Need some help with redirection

use $_SERVER variable to find which page was referred by user before login. In login page above variable will contain the page name from which login is called. so after successfull login check, transfer to url in above variable.

Hello DaniWebbers,

I've got several href's that take the user to different forms. However, in order to have access to the forms, they have to log in. So when they click the link, they are redirected to a login page if they have not already logged in, otherwise they are taken directly to the form. The problem is, that after they log in I am having trouble devising a plan that gets them to the original page (the form) in the HREF. I know I need to pass a variable through the URL which I can use to redirect them later, I am just not sure exactly how to go about this.

Here is my theory: create a .php file that will hold an array of possible redirect destinations, say:

$page = array(

     '1' => '/home/register.php',
     '2' => '/home/adduser.php',
     '3' => '/home/request_form.php',
     '4' => '/home/music.php','
);

if(isset($_GET['go']) )
{
	$redirect = $page[$_GET['go']];
}

Then in the href use a GET to create a variable like so http://mysite.com?go=1

Which should turn the URL into a session variable right? I am not sure if the syntax is correct, this is all theory lol. Any suggestions are appreciated.

You won't get a session variable unless you specifically create it.
for example:

session_start();
$page = array(

     '1' => '/home/register.php',
     '2' => '/home/adduser.php',
     '3' => '/home/request_form.php',
     '4' => '/home/music.php','
);

if(isset($_GET['go']) )
{
	$_SESSION['login_redir'] = $page[$_GET['go']];
	$redirect = $page[$_GET['go']];
}

then on the login page when you go to redirect:

//put somewhere above the use of session variables
session_start();

//apply some type of validation, looks like yours is simple enough to do a file_exists
if(isset($_SESSION['login_redir']) && file_exists($_SERVER['DOCUMENT_ROOT'] . $_SESSION['login_redir']))
{
	header("location: " . $_SESSION['login_redir']);
}
else
{
	header("location: default_form.php);
}

urtrivedi,

I like your idea, however the REFERER URL is the page that I came from, not the page I am going to. I will give your method a try OS_dev and see where I get. In the mean time, if there are any simpler solutions available I would love to hear them lol.

I'm completely lost *sigh*. My fault.

Do you want to bounce non-logged users to a 'safe' page, while allowing logged users access to a particular page?

If you save some of the user's credentials and status to session vars on login you can simply use a redirect at the head of your pages depending on whether their details match your criteria. I don't know if using a url querystrin is that safe. Could a guest gain access to a disallowed form just by typing in a different querystring? These pages must be protected by some sort of verification code, e.g. checking for a session variable:

if(isset($_SESSION['mysite']['level']) && $_SESSION['mysite']['level'] == '2'){
 //let them eat cake
}else{
 //bounce them to another page with a sarcy message!
}

I'm completely lost *sigh*. My fault.

Do you want to bounce non-logged users to a 'safe' page, while allowing logged users access to a particular page?

If you save some of the user's credentials and status to session vars on login you can simply use a redirect at the head of your pages depending on whether their details match your criteria. I don't know if using a url querystrin is that safe. Could a guest gain access to a disallowed form just by typing in a different querystring? These pages must be protected by some sort of verification code, e.g. checking for a session variable:

if(isset($_SESSION['mysite']['level']) && $_SESSION['mysite']['level'] == '2'){
 //let them eat cake
}else{
 //bounce them to another page with a sarcy message!
}

ardav,
That is correct. I have a link that any user can see, however, if the user has not previously logged in it hits a verification script that redirects them to login. Once they log in, I want to redirect them to the page the link was originally supposed open. Compare it to Daniweb. If you try to reply to a thread without being logged in you are redirected to a login page, once you log in you are taken back to the thread to reply (at least you are supposed to be, but I believe it is broken).
So in the login script I need to come up with a way it will recognize the page they are supposed to be going to and redirect them there.

Ok here is the direction I have decided to go but I am having trouble making it work. No doubt because I am a novice lol. I have played around with the superglobal $_SERVER and have verified that it contains the correct forwarding URI that I need. But I am having trouble passing the variable, and I want to make sure it is secure.

In my authorization script, I included the following:

session_start(); (do I need to start a session here?)
$uri = $_SERVER['REQUEST_URI']);
$_SESSION['redir'] = $uri;

I figured creating a session variable would be the easiest (maybe not the best) way to pass it to login.php, but the variable does not pass.

In my login.php I put:

session_start();
$uri = $_SESSION['redir'];

If I echo either of the variables, there is nothing contained in either. I hope there is just something easy I am missing.

Ok here is the direction I have decided to go but I am having trouble making it work. No doubt because I am a novice lol. I have played around with the superglobal $_SERVER and have verified that it contains the correct forwarding URI that I need. But I am having trouble passing the variable, and I want to make sure it is secure.

In my authorization script, I included the following:

session_start(); (do I need to start a session here?)
$uri = $_SERVER['REQUEST_URI']);
$_SESSION['redir'] = $uri;

I figured creating a session variable would be the easiest (maybe not the best) way to pass it to login.php, but the variable does not pass.

In my login.php I put:

session_start();
$uri = $_SESSION['redir'];

If I echo either of the variables, there is nothing contained in either. I hope there is just something easy I am missing.

Are they on the same domain? If the domain is different then the two domains cannot share session so you would need to pass it in the url in that case. Another thing that I didn't think of when I posted the session option is if when the user attempts to log in, once the login fails are all sessions destroyed. This is one thing that I like to do in my login scripts, is if the login fails, destroy all session variables and redirect to the login. So if they are using the same domain and this is the case you may need to use cookies instead.

Yes same domain, that is why I believe REQUEST_URI is the easiest way to go. But any ideas why the variable would not be passing, or is there something I am doing wrong?

Yes same domain, that is why I believe REQUEST_URI is the easiest way to go. But any ideas why the variable would not be passing, or is there something I am doing wrong?

As long as you have a session_start() at the top of the script then you should have access to those sessions on any page within the same domain. If you do in fact have the session_start() at the top of all of your scripts, then it is quite possible that the session is being destroyed by the login process.

In this case you have three options, use cookies, pass the url as a query string get variable and modify the login script.

Personally, if the session is being destroyed by the login process, I think it would be a wiser decision to switch to using cookies for this one little task rather than modifying the login script. Also if you want to use a url get variable you would have to modify the login script.

So it's up to you but I would switch to cookies, which is a very simple task from this point.

calling session_start() a few times in a page shouldn't overwrite/kill any data, although you should try to avoid it if you can.

calling session_start() a few times in a page shouldn't overwrite/kill any data, although you should try to avoid it if you can.

You are right, it will just throw a warning. But if you attempt to login and fail in one of my login scripts, then I will usually trash any existing session data.

You are right, it will just throw a warning. But if you attempt to login and fail in one of my login scripts, then I will usually trash any existing session data.

Fair one.

I don't like the idea of using cookies in case the user has them disabled, it would break the redirection.

I don't like the idea of using cookies in case the user has them disabled, it would break the redirection.

My opinion about that is, almost the entire internet breaks without cookies. How do you think the server associates your browser to the session file in the server, a cookie. Try to login to Daniweb without cookies.

Anyway, I am not going to try to sell you on the idea, this is my solution and the only thing that I would do in this case is provide a default redirect and then display to the user that if they want it to work right that they will need to enable cookies.

Thanks for the suggestions and input so far. I discovered that the reason the session variable was not passing was because of an oversight on my part. I've got the redirection mostly working properly with the $_SERVER, however there is one obstacle I have ran into. And that is regarding the login script. Before I setup the redirection, the login script would statically redirect users to the home page. And now that I have the login redirecting to the REQUEST_URI I need to setup an if else. That way if the session variable is set it redirects to the original page, but if they manually go to the login page it redirects to the home page.

Here is my login script:

<?php
//start the session
require("../connect.php");

//check if the form has been submitted
if(isset($_POST['submit'])){
$msg="";

//VALIDATE form information
if(empty($_POST['uname'])){
$msg ="Please enter your username.";
}

if(empty($_POST['upass'])){
$msg ="Please enter your password.";
}

if(empty($_POST['number'])){
$msg ="Please enter a verification code.";
}

//check length of password
If(strlen($_POST[‘upass’]) > 5){
$msg ="Invalid password.";
}

if(empty($msg)){

//check if the numbers match
if(md5($_POST['number']) == $_SESSION['randval']) {

$sql = "SELECT uid,fname,lname,uname,level,img,theme,email FROM members WHERE uname ='".$_POST['uname']."'"; 
$sql .= "AND upass ='".md5($_POST['upass'])."'";

if(!$res = mysql_query($sql)){
$msg.=mysql_error();

}else{
//user exists in system, set the session variables
if (mysql_num_rows($res) == 1) {

while($row = mysql_fetch_assoc($res)){
// the username and password match,
  $_SESSION['id'] = $row['uid'];
  $_SESSION['fname'] = $row['fname'];
  $_SESSION['lname'] = $row['lname'];
  $_SESSION['uname'] = $_POST['uname'];
  $_SESSION['level'] = $row['level'];
  $_SESSION['theme'] = $row['theme'];
  $_SESSION['img'] = $row['img'];
  $_SESSION['email'] = $row['email'];
  $_SESSION['randval'] = "";
  
$theme = $row['theme'];
setcookie("site_theme",$theme,time()+(60*60*24*365),"/","eternalhour.com");

$query = "SELECT `actcode` FROM members WHERE uname = '".$_POST['uname']."' AND actcode = 'active'";
$result = mysql_query($query) or die(mysql_error());

if(!$act = mysql_query($query)){
$msg.=mysql_error();

}else{

if (mysql_num_rows($act) == 1) {

//Go to the referring page
header('location: '. $_SESSION['redir']);
die();

}else{
$msg = "You need to activate your account before logging in.";
}//end act check
}
}

}else{
$msg = "Your username or password is incorrect.";
}//end numrows check
}//end res check

}else{
$msg = "The verification codes do not match, please check and try again.";
}
}//end $msg check
}//end submit check
?>
<?php
$pagetitle = "Login";
include("../header2.php")
?>

The problem is that I have already added several conditional statements as you can see, and I haven't worked on the site much lately so I am a little rusty on how it all fits together.

I would imagine it would need to look something like:

if (mysql_num_rows($act) == 1) && isset($_SESSION['redirect']){

//Go to the referring page
header('location: '. $_SESSION['redir']);
die();

}else{

//Go to the home page
header('location: home.php');

But I have tried this and it doesn't work. I get "Parse error: syntax error, unexpected T_BOOLEAN_AND" But I am sure that is because of the &&, will someone please help me with the syntax?

change to this:

if (mysql_num_rows($act) == 1 && isset($_SESSION['redirect'])){

change to this:

if (mysql_num_rows($act) == 1 && isset($_SESSION['redirect'])){

When I put all that together and try to access the login page I get: Parse error: syntax error, unexpected T_ELSE in /login.php on line 74.

here is the updated code:

if(!$act = mysql_query($query)){ $msg.=mysql_error();

}else{

if (mysql_num_rows($act) == 1 && isset($_SESSION['redir'])) {

//Go to the referring page header('location: '. $_SESSION['redir']);

}else{ //Go to the home page header('location: /index.php');

}else{ $msg = "You need to activate your account before logging in."; }//end act check } } [B] EDIT: line 74 is the 2nd }else{[/B][code=php]
if(!$act = mysql_query($query)){
$msg.=mysql_error();

}else{

if (mysql_num_rows($act) == 1 && isset($_SESSION)) {

//Go to the referring page
header('location: '. $_SESSION);

}else{
//Go to the home page
header('location: /index.php');

}else{
$msg = "You need to activate your account before logging in.";
}//end act check
}
}

EDIT: line 74 is the 2nd }else{

I got it working. Had to separate them into two if statements instead of trying to combine them into one, then changed the order. Do I get credit for solving my own thread? lol. Thanks for the ideas guys, I'm sure I'll be back soon.