Jump to content

Redirect to login with dynamic URL doesn't work

komplexia

By komplexia
in PHP Coding Help

 Share

Recommended Posts

komplexia Newbie

komplexia

Posted
Posted

Redirect to login with dynamic URL (?p=) doesn't work

 

I have two webpages that I want to be accessible only when the user is logged in. One for admin and one for other users. When a user who isn't logged in arrive to these pages I want to redirect the page to login.php. This doesn't work with the website I am working on.

 

I use this script on the startpage:

 

	<?php    								
	if(file_exists($_GET['p'].".php")){
    		include($_GET['p'].".php");
	} 

	else{
		if(empty($_GET['p']) OR $_GET['p'] == ""){
				include("main.php");
		   	} 

		else{
   				include("404.php");									
   			}   								
	}								
?>

 

and therefore my links have this format: ?p=mapp/filnamn and it doesn't work with header('Location: /?p=admin/login');

 

If I skip this script and use ordinary links header('Location: /admin/login.php'); it works, but I don't want to be forced to copy the same code over and over again to get header, footer, leftbar and rightbar on every single page.

 

I have almost teared my brain apart to find a solution but in vain. Today I have been sitting in front of the computer almost the whole day with this problem, but no luck. I don't even know what to search for. What is it I don't understand? Not long time ago I hade another problem just because I use dynamic links.

 

This is the script I use on the page that I don't want to be accessible if you aren't logged in:

 

 

<?php 
session_start();
$username = $_SESSION['username'];

include ('functions.php');
db_connect();

if(!empty($_SESSION['username'])){
	$sql = mysql_query("SELECT username, usertype FROM users WHERE username='$username'");
	$result = mysql_num_rows($sql);
	$row = mysql_fetch_array($sql);

	if($_SESSION['username'] = $username AND $row['usertype']==1){
		$_SESSION['username'] = $username;
		$user_welcome = "Welcome ".$username;
	}

	else{
		//header('Location: /?p=admin/login');
		die("<a href='?p=admin/login'>You have to login as admin to access this page!</a>");
	}
}

else{
	//header('Location: /?p=admin/login');
	die("<a href='?p=admin/login'>You have to login to access this page</a>");
}
?>

 

I use "die" because it is the only way for me to make it work, but I want to use what is in the comments. Maybe it's not such a bad idea to use the method I use today, but the problem is that when I get the message that I have to login to view the page, the rightbar disappear and the page therefor looks stupid.

 

Another question I am wondering about, is if the above script is secure? It doesn't feel like it, but maybe the security is all about the loginpage?

komplexia Newbie

komplexia

Posted
  • Author
Posted

You're going to have to be more specific then as to how it's not working.

 

I really don't know how I can be more specific about it. header("location: some_path") doesn't work with dynamic URL's. No matter theother code on the page. So if I erase all the code on the users/index.php and just add <?php header("location: admin/login.php"); ?> at the top and then go to users/index.php it works and I get redirected to admin/login.php, because the URL is not dynamic. But if I erase all the code and instead put <?php header("location: ?p=admin/login"); ?> at the top and goes to ?p=users/index it doesn't work. I don't get redirected.

Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

    Note:

 

    HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use 

$_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself:
    <?php
    /* Redirect to a different page in the current directory that was requested */
    $host  = $_SERVER['HTTP_HOST'];
    $uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
    $extra = 'mypage.php';
    header("Location: http://$host$uri/$extra");
    exit;
    ?>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.