Menu
I've been searching for a solution but it's seem I can't get it right, no matter what I try.
After successful login, the user should be redirected to the page he came from, let's say he's been browsing a post and wants to log in so he can leave a comment, so he should be redirected to the post he was browsing. So here is what I have:
login.php shows the login form:
<form method="post" action="login-check.php"> ... //input for username and password </form> The login-check.php checks if the username and pass are entered, does the user exist, or if he's already logged in, and a p parameter is sent to login.php:
<?php session_start(); if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) { header("Location:login.php?p=1"); exit(); } elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) { header("Location:login.php?p=2"); exit(); } elseif(isset($_SESSION['id_login'])) { header("Location:login.php?p=3"); exit(); } ?> then parameter p is sent back to login.php and displays the according message:
<?php if(isset($_GET['p'])) { $p = $_GET["p"]; if($p=="1") echo "<p class=\"red\">You didn't fill the form.</p><br></br>"; if($p=="2") echo "<p class=\"red\">User exists.</p><br></br>"; if($p=="3") header("Location: index.php"); } ?> BUT, instead of going to index.php after successful login, it should go to the page the user has previously been. I've tried in different ways but ether it doesn't work at all or it returns to login.php. It doesn't need to be super safe, because I'm doing this for a school project.
ALSO, I consider myself pretty novice, so please have patience :D
238
The most common ways to implement redirection logic after login are: using HTTP Referer header. saving the original request in the session. appending original URL to the redirected login URL.
There are two approaches used to redirect the browser window back. Approach 1: Using history. back() Method: The back() method of the window. history object is used to go back to the previous page in the current session history.
Use the HTTP_REFERER Request Header to Return to the Previous Page in PHP. The HTTP_REFERER request header returns the URL of the page from where the current page was requested in PHP. The header enables the server to acknowledge the location from where the users are visiting the current page.
You should redirect with a location header after every post, because otherwise when the user presses the refresh button, it will send again the same form... Btw. if you want to do proper work, you should try out a php framework instead of this kind of spaghetti code...
A common way to do this is to pass the user's current page to the Login form via a $_GET variable.
For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we're going to change your script so that is also tells the login page to remember where you are:
header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI'])); // Note: $_SERVER['REQUEST_URI'] is your current page This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:
// login.php echo '<input type="hidden" name="location" value="'; if(isset($_GET['location'])) { echo htmlspecialchars($_GET['location']); } echo '" />'; // Will show something like this: // <input type="hidden" name="location" value="comment.php?articleid=17" />
// login-check.php session_start(); // our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it. $redirect = NULL; if($_POST['location'] != '') { $redirect = $_POST['location']; } if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) { $url = 'login.php?p=1'; // if we have a redirect URL, pass it back to login.php so we don't forget it if(isset($redirect)) { $url .= '&location=' . urlencode($redirect); } header("Location: " . $url); exit(); } elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) { $url = 'login.php?p=2'; if(isset($redirect)) { $url .= '&location=' . urlencode($redirect); } header("Location:" . $url); exit(); } elseif(isset($_SESSION['id_login'])) { // if login is successful and there is a redirect address, send the user directly there if($redirect) { header("Location:". $redirect); } else { header("Location:login.php?p=3"); } exit(); } Gotchas
You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... then they will be sent to a foreign URL that will try to do something bad.
Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don't break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?'s and will not work correctly)
136
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
