Jump to content

Archived

This topic is now archived and is closed to further replies.

cburwell

Passing Full URL

Recommended Posts

I recently just got back into the swing of coding PHP again. I made a news front end to display news that I post in a MySQL table. I am now going to be creating the administration for that news scrip, which will allow for adding, editing, and deleting new posts.

In addition I have created a userauth class that uses another table to authenticate users and start a session once they are authenticated. My goal is to be able to use the same userauth class and database to be able to log into the admin portion of various scripts I may write.

When someone requests a news admin page such as: www.mydomain.com/new_admin.php?function=add, I first have the script check to see if the user is already logged in. If they are not, I want the script to take the user to the login page. Once the have sucessfully logged in I want the loging script to take them back to the page that they origoonally requested.

[b]My Question:[/b] is there a PHP variable that I can pass to the login script that will contain the full url of the page/script that the user origionally requested?

Share this post


Link to post
Share on other sites
Not sure but i think you could use the $_SERVER['SCRIPT_FILENAME'] to return the full path to the current script, so if someone asked for news.php and if the login was false, you could use something like
header("Location:login.php?url=".$_SERVER['SCRIPT_FILENAME']);

and in login.php redirect to the specified $_GET['url']

Hope this helps

Share this post


Link to post
Share on other sites
I think you can use $_SERVER['HTTP_REFERER'] to get the URL they came from.

Share this post


Link to post
Share on other sites
I was thinking about the $_SERVER['HTTP_REFERER'] var, but I was thinking, what if someone came from google.com, and for some reason went directly to my login script? Then after they login they may be redirected back to google.

I guess I would have to put some sort of check to make sure that did not happen.

All this information should point me in the right direction. Thank you!

Share this post


Link to post
Share on other sites
[quote author=cburwell link=topic=110651.msg448018#msg448018 date=1160144364]
I was thinking about the $_SERVER['HTTP_REFERER'] var, but I was thinking, what if someone came from google.com, and for some reason went directly to my login script? Then after they login they may be redirected back to google.

I guess I would have to put some sort of check to make sure that did not happen.

All this information should point me in the right direction. Thank you!
[/quote]

This would only happen if Google referred to the form. You could use [url=http://php.net/parse_url]parse_url[/url] to check if the referrer's domain is yours.

Share this post


Link to post
Share on other sites
I was under the impression that not all browsers set HTTP_REFERER, so you can't really rely on it (http://www.php.net/manual/en/reserved.variables.php). Any thoughts?

Share this post


Link to post
Share on other sites
just before you redirect to the login page, couldnt you pass the current page name (inc. params) in the URL? ie,
[code]
$ref = urlencode($_SERVER['PHP_SELF']  etc etc etc blahblah);

header("Location: login.php?ref=$ref");
exit;
[/code]

if not, then setting a session var wouldnt be too tricky either and would be invisible.

Share this post


Link to post
Share on other sites
I would just use a temporary session, if the page there requesting is a session controlled page. This way you can store the page information and redirect to the login if the session authorization (IE: $_SESSION['auth']) is not set, if it isn't set and the redirect happens, then show the login page. Starting a session isn't bad thing, even for visitors that are not logged in, because a session can be used for a visitor or member, based solely on a session flag being set or not. Like, say a member hits the login page, they shouldn't be there if they are logged in, so you redirect them to a service page. So using sessions for both types of users is most times better than only starting a session after a login. For session control is only to maintain state, not to say who is logged in or not, sure you implement that logic into your session, but that is not what sessions is for, as I stated before!


me!

Share this post


Link to post
Share on other sites
[b]redbullmarky[/b]: I thought about doing that, but I was a bit concerned about how easy it would be for someone to manipulate the $ref portion in the url.

[b]printf:[/b] That sounds like a good way of going about it. I'm probably going to give that a try some time after work.

Share this post


Link to post
Share on other sites
To login as a admin it should be the same login code as the user logged in with.
example only.
[code]
<?php session_start();

$name=($_POST['name']);
$password=($_POST['password']);

if($_POST['submit']){

if(($name="none")&&($password=="none"){

echo" sorry please fill in all the form";

}

$query="select * from members where name='$name' and password='$password'";

$result=mysql_query($query)or die("query problam");

if(mysql_num_rows($result)==1){

$id=($_POST['id']);
$_SESSION['id']=$id;

$name=($_POST['name']);
$_SESSION['name']=$name;


header("location: members_page.php");
exit;

}elseif(mysql_num_rows($result)==0){

$query2="select * from admin where name='$name' and password='$password'";

$result2=mysql_query($query2)or die ("query2 problam");

if(mysql_num_rows($result2)==1){

$id=($_POST['id']);
$_SESSION['id']=$id;

$name=$_POST['name']);
$_SESSION['name']=$name;

header("location: admin_page.php");
exit;

}else{

header("location: register_member.php");
exit;
}
}
?>

[/code]

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.