login script with redirect to previous url help

[siamsam]

Hey freaks!

 

I have run into a bit of a snag and need a little guidance from the wise ones.

I have a login script that users are redirected to if they land on restricted pages of my site. Initially, I used javascript (go back (-1) to get the user back to the page they were previously on after logging in - which worked fine...but only if they got their login credentials right the first time (which will probably never happen that often). The login form processes itself, so if they get it wrong, it comes back to login.php.

I noticed that when I test logging in and purposely enter the wrong information, when I do enter the right info the login page comes back up because it was the previous url.

I am not a big fan of JS and I am still fairly new to PHP, so I am not sure how to do this. I tried setting a session for the previous url using http referer (if the url did not equal login.php), but it did not like that at all! Undefined index, headers already sent, you name it...I got the error...

I can post my code if need be, but it is just a basic login script (with a lot of Dreamweaver mumbo jumbo) that checks the username and pass in mysql.

Any suggestions? Should I use a session for this? Or is it probably one of those switch statements that I am not remotely close in knowledge to writing myself...lol. Or even scarier...a custom function?

Any help would be appreciated. Thanks!

[fortnox007]

heya,

I am still learning, but ill give it a try:

I have a login script that users are redirected to if they land on restricted pages of my site. 

What you could do is on a secured page place an if statement with a header location included. So when people visit a page without being logged in, they are redirected to a general login page, and not 1 page back as with your javascript.

you can do this :

<?php
if (any condition in here){ // probably your session stuff
header('Location: http://www.example.com/login.php');
}
?>

 

Does this help a bit? wasn't really sure what you wanted  I am more a visual interpreter \

 

btw, place this in the header, so above the <html> tag

[fortnox007]

here is a small tut btw how to setup a login, in case you needed a quick one : )

http://www.phpeasystep.com/phptu/6.html

 

In case you use that tut: this could be a possible script:

I am not sure if it's totaly up to date, but I bet more peeps around here will know : )

 

<?php
session_start();

if(!session_is_registered(myusername)){ // if not....  ( the ! is  Not 
header('Location: http://www.example.com/login.php');
}
?>

[siamsam]

Thanks for the quick replies, but I think maybe I was not clear in my original post. The restricted pages redirect to the login.php page via a header if not already logged in. The problem I am having is that once they get to the login.php page, I want them to be sent back to the restricted page that sent them after they log in successfully. Since login.php processes itself, if they enter in the wrong username and pass, login.php is displayed again with a message saying they entered the wrong username and password. At that point, the referring url is login.php (from login attempt #1) - so if the second attempt to login is successful and I use javascript to go back 1 page...they will be sent to login.php (from login attempt #1 - which is actually the referring page...just not the initial referrer being the restricted page. It would have to go back 2 pages in order to get back to the restricted page, or 3 pages if they have 2 failure attempts at logging in. I am thinking I need to hold the value of the original url (the restricted page) in a session or something so it will refer back to that page no matter how many log in attempts they make. Does this make more sense...or did I confuse everyone more? lol.

[fortnox007]

I think I got it. you want them to be redirected after login to the initial (landing) page no matter what. Hmm i have to think about that.

I am pretty sure there are some cool functions for that but i should check that out. maybe something like remote address and a check if the url is within the same domain lol i have no idea yet : )

otherwise a page ID or something. (i am now immediately writing what i think, i think it's called brains storming) give me a minute

[fortnox007]

Ok I have something but you should add your checks in it for correct username and password. because it now only checks if submit is pressed and if a page_id is set.

 

On any page you like you add in the top:

 

session_start();
$pageID = 3; // just a value you like for that particular page
$_SESSION ['page_id'] = $pageID;

       

and this on your login page, i haven't tested it yet, and you should add the additional username and pass checks but i hope you see the idea. It checks if a page id is set.  on reload of the page it redirects to the landing page wherever that was.

session_start();

if (isset($_POST['submit'])){
            if (isset($_SESSION['page_id'])){
                header("Location: http://www.example.com/{$_SESSION['page_id']}.php");
            }else{
                echo 'welcome to the mainpage'; // so if no landing page was there
            }
                
        }

 

This might not be the best way but i am pretty sure it works, Love to hear better ones though

[fortnox007]

when i woke up i thought about setting the page Id with a $_GET or $_SERVER although they are more dynamic and less work someone spoof them. Here is a site I found with a way to get the current URL. In other words use that script if you like to set the $pageID in my script.

http://www.webcheatsheet.com/PHP/get_current_page_url.php

Good luck!

 

p.s. love to hear if it worked for you