UserID's and Custom Pages

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • Maximus_Prime
    Registered User
    • Jun 2002
    • 1

    #1

    UserID's and Custom Pages

    I'd like to create a Username and Password logon page, but with a catch. Rather than each user logging in and seeing the same main page, each UserID/Password combination would be associated with a custom main page.

    For example, Customer #1 logs in with his/her UserID and password, presses the Logon button and is then taken to a custom page tailor made for him/her (perhaps it's called customer1.htm). This page may contain financial data, so it's of vital importance that each user be taken to a separate page. Customer #2 logs on with his/her UserID/password, presses the Logon button, and is then taken to his/her custom page (perhaps called customer2.htm).

    My question is: Is this possible?

    I called Microsoft directly to find out what I could, but the person I spoke with ("Don") wasn't very helpful. I was placed on hold a few times and then told that Windows2000 Server can do this. I wasn't told how it could be done, just that it was possible (and it's the "recommended" method). When I asked if it could be done in a WindowsNT environment (such as the one we are in), I was placed on hold for 3 minutes and then told that "yes, it's possible. But not recommended." Again, I was given no explanations on how to do it, or even as to why it wasn't recommended (other than Microsoft won't be actively supporting WindowsNT server too much longer).

    Can this be done with scripting, or will I need to add software to my site?

    If anyone has any suggestions, solutions or more questions, please feel free to email me, or post here.

    Thank you!


    Maximus_Prime
  • foe
    Confirmed User
    • May 2002
    • 5246

    #2
    Yeh definetly there are a ton of solutions including a custom script, icq/aim me if you still need help

    Comment

    • mike503
      Confirmed User
      • May 2002
      • 2243

      #3
      what you're asking for is a simple dynamic "main page" which reads the userid from a session variable, cookie, post variable, or get/query string parameter. it's not hard at all. in fact, you spend more effort asking around about this than the actual coding would have taken

      if foe's too busy or something, hit me up too.
      php/mysql guru. hosting, coding, all that jazz.

      Comment

      • CunnyFunt
        Registered User
        • Jun 2002
        • 34

        #4
        Like mike said, coding a simple perl/php script would have taken less time. This is assuming that you know how to script.

        There's also alternative methods, such as manipulating RewriteRule's in .htaccess, or virtualhost containers. It'll take a little research on your part, but it can be done.

        Your best bet is to learn a good and easy scripting language and code out your members area to be dynamic (scripted). If you don't have the time for this, hire someone to do so for you, though it may cost a bit due to the significant need to have the entire members portion of the site a script, so that your site stays as secure as possible.
        Joseph Allgaier

        Unix/Perl/PHP Guru.

        Comment

        • Buba_Smith2
          Registered User
          • Jun 2002
          • 76

          #5
          <P>&lt;!-- TWO STEPS TO INSTALL MULTIPLE USERS:</P>
          <P>&nbsp;</P>
          <P> 1. Copy the first code into the HEAD of your HTML document</P>
          <P> 2. Put the last coding into the BODY of your HTML document --&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;!-- STEP ONE: Copy this code into the HEAD of your login HTML document --&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;HEAD&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;SCRIPT LANGUAGE="JavaScript"&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;!-- This script and many more are available free online at --&gt;</P>
          <P>&lt;!-- The JavaScript Source!! http://javascript.internet.com --&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;!-- Begin</P>
          <P>function Login(){</P>
          <P>var done=0;</P>
          <P>var username=document.login.username.value;</P>
          <P>username=username.toLowerCase();</P>
          <P>var password=document.login.password.value;</P>
          <P>password=password.toLowerCase();</P>
          <P>if (username=="member1" &amp;&amp; password=="password1") { window.location="page1.html"; done=1; }</P>
          <P>if (username=="member2" &amp;&amp; password=="password2") { window.location="page2.html"; done=1; }</P>
          <P>if (username=="member3" &amp;&amp; password=="password3") { window.location="page3.html"; done=1; }</P>
          <P>if (done==0) { alert("Invalid login!"); }</P>
          <P>}</P>
          <P>// End --&gt;</P>
          <P>&lt;/SCRIPT&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;!-- STEP TWO: Paste this code into the BODY of your HTML document --&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;BODY&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;center&gt;</P>
          <P>&lt;form name=login&gt;</P>
          <P>&lt;table width=225 border=1 cellpadding=3&gt;</P>
          <P>&lt;tr&gt;&lt;td colspan=2&gt;&lt;center&gt;&lt;font size="+2"&gt;&lt;b&gt;Members-Only Area!&lt;/b&gt;&lt;/font&gt;&lt;/center&gt;&lt;/td&gt;&lt;/tr&gt;</P>
          <P>&lt;tr&gt;&lt;td&gt;Username:&lt;/td&gt;&lt;td&gt;&lt;input type=text name=username&gt;&lt;/td&gt;&lt;/tr&gt;</P>
          <P>&lt;tr&gt;&lt;td&gt;Password:&lt;/td&gt;&lt;td&gt;&lt;input type=text name=password&gt;&lt;/td&gt;&lt;/tr&gt;</P>
          <P>&lt;tr&gt;&lt;td colspan=2 align=center&gt;&lt;input type=button value="Login!" onClick="Login()"&gt;&lt;/td&gt;&lt;/tr&gt;</P>
          <P>&lt;/table&gt;</P>
          <P>&lt;/form&gt;</P>
          <P>&lt;/center&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;p&gt;&lt;center&gt;</P>
          <P>&lt;font face="arial, helvetica" size="-2"&gt;Free JavaScripts provided&lt;br&gt;</P>
          <P>by &lt;a href="http://javascriptsource.com"&gt;The JavaScript Source&lt;/a&gt;&lt;/font&gt;</P>
          <P>&lt;/center&gt;&lt;p&gt;</P>
          <P>&nbsp;</P>
          <P>&lt;!-- Script Size: 1.60 KB --&gt;</P>
          Last edited by Buba_Smith2; 07-01-2002, 12:11 AM.
          <a href="http://www.albertaamateurs.ca" target="_new"><img src="http://www.albertaamateurs.ca/logo_black.jpg" border=0 width=70 height=40></a><a href="mailto:[email protected]">e-mail</a><br>
          <hr color=blue width=85% align=left>
          <b><i><font color=blue>Reverand Bob</b></i></font>

          Comment

          • CunnyFunt
            Registered User
            • Jun 2002
            • 34

            #6
            Buba, that a workable javascript if his site is "free", but provides no security if he runs a paysite (which I'm assuming he does).

            Joseph Allgaier

            Unix/Perl/PHP Guru.

            Comment

            • foe
              Confirmed User
              • May 2002
              • 5246

              #7
              Bubba What happens though if a user clicks view source? .... he will see all member passwords needles to say DO NOT USE THAT SCRIPT no security what so over,

              btw give me a link to your paysite I want some free porn

              Comment

              • CunnyFunt
                Registered User
                • Jun 2002
                • 34

                #8
                If your site is a paysite, use .htaccess as your auth method and then try something like this as your index page (index.php):

                PHP Code:
                <?
                
                if (getenv('REMOTE_USER')) {
                  $remote_user = getenv('REMOTE_USER');
                
                  switch($remote_user) {
                    case "userone" :
                      include "userone.html";
                      break;
                    case "usertwo" :
                      include "usertwo.html";
                      break;
                    default
                      include "regindex.html";
                      break;
                  }
                }
                else {
                  echo "You didn't log in.";
                }
                
                ?>
                This way requires you to keep editing the .php file and adding new "case" checks for the switch() method.

                Alternatively you can make everything more automated by setting up a mysql database that tracks certain users like:

                users
                -----------------------------
                |username | htmlpage |
                -----------------------------

                This way you can do something like:

                PHP Code:
                <?
                
                if (getenv('REMOTE_USER')) {
                  $remote_user = getenv('REMOTE_USER');
                
                  @ $db = mysql_pconnect("localhost","mysqluser", "mysqlpass");
                  mysql_select_db("mysqldatabase");
                
                  $result = mysql_query("SELECT htmlpage FROM users WHERE username='$remote_user'");
                
                  if (mysql_num_rows($result) > 0) {
                    $row = mysql_fetch_array($result);
                
                    include $row['htmlpage'];
                  }
                  else {
                    include "regindex.html";
                  }
                }
                else {
                  echo "You didn't log in!";
                }
                
                ?>
                Then you just add users you want to see diff index pages up by setting up a simple script like so:

                PHP Code:
                <?
                
                if (getenv('QUERY_STRING')) {
                  if (!isset($username)) { echo "Missing Username Param"; exit; }
                  elseif (!isset($htmlpage)) { echo "Missing HTMLPage Param"; exit; }
                  else {
                    @ $db = mysql_pconnect("localhost","mysqluser", "mysqlpass");  
                    mysql_select_db("mysqldatabase");
                
                    $result = mysql_query("INSERT INTO users SET username='$username', htmlpage='$htmlpage'");
                    if (mysql_affected_rows($result) > 0) {
                      echo "User added!";
                    }
                    else {
                      echo "Unable to add user!";
                    }
                  }
                }
                else {
                  echo "Query String needed: mydomain.com/securefolder/adduserpage.php?username=desireduser&htmlpage=desired.html";
                }
                
                ?>
                Then just goto the php like so: mydomain.com/securefolder/adduserpage.php?username=desireduser&htmlpage=desi red.html

                Modifying the existing users, or deleting them is as simple as copying your "add" script and modifying the "$result = ...." line to look like:

                (modify)
                PHP Code:
                $result = mysql_query("UPDATE users SET htmlpage='$htmlpage' WHERE username='$username'"); 
                
                (delete)
                PHP Code:
                $result = mysql_query("DELETE FROM users WHERE username='$username'"); 
                
                I dunno if there's any bugs in the above, cuz I'm doing it as I go (probably a typo somewhere), but is should work.

                Last edited by CunnyFunt; 07-02-2002, 11:01 AM.
                Joseph Allgaier

                Unix/Perl/PHP Guru.

                Comment

                • Buba_Smith2
                  Registered User
                  • Jun 2002
                  • 76

                  #9
                  no security. No one said you have to let people read your source files. Can't read mine.
                  <a href="http://www.albertaamateurs.ca" target="_new"><img src="http://www.albertaamateurs.ca/logo_black.jpg" border=0 width=70 height=40></a><a href="mailto:[email protected]">e-mail</a><br>
                  <hr color=blue width=85% align=left>
                  <b><i><font color=blue>Reverand Bob</b></i></font>

                  Comment

                  • mike503
                    Confirmed User
                    • May 2002
                    • 2243

                    #10
                    never use client-side javascript for anything unless it's something server-side scripting cannot do.
                    php/mysql guru. hosting, coding, all that jazz.

                    Comment

                    • foe
                      Confirmed User
                      • May 2002
                      • 5246

                      #11
                      Originally posted by Buba_Smith2
                      no security. No one said you have to let people read your source files. Can't read mine.
                      If its based in javascript all they need to do is right click and press view source

                      Comment

                      Working...