Welcome to WebmasterWorld Guest from 54.163.35.238

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Redirect user to previous page after logging in

     

scraptoft

4:48 pm on Sep 16, 2009 (gmt 0)

5+ Year Member



My log-in script currently directs all users to account.php after logging in.

For convenience of the user I would like to redirect them to the page that prompted them to log-in.

Currently I am using $referer = $_SERVER['HTTP_REFERER']; to get the refering page and then I'm using a header redirect to send them back header("Location:$referer");

The problem:

When pressing submit $referer equals the current log-in page.

i.e.

$referer = domain.com/previouspage.html
*click - login*
$referer = domain.com/login.html
header("Location:http://www.domain.com/login.html");

d40sithui

8:06 pm on Sep 16, 2009 (gmt 0)

5+ Year Member



Well, in this case you will want to hardcode your referer. One way is to use a session variable to store the page where the user visits - except in the login page. Then it's just a matter of calling the variable in your header function.

scraptoft

9:18 pm on Sep 16, 2009 (gmt 0)

5+ Year Member



Hi d40sithui thanks for your help, I just did a quick search and this is what I came up with.

Hows this sound? Am I on the right track?

session_start();
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];

$referer = $_SESSION['referer'];

and then:
header("Location:$referer");

I can't test it right now, will do so in the morning.

StupidScript

11:09 pm on Sep 16, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



You don't want to disturb it if it is already set:

if (!isset($_SESSION['referer']) {
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
}

But what if they are suppressing the referrer using browser options? Maybe ...

Links to login page (login.html):

login.html?referer=<?echo $_SERVER['SCRIPT_NAME']?>

then:

if (!isset($_SESSION['referer']) {
if ($_SERVER['HTTP_REFERER']) {
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
}
else {
if (isset($_GET['referer'])) {
$_SESSION['referer'] = htmlspecialchars($_GET['referer']);
}
else {
$_SESSION['referer'] = "account.php";
}
}
}

BIG danger exposed by letting a $_GET parameter redirect a page, but since it is not persistent and only affects the one visitor, if they break it, they bought it. No harm done. Just make sure you test the parameter's value before you use it. I used htmlspecialchars() to do that in this example.

NOTE: I have included .html files in my PHP parsing by adding that extension to php.ini (or httpd.conf or wherever your MIME settings live). That's why I can use PHP on .html pages. The overhead of parsing all pages through the PHP engine is tiny, and I have never run into resource issues as a result of setting up a server this way. If you choose not to do that, then you would only be able to include PHP instructions on .php pages. Adjust to taste.

d40sithui

3:04 am on Sep 19, 2009 (gmt 0)

5+ Year Member



I was actually thinking of NOT using $_SERVER['HTTP_REFERER'] in the first place. Rather, use $_SERVER['PHP_SELF'] to get your current script name. On each page you would reassign $_SESSION['referer']=$_SERVER['PHP_SELF'] unless it is the login script.
 

Featured Threads

Hot Threads This Week

Hot Threads This Month