Member Avatar for bucktaylor

We have three different accounts on our website that members can sign up to but one login page. How can I set it up so when a user logs in they are taken to the correct account based off their user id?

Right now when someone logs in they are automatically redirected to “account one” but if they are an “account two” holder they get a “permission denied message”.

Also have the same problem with the “my profile” link… say account two holder is logged in and they are browsing the site and then they click on the “My Profile” link, they get a “permission denied message”. Can this link be set to read their user id or something so it takes them to the right profile page?

Everything’s working great for an “account one” holder .

Please help… code is below, and thank you.

Login page-
html code:

<td class="field"><input type="submit" value="Login" name="action"/></td>

php code:

//get query data
	$inpReturnURL = Footprint::$Request->Input("return", Footprint::URL("account/index.php"));

xml code:

<commands>
		<command id="lookup-login">
			SELECT 
				user.id AS user_id, 
				user.username
			FROM 
				user
			WHERE
				user.username = '%username%'
				AND(
					user.password = MD5('%password%')
				)
				AND(
					is_active = 'yes'
				)
			;
		</command>

"My Profile" link-
useing an xsl file that the html page calls on:

<a href="account/index.php">My Profile</a>

thanks

  • 2 Contributors
  • 3 Replies
  • 206 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by ApocDen
Member Avatar for ApocDen

show me the full index.php codes

Member Avatar for bucktaylor

show me the full index.php codes

Here you go.

<?php
require_once($_SERVER["DOCUMENT_ROOT"] ."/_GLOBAL/init.php");
//##########################################################################################
	
//--> Begin :: Page
	//open database
	Footprint::$DB->Open();
	
	//get page template
	Footprint::$Page->LoadFile(Footprint::FilePath("login/index.html"), Footprint::$RootPath);
	
	//get query data
	$inpReturnURL = Footprint::$Request->Input("return", Footprint::URL("account/index.php"));
	
	//get form data
	$inpAction = Footprint::$Request->Input("action");
	$inpUsername = Footprint::$Request->Input("username");
	$inpPassword = Footprint::$Request->Input("password");
	$inpRememberMe = Footprint::$Request->Input("remember_me");
	
	//validate data
	if($inpAction == "Login") {
		if($inpUsername == "") {
			Footprint::$Errors->Add("Please supply your username.");
		}
		if($inpPassword == "") {
			Footprint::$Errors->Add("Please supply your password.");
		}
	}
	
	//check for action
	if(Footprint::$Errors->Count() == 0 && $inpAction == "Login") {
		//lookup login information
		Footprint::$DB->SQLCommand = Footprint::$SQL->GetCommand("lookup-login", Footprint::FilePath("login/index.sql.xml"));
		Footprint::$DB->SQLKey("%username%", $inpUsername);
		Footprint::$DB->SQLKey("%password%", $inpPassword);
		$dtrData = Footprint::$DB->GetDataRow();
		
		if(Footprint::$DB->GetFoundRows() == 1) {
			//validate remote IP
			if(!Footprint::$User->HasValidIP($dtrData["user_id"])) {
				//add alert
				Footprint::$Errors->Add("Login failed: your IP address could not be validated.");
			}
			//their IP is good, lets give them a session
			else {
				//log this user in
				Footprint::$User->Login($dtrData["user_id"], $dtrData["username"], ($inpRememberMe == "yes" ? 1440 : 60));
				
				//log user history
				Footprint::$User->LogHistory("User logged in.", $dtrData["user_id"]);
				
				//close database
				Footprint::$DB->Close();
				
				//set redirect url
				Footprint::$Response->RedirectURL = $inpReturnURL;
				
				//finalize request
				Footprint::$Response->Finalize();
			}
		}
		else {
			//log anonymous user history
			Footprint::$User->LogHistory("Attempted user login with username: '". $inpUsername ."' and password: '". $inpPassword ."'.");
			
			//set notice
			Footprint::$Errors->Add("Login failed: username and password combination not found or your account is inactive.");
		}
	}
	//end check for action
	
	//replace page elements
		//selected tab
		Footprint::$Page->GetNodesByDataSet("label", "tab_login")->SetAttribute("class", "selected");
		
		//form elements
		Footprint::$Page->GetNodesByDataSet("label", "footprint_alerts")->SetInnerHTML(Footprint::$Utility->GetAlerts());
		Footprint::$Page->GetNodesByDataSet("field", "username")->SetAttribute("value", $inpUsername);
		Footprint::$Page->GetNodesByDataSet("field", "password")->SetAttribute("value", $inpPassword);
		if($inpRememberMe == "yes") {
			Footprint::$Page->GetNodesByAttribute("data-field", "remember_me")->SetAttribute("checked", "checked");
		}
	//end replace page elements
	
	//close database
	Footprint::$DB->Close();
	
	//finalize request
	Footprint::$Response->Finalize(Footprint::$Page->ToString());
//<-- End :: Page

//##########################################################################################
?>
Member Avatar for ApocDen

you need to use sessions for it to work. session saves information in the browser and you can choose to cave the information of account 1 or account 2 around line 57 add something like this

$_SESSION['user_id'] = $row['user_id'];

that code saves the user id in the session and in the main site you can use sql to compare the saved user id in the session with the one on mysql and with that information you can display the information depending on the account you are on. The sql to search for the user id looks like

$sql = "SELECT * FROM users WHERE id='".mysql_real_escape_string($_SESSION['user_id'])."'";
$query = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_object($query);
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.