Jump to content

using a database to allow access


Recommended Posts

I wonder if somebody can help me please. I have a webpage that I only want certain people to be able to visit, depending on if their details are in the database. I think I got it right (or at least most of it right), but just wanted someone to confirm this as I'm not that confident around php.Somebody will do to a page and have to add their name

<form action="user.php" method="get"><label>Name<input type="text" name="fistname" /></label><input type="text" name="surname" /><br /><input type="submit" value="GO" /></form>

Then the user.php page would be

<?php$con = mysql_connect("hostname/server IP","username","password");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("database_name", $con);$result = mysql_query("SELECT users");$firstname = $_REQUEST['firstname'];$surname = $_REQUEST['surname'];if ($firstname == '' and $surname == '') {echo 'user_page.php';} else {echo "non_user_page.php";}?>

So basically if both the first and surnames match results that are stored in a database then they are taken to one page, but are taken to a different page if they are not in the database.Thanks

Link to post
Share on other sites

I'd do it this way:

<?php$con = mysql_connect("hostname/server IP","username","password");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("database_name", $con);$firstname = $_REQUEST['firstname'];$surname = $_REQUEST['surname'];$result = mysql_query("SELECT * FROM users WHERE firstname = '$firstname' AND surname = '$surname'");if (mysql_num_rows($result) > 0) {echo 'user_page.php';} else {echo "non_user_page.php";}?>

By the way, substitute firstname and surname for the database field names if these are incorrect in "firstname = '$firstname' AND surname = '$surname'"

Link to post
Share on other sites
I'd do it this way:
<?php$con = mysql_connect("hostname/server IP","username","password");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("database_name", $con);$firstname = $_REQUEST['firstname'];$surname = $_REQUEST['surname'];$result = mysql_query("SELECT * FROM users WHERE firstname = '$firstname' AND surname = '$surname'");if (mysql_num_rows($result) > 0) {echo 'user_page.php';} else {echo "non_user_page.php";}?>

By the way, substitute firstname and surname for the database field names if these are incorrect in "firstname = '$firstname' AND surname = '$surname'"

Thanks, I'll give that a go
Link to post
Share on other sites
To redirect, set the header like this in place of the echos. Just replacing "" with the addess you want to redirect to. header( 'Location: ' );
Sorry to be stupid, but where do I put the header( "Location: {url}'); ? I changed the code to
<?php$con = mysql_connect("hostname/server IP","username","password");if (!$con)  {  die('Could not connect: ' . mysql_error());  }mysql_select_db("database_name", $con);$firstname = $_REQUEST['firstname'];$surname = $_REQUEST['surname'];$result = mysql_query("SELECT * FROM users WHERE firstname = '$firstname' AND surname = '$surname'");if (mysql_num_rows($result) > 0) {header("location: loggedin.php");	  exit();  } else {	  echo 'echo "register.php.!';  }  ?>

but got an error message saying

line 14 is:
header("location: loggedin.php");

Thanks

Link to post
Share on other sites

The problem is that it may allow access to people who have similar names to others, but if you really want it, try this query:

$firstname = $_REQUEST['firstname'];$surname = substr($_REQUEST['surname'],0,1); // gets the first character of the given name.$result = mysql_query("SELECT * FROM users WHERE firstname = '$firstname' AND surname LIKE '$surname%'");

Link to post
Share on other sites
The problem is that it may allow access to people who have similar names to others, but if you really want it, try this query:
$firstname = $_REQUEST['firstname'];$surname = substr($_REQUEST['surname'],0,1); // gets the first character of the given name.$result = mysql_query("SELECT * FROM users WHERE firstname = '$firstname' AND surname LIKE '$surname%'");

Thanks for that, it was spot on
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...