homepage Welcome to WebmasterWorld Guest from 54.204.127.56
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Redirect user to previous page after logging in
scraptoft




msg:3990393
 4:48 pm on Sep 16, 2009 (gmt 0)

My log-in script currently directs all users to account.php after logging in.

For convenience of the user I would like to redirect them to the page that prompted them to log-in.

Currently I am using $referer = $_SERVER['HTTP_REFERER']; to get the refering page and then I'm using a header redirect to send them back header("Location:$referer");

The problem:

When pressing submit $referer equals the current log-in page.

i.e.

$referer = domain.com/previouspage.html
*click - login*
$referer = domain.com/login.html
header("Location:http://www.domain.com/login.html");

 

d40sithui




msg:3990511
 8:06 pm on Sep 16, 2009 (gmt 0)

Well, in this case you will want to hardcode your referer. One way is to use a session variable to store the page where the user visits - except in the login page. Then it's just a matter of calling the variable in your header function.

scraptoft




msg:3990556
 9:18 pm on Sep 16, 2009 (gmt 0)

Hi d40sithui thanks for your help, I just did a quick search and this is what I came up with.

Hows this sound? Am I on the right track?

session_start();
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];

$referer = $_SESSION['referer'];

and then:
header("Location:$referer");

I can't test it right now, will do so in the morning.

StupidScript




msg:3990612
 11:09 pm on Sep 16, 2009 (gmt 0)

You don't want to disturb it if it is already set:

if (!isset($_SESSION['referer']) {
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
}

But what if they are suppressing the referrer using browser options? Maybe ...

Links to login page (login.html):

login.html?referer=<?echo $_SERVER['SCRIPT_NAME']?>

then:

if (!isset($_SESSION['referer']) {
if ($_SERVER['HTTP_REFERER']) {
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
}
else {
if (isset($_GET['referer'])) {
$_SESSION['referer'] = htmlspecialchars($_GET['referer']);
}
else {
$_SESSION['referer'] = "account.php";
}
}
}

BIG danger exposed by letting a $_GET parameter redirect a page, but since it is not persistent and only affects the one visitor, if they break it, they bought it. No harm done. Just make sure you test the parameter's value before you use it. I used htmlspecialchars() to do that in this example.

NOTE: I have included .html files in my PHP parsing by adding that extension to php.ini (or httpd.conf or wherever your MIME settings live). That's why I can use PHP on .html pages. The overhead of parsing all pages through the PHP engine is tiny, and I have never run into resource issues as a result of setting up a server this way. If you choose not to do that, then you would only be able to include PHP instructions on .php pages. Adjust to taste.

d40sithui




msg:3992009
 3:04 am on Sep 19, 2009 (gmt 0)

I was actually thinking of NOT using $_SERVER['HTTP_REFERER'] in the first place. Rather, use $_SERVER['PHP_SELF'] to get your current script name. On each page you would reassign $_SESSION['referer']=$_SERVER['PHP_SELF'] unless it is the login script.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved