This is usually done by including the refering page as a parameter in the redirect to the login script; and then redirecting back to that page after login...

For example:

somepage.php

<?php 
 if (!$authenticated) 
 { 
 header("Location: /login.php?return=".$_SERVER["PHP_SELF"]); 
 exit(); 
 } 
 // rest of page - above part can be in a common include file like you say 
?> 

login.php:

<?php 
if ($_POST["username"]) 
{ 
 // authenticate user here, set cookies etc 
  
 if ($authenticated) 
 { 
 if ($_POST["return"]) 
 { 
 $return = $_POST["return"]; 
 } 
 else 
 { 
 $return = "/"; 
 } 
 header("Location: ".$return); 
 exit(); 
 } 
 else 
 { 
 echo("Authentication failed."); 
 } 
} 
echo("<form method='post'>"); 
echo("<input type='hidden' name='return' value='".$_GET["return"]."'>"); 
// rest of login form, username, password, Login button etc. 
echo("</form>"); 
?> 

sorry this makes no sense to me as i am only a newbie-

i just want my header file to do an if else user loged in then TEXT WOULD SAY login or logout

well that would depend on what session vars you are using to confirm whether the user is logged in or not.

Is there a variable you can target as a 'logged in' value?

No because when i do this it says that i can not include headers as they are already sent. I think i ned a tutorial or sumthing i best get look a -- thanks guys so far

try this and see if it helps
PHP User Authentication and Passwords [webmasterworld.com]

thank you for that - i have since found another script from which i want to use except it is not excepting the username and password i am posting.

this is the script

<?php // accesscontrol.php
include_once 'common.php';
include_once 'db.php';

session_start();

$uid = isset($_POST['uid'])? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd'])? $_POST['pwd'] : $_SESSION['pwd'];

if(!isset($uid)) {
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Please Log In for Access </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Login Required </h1>
<p>You must log in to access this area of the site. If you are
not a registered user, <a href="signup.php">click here</a>
to sign up for instant access!</p>
<p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
User ID: <input type="text" name="uid" size="8" /><br />
Password: <input type="password" name="pwd" SIZE="8" /><br />
<input type="submit" value="Log in" />
</form></p>
</body>
</html>
<?php
exit;
}

$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;

dbConnect("example");
$sql = "SELECT * FROM users WHERE username = '$uid' AND password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
error('A database error occurred while checking your '.
'login details.\\nIf this error persists, please '.
'contact you@example.com.');
}

if (mysql_num_rows($result) == 0) {
unset($_SESSION['uid']);
unset($_SESSION['pwd']);
?>
<!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> Access Denied </title>
<meta http-equiv="Content-Type"
content="text/html; charset=iso-8859-1" />
</head>
<body>
<h1> Access Denied </h1>
<p>Your user ID or password is incorrect, or you are not a
registered user on this site. To try logging in again, click
<a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
access, click <a href="signup.php">here</a>.</p>
</body>
</html>
<?php
exit;
}

$username = mysql_result($result,0,'fullname');
?>

below is the include_once 'db.php';

<?php // db.php

$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = 'admin';

function dbConnect($db='example') {
global $dbhost, $dbuser, $dbpass;

$dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)
or die('The site database appears to be down.');

if ($db!='' and!@mysql_select_db($db))
die('The site database is unavailable.');

return $dbcnx;
}
?>

My database is called example and table name is users

Also i reeivece these erros can someone help with this please

Notice: Undefined index: uid in C:\Inetpub\wwwroot\example\pass2\accesscontrol.php on line 7

Notice: Undefined index: pwd in C:\Inetpub\wwwroot\example\pass2\accesscontrol.php on line 8

[edited by: jatar_k at 6:49 pm (utc) on Feb. 8, 2005]

First let's start with the errors.

You have undefined indexes because neither $_POST['uid'] or $_SESSION['uid'] is defined. So you need something like

if (isset($_POST['uid']))
{
$uid = $_POST['uid'];
}
elseif (isset($_SESSION['uid']))
{
$uid = $_SESSION['uid'];
}
else
{
$uid = 0;
}

First get rid of the errors and then let's see how things run.

i copyed that into the script but it does not appear to do ne thing for me.

all i want is on first page a login form with username and password field

then seconds page turn these varibles in session varible. if correct pass to good.php If BAD LOGIN THEN PASS TO bad.php

But over all if user is logged in then i want header.php to contain a logout link please
has any one got a script for this that they wouldnt mind posting. Regards

I like to have an "authenticate" method or function so that I can just do something like this

if (authenticate($_POST['uid'], $_POST['pwd']))
{
header [php.net]("Location: good.php")
exit();
}
else
{
header [php.net]("Location: bad.php")
exit();
}

It seems like you know how to do the rest of it right?

BTW, the code I posted before was only to get rid of the warnings.

Tom

actually i dont know how to do any of it lol. I Know what i want todo but im only a beginner so i dont actually know the code.

ok how about this. login system already exists but say my login form once submitted i can create a new global varible and then in my header.php file
i have a script that says

if

global varible contains something then

Link = Logout

else

Link = Login

can someone right the code i would need for this please i would be most grateful. thanks guys and girls and all have a great new year.

I'd be happy to "right" your code if there's something wrong, but you need to get us started (see the forum charter [webmasterworld.com] section "Do my homework" requests).

The question of user authentication (i.e. login) comes up fairly often, so for starters, you might try looking through some previous threads to see if you can get some insight:

From the Library [webmasterworld.com] check out

[webmasterworld.com...]

As well as other threads on the subject:

[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

See if any of that helps you out.

There are also many fine tutorials on the web that will take you through it step-by-step. Search on "PHP user authentication"

Just don't try reading all that with too much champagne in your system - it's hard enough anyway!

yes thanks for that i will get my thining cap on today and my reading glasses lol. Hope you all had a wickid night! mine consisted of lots of alchol units consumed in milton keynes.

Thanks for your help so far.
I have since writen a script i am posting here for everyone to look at maybe this can also help other people it is really simple just like i want.
here you go. Can any one see any thing wrong with how it is coded etc?

im going to make some global varibles now so i can check them from my header.php

heres the code:
<?php
$username = $_POST['username'];
$password = $_POST['password'];

// Connect to MySQL

mysql_connect( 'localhost', username, password)
or die ( 'Unable to connect to server.' );

// Select database on MySQL server

mysql_select_db( database_name)
or die ( 'Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM users WHERE
username = '$username' AND
password = '$password'";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

if ( $num!= 0 ) {

// A matching row was found - the user is authenticated.

$auth = true;
header("Location: goodlogin.php");

} else {

$auth = false;
header("Location: badlogin.php");
}

?>

It looks good. I generally encrypt passwords using md5() [php.net]

This doesn't really protect your user's data very much - if it gets intercepted, it's still being sent over the network unencrypted (you need to use a SSL to encrypt it for transmission), and if your DB gets hacked, the hacker still has access to all info there (e.g. credit cards, social security number, etc - you don't want any of that there unless you have fantastic security). So by itself it doesn't do much and you need good security all around if you have valuable information.

The small peace of mind it adds is that if the DB gets hacked despite all, users who reuse usernames and passwords elsewhere are still protected. So if my piddly site gets hacked, the hacker doesn't suddenly have the password to the bank acounts too.

[edited by: ergophobe at 8:27 pm (utc) on Jan. 1, 2005]

well thanks for that info:
going back to my script im now having an error
i want my header to have this script

<?php
session_start();

if ($_SESSION['auth']== "false") {

$output='Login';
}

else {
$output='Logout';
}

?>

but i am recieving the error

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at C:\Inetpub\wwwroot\aa\index.php:13) in C:\Inetpub\wwwroot\aa\header.php on line 2

can you help please

sessions must be started before any output (so much as a space or a blank line) is output to the browser. You have some output on line 2 of header.php

do you have any blank lines before the <?php that will cause that error.

no none. althoug it is an include file and im calling the varibles before they have been set i think what i need is a script that says if page is first request then varibles r blank else the varible contain something . is this dont with isset?
does someone mind showing me how i would use this please

You are definitely sending some output before stating your session. That's the only way to get this error

Yes, you can use isset() to test whether or not variables are set, and then assign default values if not.

all i am doing is typeing the address in the bar then hitting enter and im getting the error straight away!

ok this is my code and im getting an error -

<?php session_start();
if (isset($_SESSION['username'])) {
echo ' Currently logged in as: '.$_SESSION['username'];
echo ' </div>';
}

?>

Adam,

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at C:\Inetpub\wwwroot\aa\index.php:13) in C:\Inetpub\wwwroot\aa\header.php on line 2

This error message is telling you that output began at line 13 in the file index.php.

You cannot use session_start() after your script has started producing output; so you need to look at index.php and remove whatever it is doing that creates output before you can start your session within header.php.

This does not mean that line 13 of index.php contains an error; but you must change the layout of your script so that no output can occur until after you have included header.php.