drayarms Posted January 12, 2011 Share Posted January 12, 2011 I put together the following script which is supposed to be a members only/restricted page on a website. The page redirects every user to a login page (access_denied.php) if the user is not logged in/authenticated. My next puzzle is to figure out a way to be redirected to the original page which the user intended to visit, after he logs in. Is there some line of code that has to be included in the target page or the login page to accomplish this? //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //authenticate user //Start session session_start(); //Connect to database require ('config.php'); //Check whether the session variable id is present or not if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) { header("location: access_denied.php"); exit(); } else{ require ('header_blogs.html'); //need the header print' <div id="main" style="background-color: #FFFFFF; height:71%; width:101%; border:0px none none; margin:auto; "> <!--opens the white content area--> <div id="main_left" style="float:left; height:100%; width:20%; border:0px none none;"> <!--opens main left--> <div id="main_left_top" style=" background-color: #FFFFFF; float:left; position:relative;bottom:5px;right:5px; height:33%; width:100%; border:1px solid #c0c0c0; margin:5px;"> <!--opens main left top--> </div> <!-- closes main left top--> <div id="main_left_center" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area--> </div> <!-- closes main left center--> <div id="main_left_bottom" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area--> </div> <!-- closes main left bottom--> </div> <!-- closes main left--> <div id="main_center" class="" style="float:left; height:100%; width:59%; border:0px solid #c0c0c0;"> <!--opens main center-->'; if (isset ($_POST['submit'])) { //handle the form. //connect to database require_once("config.php"); //define the query. $query = "INSERT INTO blogs (blog_id, title, entry) VALUES (0, '{$_POST['title']}', '{$_POST['entry']}')"; "INSERT INTO entrydates (entrydate_id, entrydate) VALUES (0, NOW())"; //execute the query if (@mysql_query ($query)) { print '<p> Your entry has been submitted. Thank you!</p>'; print '<p> <h3><a style="text-decoration:none" href="blogs.php">Return to hahap tok</a></h3></p>'; } else { print "<p>Could not add the entry because: <b>" . mysql_error() . "</b>. The query was $query.</p>"; } mysql_close(); } //Display the form. print' <p><h2 align ="center">Please, Add Your Contribution to Half Tok Library!</h2></p> <p> <form action ="blog_entries.php" method="post"> <p>       Title:             <input type="text" name =title" size="40" maxsize="100" /></p> <p>      Explanation: <textarea name= "entry" cols="40" rows="5"></textarea></p> <!-- It is good practice to use the same name from inputs as the corresponding column names in databse, avoiding confusion.-->                          <input type="submit" name="submit" value="Post your Entry!"> </form> </p> </div> <!-- closes main center--> <div id="main_right" style="float:left; background-color: #FFFFFF; height:100%; width:20%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area--> <div id="main_right_top" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area--> </div> <!-- closes main left top--> <div id="main_right_center" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area--> </div> <!-- closes main left center--> <div id="main_right_bottom" style="float:left; background-color: #FFFFFF; height:33%; width:100%; border-color:#a0a0a0;border-style:outset;border-width:1px; margin:auto; "> <!--opens the white content area--> </div> <!-- closes main left bottom--> </div> <!-- closes main right--> </div> <!-- closes main--> '; } //End of if statmemnt. require ('footer.html'); //need the footer ?> Just in case this might be helpful, here is the login script Syntax: [ Download ] [ Hide ] [ Select ] [ Expand ] <?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //Turn on output buffering. Allows for headers to be called anywhere on script. See pg228 Ulman. ob_start(); //start session session_start(); //include the config or connect file require_once("config.php"); // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']); $sql="SELECT * FROM members WHERE username='$username' and password='$password'"; //the variable assigned to the post username should match the named attribute of username of login form. same for the password. $result=mysql_query($sql); // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 if($count==1){ // Register username, firstname and redirect to file session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['id'] = $member['member_id']; $_SESSION['firstname'] = $member['firstname']; $_SESSION['lastname'] = $member['lastname']; session_write_close(); header("location: member_index.php"); exit(); }else { //Login failed header("location: login_failed.php"); exit(); } ?> I was thinking about creating a unique login page for every page on the site that requires authentication, that would redirect the user to the appropriate target page upon logging in using the header function, but I would love to believe that there is some line of code that would do the same job, using just one login page for the entire website. Any suggestions would be greatly appreciated. Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 12, 2011 Share Posted January 12, 2011 When posting code, please enclose it within the forum's . . . BBCode tags. Quote Link to comment Share on other sites More sharing options...
nankoweap Posted January 29, 2011 Share Posted January 29, 2011 i didn't read through the code, but there's no need for multiple login pages. assuming you're storing some kind of token in the user's session that tells your application that the user is logged in or not, do something like this in each required page: if (session_id() == '') { session_start(); } if ( ! isset($_SESSION['nameOfUserToken'])) { $_SESSION['toUrl'] = "the url to which the user will be redirected after successful login"; header("Location:your login page url"); exit(); } then in your login page somewhere after a successful login, check to see if the toUrl token exists in the session. if it does, redirect the user to it. if not, display a successful login page or whatever the detail behavior is. if (isset($_SESSION['toUrl'])) { header("Location:" . $_SESSION['toUrl']); unset($_SESSION['toUrl']); exit(); } Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.