); ?>

<?php

if (!function_exists("GetSQLValueString")) {

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")

{

$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {

case "text":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "long":

case "int":

$theValue = ($theValue != "") ? intval($theValue) : "NULL";

break;

case "double":

$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";

break;

case "date":

$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";

break;

case "defined":

$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;

break;

}

return $theValue;

}

$colname_rsClients = "-1";

if (isset($_SESSION['client_id'])) {

$colname_rsClients = (get_magic_quotes_gpc()) ? $_SESSION['client_id'] : addslashes($_SESSION['client_id']);

}

mysql_select_db($database_connSRSclients, $connSRSclients);

$query_rsClients = sprintf("SELECT * FROM clients WHERE client_id = %s", GetSQLValueString($colname_rsClients, "int"));

$rsClients = mysql_query($query_rsClients, $connSRSclients) or die(mysql_error());

$row_rsClients = mysql_fetch_assoc($rsClients);

$totalRows_rsClients = mysql_num_rows($rsClients);

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<head>

<title>Results clients</title>

<!--

-->

</style>

<!--

.style1 {

color: #1CA8E2;

font-weight: bold;

}

.style2 {

color: #323232;

font-weight: bold;

}

-->

</style>

</head>

<body>

<div id="contentright3">Downloadable items for

<div id="portfoliodocs"><span class="style1">Portfolio documents:</span><br />

<br />

</div>

</div>

<a href="portfoliodesign.html">PORTFOLIO DESIGN</a><br />

<a href="download_Search.php">CLIENT LOGIN</a><br />

<a href="marketblog.php">MARKET BLOG</a><br />

<a href="contact.html">CONTACT US</a> </div>

</div>

<div id="adress">client address</div>

</div>

</body>

</html>

<?php

mysql_free_result($rsClients);

?>

--------------------------------------------

Report · May 04, 2010

For the result page... update the recordset by filter it as below

This will show the record based on login username and make sure you restrict the page with username and password, or maybe also with user level if u have one. I guess u have username row in your client table. If u dont then u just need to join the client table with the user table.

Report · May 05, 2010

Hi - thanks for your input. I have set up the recordset so it filters by id, but I think the problem is because I have a user authentication behavior on the login page, and a redirect to the results page, whereas I'd assumed that what I'd need is a redirect with some code which would indicate that the next (results) page needs to filter by id.... does that make sense?

I'm a bit of a newb with this stuff so perhaps I've got that twisted somehow?

Report · May 05, 2010

Your download page filters the recordset according to $_SESSION['client_id'] but on the login page I do not see a setting to declare the $_SESSION['client_id']

This part of your login page code is useless:

$colname_rsClients = "-1";

if (isset($_SESSION['client_id'])) {

$colname_rsClients = (get_magic_quotes_gpc()) ? $_SESSION['client_id'] : addslashes($_SESSION['client_id']);

}

mysql_select_db($database_connSRSclients, $connSRSclients);

$query_rsClients = sprintf("SELECT * FROM clients WHERE client_id = %s", GetSQLValueString($colname_rsClients, "int"));

$rsClients = mysql_query($query_rsClients, $connSRSclients) or die(mysql_error());

$row_rsClients = mysql_fetch_assoc($rsClients);

$totalRows_rsClients = mysql_num_rows($rsClients);

You need to properly set a value for $_SESSION['client_id'] if you want to use that session varilable in your download page.