Jump to content


Photo

Passing Full URL


  • Please log in to reply
9 replies to this topic

#1 cburwell

cburwell
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 06 October 2006 - 01:46 AM

I recently just got back into the swing of coding PHP again. I made a news front end to display news that I post in a MySQL table. I am now going to be creating the administration for that news scrip, which will allow for adding, editing, and deleting new posts.

In addition I have created a userauth class that uses another table to authenticate users and start a session once they are authenticated. My goal is to be able to use the same userauth class and database to be able to log into the admin portion of various scripts I may write.

When someone requests a news admin page such as: www.mydomain.com/new_admin.php?function=add, I first have the script check to see if the user is already logged in. If they are not, I want the script to take the user to the login page. Once the have sucessfully logged in I want the loging script to take them back to the page that they origoonally requested.

My Question: is there a PHP variable that I can pass to the login script that will contain the full url of the page/script that the user origionally requested?

#2 yonta

yonta
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 06 October 2006 - 02:18 AM

Not sure but i think you could use the $_SERVER['SCRIPT_FILENAME'] to return the full path to the current script, so if someone asked for news.php and if the login was false, you could use something like
header("Location:login.php?url=".$_SERVER['SCRIPT_FILENAME']);

and in login.php redirect to the specified $_GET['url']

Hope this helps
do it, do it right, do it right now

#3 Jeremysr

Jeremysr
  • Members
  • PipPipPip
  • Advanced Member
  • 199 posts
  • LocationSaskatchewan, Canada

Posted 06 October 2006 - 02:22 AM

I think you can use $_SERVER['HTTP_REFERER'] to get the URL they came from.

#4 cburwell

cburwell
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 06 October 2006 - 02:19 PM

I was thinking about the $_SERVER['HTTP_REFERER'] var, but I was thinking, what if someone came from google.com, and for some reason went directly to my login script? Then after they login they may be redirected back to google.

I guess I would have to put some sort of check to make sure that did not happen.

All this information should point me in the right direction. Thank you!

#5 Daniel0

Daniel0
  • Staff Alumni
  • Advanced Member
  • 11,956 posts

Posted 06 October 2006 - 02:21 PM

I was thinking about the $_SERVER['HTTP_REFERER'] var, but I was thinking, what if someone came from google.com, and for some reason went directly to my login script? Then after they login they may be redirected back to google.

I guess I would have to put some sort of check to make sure that did not happen.

All this information should point me in the right direction. Thank you!


This would only happen if Google referred to the form. You could use parse_url to check if the referrer's domain is yours.

#6 yonta

yonta
  • Members
  • PipPipPip
  • Advanced Member
  • 70 posts

Posted 07 October 2006 - 01:59 PM

I was under the impression that not all browsers set HTTP_REFERER, so you can't really rely on it (http://www.php.net/m...d.variables.php). Any thoughts?
do it, do it right, do it right now

#7 redbullmarky

redbullmarky
  • Staff Alumni
  • Advanced Member
  • 2,863 posts
  • LocationBedfordshire, England

Posted 07 October 2006 - 02:06 PM

just before you redirect to the login page, couldnt you pass the current page name (inc. params) in the URL? ie,
$ref = urlencode($_SERVER['PHP_SELF']  etc etc etc blahblah);

header("Location: login.php?ref=$ref");
exit;

if not, then setting a session var wouldnt be too tricky either and would be invisible.
"you have to keep pissing in the wind to learn how to keep your shoes dry..."

I say old chap, that is rather amusing!

#8 printf

printf
  • Staff Alumni
  • Advanced Member
  • 889 posts

Posted 07 October 2006 - 02:21 PM

I would just use a temporary session, if the page there requesting is a session controlled page. This way you can store the page information and redirect to the login if the session authorization (IE: $_SESSION['auth']) is not set, if it isn't set and the redirect happens, then show the login page. Starting a session isn't bad thing, even for visitors that are not logged in, because a session can be used for a visitor or member, based solely on a session flag being set or not. Like, say a member hits the login page, they shouldn't be there if they are logged in, so you redirect them to a service page. So using sessions for both types of users is most times better than only starting a session after a login. For session control is only to maintain state, not to say who is logged in or not, sure you implement that logic into your session, but that is not what sessions is for, as I stated before!


me!

#9 cburwell

cburwell
  • New Members
  • Pip
  • Newbie
  • 8 posts

Posted 07 October 2006 - 02:32 PM

redbullmarky: I thought about doing that, but I was a bit concerned about how easy it would be for someone to manipulate the $ref portion in the url.

printf: That sounds like a good way of going about it. I'm probably going to give that a try some time after work.

#10 redarrow

redarrow
  • Members
  • PipPipPip
  • Advanced Member
  • 7,308 posts
  • Locationlondon

Posted 07 October 2006 - 02:47 PM

To login as a admin it should be the same login code as the user logged in with.
example only.
<?php session_start();

$name=($_POST['name']);
$password=($_POST['password']);

if($_POST['submit']){

if(($name="none")&&($password=="none"){

echo" sorry please fill in all the form";

}

$query="select * from members where name='$name' and password='$password'";

$result=mysql_query($query)or die("query problam"); 

if(mysql_num_rows($result)==1){

$id=($_POST['id']);
$_SESSION['id']=$id;

$name=($_POST['name']);
$_SESSION['name']=$name;


header("location: members_page.php");
exit;

}elseif(mysql_num_rows($result)==0){

$query2="select * from admin where name='$name' and password='$password'";

$result2=mysql_query($query2)or die ("query2 problam");

if(mysql_num_rows($result2)==1){

$id=($_POST['id']);
$_SESSION['id']=$id;

$name=$_POST['name']);
$_SESSION['name']=$name;

header("location: admin_page.php");
exit;

}else{

header("location: register_member.php");
exit;
}
 }
?>


Wish i new all about php DAM i will have to learn
((EMAIL CODE THAT WORKS))
http://simpleforum.ath.cx/mail2.inc
((PAYPAL INTEGRATION THAT WORKS))
http://simpleforum.a...aypal1_info.inc




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users