Jump to content

Continue to page after login

twsowerby

By twsowerby
in PHP Coding Help

 Share

Recommended Posts

twsowerby Member

twsowerby

Posted
Posted

Hi all,

 

I have a general login script that uses sessions. It basically uses an include to check if a user is logged in before they view a certain page. However when they try and view a restricted page and are not logged in, they are taken to the login page but once logged in it does not redirect them to the page they were trying to view.

 

How would I go about doing this?

 

Regards,

 

Tom

Link to comment
https://forums.phpfreaks.com/topic/100628-continue-to-page-after-login/
Share on other sites
twsowerby Member

twsowerby

Posted
  • Author
Posted

Hi,

 

My include which checks whether a user is logged in already contains that.

 

What I have now is this script that is included on every restricted page:

 

<?php

//start the session
session_start();

//check to make sure the session variable is registered
if(session_is_registered('username')){

//the session variable is registered, the user is allowed to see anything that follows

header( "Location: ./index.php" );

}
else{

//the session variable isn't registered, send them back to the login page
header( "Location: ./login.php" );
}

?>

 

I need it to redirect to whatever page the user was trying to access before they were forced to login by this script.

 

Eg, User clicks link to restricted page-->user is forced to log in-->once logged in, user arrives at page they were trying to access.

 

Regards,

 

Tom

MiCR0 Member

MiCR0

Posted
Posted

ok I think i see what you are trying to do, well 1st you should know that this session can easy be hacked and is very unsafe however for learning its a good way to start.

 

here is a basic system that I think you are looking for.

 

userlogin.php

<?php

require("config.php");
require("db.php"); 
require("functions.php");

session_start();

if($_SESSION['SESS_USERNAME']) {
header("Location: " . $config_basedir . "index.php");
}

if($_POST['submit']) {

$sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'";

$result = mysql_query($sql);
$numrows = mysql_num_rows($result);

if($numrows == 1) {
	$row = mysql_fetch_assoc($result);

	session_register("SESS_USERNAME");
	session_register("SESS_USERID");
	session_register("SESS_USERLEVEL");

	$_SESSION['SESS_USERNAME'] = $row['username'];
	$_SESSION['SESS_USERID'] = $row['id'];
	$_SESSION['SESS_USERLEVEL'] = $row['level'];		

	header("Location: " . $config_basedir);
}
else {
	header("Location: " . $config_basedir . "/userlogin.php?error=1");
}
}
else {
require("header.php");

echo "<h1>Login</h1>";

if($_GET['error']) {
	echo "<p>Incorrect login, please try again!</p>";
}

?>

<form action="<?php echo $SCRIPT_NAME ?>" method="post">

<table>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Login!"></td>
</tr>
</table>
</form>

<?php}
?>

 

config.php

<?php

$dbhost = "localhost";
$dbuser = "root";
$dbpassword = "";
$dbdatabase = "?";

$config_basedir = "http://localhost/";

?>

db.php

<?php
require("config.php");

$db = mysql_connect($dbhost, $dbuser, $dbpassword);
mysql_select_db($dbdatabase, $db);
?>

 

functions.php

<?php

function pf_fix_slashes($string) {
if (get_magic_quotes_gpc() == 1) {
	return($string);
}
else {
	return(addslashes($string));
}
}

function pf_check_number($value) {
if(isset($value) == FALSE) {
	$error = 1;
}

if(is_numeric($value) == FALSE) {
	$error = 1;
}

if($error == 1) {
	return FALSE;
}
else {
	return TRUE;
}
}

?>

 

userlogout.php

<?php

session_start();

require("config.php");

session_unregister("SESS_USERNAME");
session_unregister("SESS_USERID");
session_unregister("SESS_USERLEVEL");

header("Location: " . $config_basedir);

?>

 

now for the session access code you can do from the level that you set up like the following

if ($_SESSION['SESS_USERLEVEL'] == 10) {
}

 

to use this session you would add in your header.php  things like this

 

session_start();

<?php
if($_SESSION['SESS_USERNAME']) {
echo "Logged in as <strong>" . $_SESSION['SESS_USERNAME'] . "</strong> - <a href='userlogout.php' >Logout</a>";
}
else {
echo "<a href='userlogin.php' >Login</a>";
}
?>

 

Hope this helps.

For a real live site there is a free GPL Class system called DB_eSESSION which is safe 1 class which will handle all of the session stuff for you.

twsowerby Member

twsowerby

Posted
  • Author
Posted

Thanks Micro,

 

I'm trying to implement your code but I'm struggling to get it to work, mainly syntax issues but I'm pretty new to PHP and they are frustrating me.

 

<?php

require("../includes/config.php");
require("../includes/db.php"); 
require("../includes/functions.php");

session_start();

if($_SESSION['SESS_USERNAME']) {
header("Location: " . $config_basedir . "index.php");
}

if($_POST['submit']) {

$sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'";

$result = mysql_query($sql);
$numrows = mysql_num_rows($result);

if($numrows == 1) {
	$row = mysql_fetch_assoc($result);

	session_register("SESS_USERNAME");
	session_register("SESS_USERID");


	$_SESSION['SESS_USERNAME'] = $row['username'];
	$_SESSION['SESS_USERID'] = $row['id'];


	header("Location: " . $config_basedir);
}
else {
	header("Location: " . $config_basedir . "/login.php?error=1");
}
}
else {

echo "<h1>Login</h1>";

echo "<form action=\"login.php\" method=\"post\">";
echo "<table>";
echo "<tr>";
echo "<td>Username</td>";
echo "<td><input type=\"text\" name=\"username\"></td>";
echo "</tr>";
echo "<tr>";
echo "<td>Password</td>";
echo "<td><input type=\"password\" name=\"password\"></td>";
echo "</tr>";
echo "<tr>";
echo "<td></td>";
echo "<td><input type=\"submit\" name=\"submit\" value=\"Login!\"></td>";
echo "</tr>";
echo "</table>";
echo "</form>";
}

if($_GET['error']) {
	echo "<p>Incorrect login, please try again!</p>";
}

?>

 

I echoed the login form as the version you posted was outside the PHP, but was meant to be within the IF statement. If that is wrong then please let me know. The problem I'm having now is that one of the dynamic URL's isn't working and keeps throwing a 404 not found when i try and run the script.

 

Really struggling to fix it so any help would be great.

 

Thanks,

 

Tom

twsowerby Member

twsowerby

Posted
  • Author
Posted

Oh yes it does, im very sorry! I must have messed it up somehow when i was editing.

 

Ok I've got your code working, but how to I go about checking if the user is logged in on each restricted page?

 

I saw your 

if ($_SESSION['SESS_USERLEVEL'] == 10) {
}

 

But I don't really want to do membership levels, just need it to redirect to the login page if the session isnt active.

 

Regards,

 

Tom

laffin Newbie

laffin

Posted
Posted

on yer login form if a user is not logged in send a GET variable to the login form so a user can return to the url he was at.

 

to save any url parameters, u may want to encode the uri line. thus not affecting the login parameters if any.

 

if(!$loggedin)
{
  $uri = urlencode(gzdeflate($_SERVER['REQUEST_URI'],9));
  header("Location: http://www.mysite.com/login.php?returnto=$uri");
  exit;
}

 

in the login processing script, check the returnto var

if(isset($_GET['returnto'])
    $returnto=gzinflate(urldecode($_GET['returnto']));
else
   $returnto='index.php';
header('Location: $returnto");
exit;

 

these are simple examples. u may want to add some checking to avoid the returnto from being abused from outside domains.

 

twsowerby Member

twsowerby

Posted
  • Author
Posted

Thanks laffin,

 

I did what you said and I'm hoping it will work but unfortunately my lack of PHP experience i killing me again, I'm finding a syntax error in a nested if that looks fine to me, coulf you have a look for me and see if you can see the problem?

 

The error is on the line where I try and retrieve the url that has been passed through. (if(isset($_GET['returnto'])...)

 

<?php

require("config.php");
require("db.php"); 
require("functions.php");

session_start();

if($_SESSION['SESS_USERNAME']) {

}

if($_POST['submit']) {

$sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'";

$result = mysql_query($sql);
$numrows = mysql_num_rows($result);

if($numrows == 1) {
	$row = mysql_fetch_assoc($result);

	session_register("SESS_USERNAME");
	session_register("SESS_USERID");
	session_register("SESS_USERLEVEL");

	$_SESSION['SESS_USERNAME'] = $row['username'];
	$_SESSION['SESS_USERID'] = $row['id'];
	$_SESSION['SESS_USERLEVEL'] = $row['level'];		

	if(isset($_GET['returnto']) {
	$returnto=gzinflate(urldecode($_GET['returnto']));
	}
	else {
	$returnto='index.php';<br>header('Location: $returnto');
	exit;}

}
else {
	header("Location: " . $config_basedir . "/userlogin.php?error=1");
}
}
else {
require("header.php");

echo "<h1>Login</h1>";

if($_GET['error']) {
	echo "<p>Incorrect login, please try again!</p>";
}

?>

<form action="<?php echo $SCRIPT_NAME ?> "" method="post">

<table>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Login!"></td>
</tr>
</table>
</form>

<?php
}
?>

 

Regards,

 

Tom

twsowerby Member

twsowerby

Posted
  • Author
Posted

Right laffin, I hope your still around, cos im a bit stuffed if not!

 

All the syntax is fine and theres no errors, i just can't get it to do what I need! I don;t think the url is being passed properly, but I don't know why!

 

This is what I have so far:

 

userlogin.php

<?php

require("config.php");
require("db.php"); 
require("functions.php");

session_start();

if($_SESSION['SESS_USERNAME']) {
header("Location: " . $config_basedir);
}

if($_POST['submit']) {

$sql = "SELECT * FROM users WHERE username = '" . pf_fix_slashes($_POST['username']) . "' AND password = '" . md5(pf_fix_slashes($_POST['password'])) . "'";

$result = mysql_query($sql);
$numrows = mysql_num_rows($result);

if($numrows == 1) {
	$row = mysql_fetch_assoc($result);

	session_register("SESS_USERNAME");
	session_register("SESS_USERID");
	session_register("SESS_USERLEVEL");

	$_SESSION['SESS_USERNAME'] = $row['username'];
	$_SESSION['SESS_USERID'] = $row['id'];
	$_SESSION['SESS_USERLEVEL'] = $row['level'];		

	if(isset($_GET['returnto'])) {
	$returnto=gzinflate(urldecode($_GET['returnto']));
	}
	else {
	$returnto='index.php';
	header('Location:'. $returnto);
	exit;}

}
else {
	header("Location: " . $config_basedir . "/userlogin.php?error=1");
}
}
else {
require("header.php");

echo "<h1>Login</h1>";

if($_GET['error']) {
	echo "<p>Incorrect login, please try again!</p>";
}

?>

<form action="<?php echo $SCRIPT_NAME ?> "" method="post">

<table>
<tr>
<td>Username</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Login!"></td>
</tr>
</table>
</form>

<?php
}
?>

 

Thats my login script.

 

incSession.php

<?php
session_start();
if($_SESSION['SESS_USERNAME']==null) {
$uri = urlencode(gzdeflate($_SERVER['REQUEST_URI'],9));
header("Location: " . $config_basedir . "userlogin.php?returnto=$uri");
exit;
}
else {

}

?>

 

Thats what is included in all restricted pages.

 

When I'm logged out of the system and click a restricted page, it takes me to the login page, i sign on, and then it sends me back to index.php. I need it to send me to the original page i was trying to access.

 

Any ideas?

 

Tom

twsowerby Member

twsowerby

Posted
  • Author
Posted

Hmm thanks laffin, still getting the same result as before though, very infuriating, im pretty sure its something really simple but i cant seem to sort it out.

 

is it supposed to pass this in the url?

 

http://localhost/sites/fyp/htdocs/userlogin.php?returnto=%D3%2F%CE%2CI-%D6O%AB%2C%D0%CF%28I%C9O.%D6%CF%ADtLN%CE%2F%CD%2B%D1%2B%C8%28%00%00

 

If you have any bright ideas please let me know. I'm not getting any errors, its just taking me straight back to the index page after i log in.

 

is my if($_SESSION['SESS_USERNAME']==null) bit right?

 

I'm thinking the $_GET['returnto'] isn't working, but I have no idea why.

 

Tom

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.