Home/ Questions/Q 3754632
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-19T09:34:29+00:00

at the moment, i’m taking POST information from a form and passing it to

  • 0

at the moment, i’m taking POST information from a form and passing it to a login.php page which runs them through this function:

function verify_Username_and_Pass($un, $pwd) {

    $query = "SELECT *
            FROM users
            WHERE username = ? AND password = ?
            LIMIT 1";

    if($stmt = $this->conn->prepare($query)) {
        $stmt->bind_param('ss', $un, $pwd);
        $stmt->execute();

        if($stmt->fetch()) {
            $stmt->close();
            return true;
        }
    }

}

At the moment, the only thing this checks for is whether a matching record exists, which in turn redirects the user to secret.php with this:

function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        header("location: ../secret.php");
    } else {
        header("location: ../index.php");
    }

}

But what i need to do is, instead of one secret page, have a PHP page for each user in the DB (theres only going to be a couple) so i need the function to return the name of the username if successful and redirect them to [username].php and also set a session with the username in it, so on the secret pages i can check whether the right user is coming to the right page? That make sense?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team
    function validate_user($un, $pwd) {
    $mysql = New Mysql();
    $ensure_credentials = $mysql->verify_Username_and_Pass($un, $pwd);

    if($ensure_credentials) {
        $_SESSION['status'] = 'authorized';
        $_SESSION['username'] = $un;
        header("location: ../secret.php");
    } else {
        header("location: ../index.php");
    }

}

    secret.php

    <?php
session_start(); //important;

if($_SESSION['status'] != 'authorized') { 
    header("Location: ../index.php");  // not logged in
}

/* user specific stuff.. */
echo '<h1>' . $_SESSION['username'] . '</h1>';

$query = 'SELECT * FROM `user_profile` WHERE `username`="' . $_SESSION['username'] . '"';
//etc

    edit
    if you’re insisting on having specific pages, have something like this:

    inside ross.php

    <?php
session_start();
if($_SESSION['username'] != 'Ross') { die('you shouldn\'t be here..'); }

// ok it's Ross, carry on
?>

    probably all better done using DB + sessions

    • 0