Jump to content

Recommended Posts

I recently just got back into the swing of coding PHP again. I made a news front end to display news that I post in a MySQL table. I am now going to be creating the administration for that news scrip, which will allow for adding, editing, and deleting new posts.

In addition I have created a userauth class that uses another table to authenticate users and start a session once they are authenticated. My goal is to be able to use the same userauth class and database to be able to log into the admin portion of various scripts I may write.

When someone requests a news admin page such as: www.mydomain.com/new_admin.php?function=add, I first have the script check to see if the user is already logged in. If they are not, I want the script to take the user to the login page. Once the have sucessfully logged in I want the loging script to take them back to the page that they origoonally requested.

[b]My Question:[/b] is there a PHP variable that I can pass to the login script that will contain the full url of the page/script that the user origionally requested?
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/
Share on other sites

Not sure but i think you could use the $_SERVER['SCRIPT_FILENAME'] to return the full path to the current script, so if someone asked for news.php and if the login was false, you could use something like
header("Location:login.php?url=".$_SERVER['SCRIPT_FILENAME']);

and in login.php redirect to the specified $_GET['url']

Hope this helps
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-104769
Share on other sites

I was thinking about the $_SERVER['HTTP_REFERER'] var, but I was thinking, what if someone came from google.com, and for some reason went directly to my login script? Then after they login they may be redirected back to google.

I guess I would have to put some sort of check to make sure that did not happen.

All this information should point me in the right direction. Thank you!
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-105045
Share on other sites

[quote author=cburwell link=topic=110651.msg448018#msg448018 date=1160144364]
I was thinking about the $_SERVER['HTTP_REFERER'] var, but I was thinking, what if someone came from google.com, and for some reason went directly to my login script? Then after they login they may be redirected back to google.

I guess I would have to put some sort of check to make sure that did not happen.

All this information should point me in the right direction. Thank you!
[/quote]

This would only happen if Google referred to the form. You could use [url=http://php.net/parse_url]parse_url[/url] to check if the referrer's domain is yours.
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-105048
Share on other sites

just before you redirect to the login page, couldnt you pass the current page name (inc. params) in the URL? ie,
[code]
$ref = urlencode($_SERVER['PHP_SELF']  etc etc etc blahblah);

header("Location: login.php?ref=$ref");
exit;
[/code]

if not, then setting a session var wouldnt be too tricky either and would be invisible.
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-105490
Share on other sites

I would just use a temporary session, if the page there requesting is a session controlled page. This way you can store the page information and redirect to the login if the session authorization (IE: $_SESSION['auth']) is not set, if it isn't set and the redirect happens, then show the login page. Starting a session isn't bad thing, even for visitors that are not logged in, because a session can be used for a visitor or member, based solely on a session flag being set or not. Like, say a member hits the login page, they shouldn't be there if they are logged in, so you redirect them to a service page. So using sessions for both types of users is most times better than only starting a session after a login. For session control is only to maintain state, not to say who is logged in or not, sure you implement that logic into your session, but that is not what sessions is for, as I stated before!


me!
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-105495
Share on other sites

[b]redbullmarky[/b]: I thought about doing that, but I was a bit concerned about how easy it would be for someone to manipulate the $ref portion in the url.

[b]printf:[/b] That sounds like a good way of going about it. I'm probably going to give that a try some time after work.
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-105498
Share on other sites

To login as a admin it should be the same login code as the user logged in with.
example only.
[code]
<?php session_start();

$name=($_POST['name']);
$password=($_POST['password']);

if($_POST['submit']){

if(($name="none")&&($password=="none"){

echo" sorry please fill in all the form";

}

$query="select * from members where name='$name' and password='$password'";

$result=mysql_query($query)or die("query problam");

if(mysql_num_rows($result)==1){

$id=($_POST['id']);
$_SESSION['id']=$id;

$name=($_POST['name']);
$_SESSION['name']=$name;


header("location: members_page.php");
exit;

}elseif(mysql_num_rows($result)==0){

$query2="select * from admin where name='$name' and password='$password'";

$result2=mysql_query($query2)or die ("query2 problam");

if(mysql_num_rows($result2)==1){

$id=($_POST['id']);
$_SESSION['id']=$id;

$name=$_POST['name']);
$_SESSION['name']=$name;

header("location: admin_page.php");
exit;

}else{

header("location: register_member.php");
exit;
}
}
?>

[/code]
Link to comment
https://forums.phpfreaks.com/topic/23139-passing-full-url/#findComment-105500
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.