Jump to content

redirect after login

ryanmetzler3

By ryanmetzler3
in PHP Coding Help

 Share

Recommended Posts

ryanmetzler3 Member

ryanmetzler3

Posted
Posted

I have an html form that asks for your name, email, and feedback. I have a button that gives you the option to login, this way you do not have to type your name or email. The button takes you to the login page. Once the user logs in, how can I redirect them back to the feedback page they were on. Here is the button that gives you the option to login

<input type="submit" id="login" value="Or Login" onclick="window.location='/LoginScripts/login.php'" />

I only want to redirect them back to the registration page if they arrived at the login page via the register page. Thanks! 

Link to comment
Share on other sites
davidannis Regular Member

davidannis

Posted
Posted

something like this in the login script (after you make sure they are logged in):

if ($_SERVER['HTTP_REFERER']=='url of your registration page here'){
header ('Location: url of your registration page here');
}

Note: header must be used before any output to the browser (or you can buffer the output).

Link to comment
Share on other sites
davidannis Regular Member

davidannis

Posted
Posted

Good idea but I'd tweak it a bit.

You could set a session variable on the registration page.

$_SESSION['from_registration'] = true;

The issue I would have with that is you would need to clear $_SESSION['form_registration'] on every other page on the site or you would be redirected back to the registration page, even if you logged in 10 pages after visiting the registration page. What if instead you added a hidden field on the registration page and checked for that in login.php.

<input type="hidden" name="fromreg" value="true">

if (isset($_POST['fromreg']) && $_POST['fromreg']=='true'){
header ('Location: regpageuri');
}
Link to comment
Share on other sites
objnoob Member

objnoob

Posted
Posted

You should always redirect using a 303 after any successful login, otherwise a few clicks on the back button could be used to sign in.

Also the from_reg whatever whatever is too specific.  You could generalize that "FROM" and use it for all sorts of different stuff like tracking users' click trends.

 

Also, getting this from value defined by means of a hidden form input is bad practice. 1. it's now user data. and 2. if it's a path, users can redirect themselves anyplace.

Using the $_SERVER super variable to capture any referrer URL, and validating it's part of your site, and ensuring it's a suitable location for the user is, imo, just much better.

 

Thanks!

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

Also, getting this from value defined by means of a hidden form input is bad practice. 1. it's now user data. and 2. if it's a path, users can redirect themselves anyplace.

So? That's their problem.

 

They could also type a URL into the address bar.

 

This is really just a UX design feature. If the user purposefully breaks that... well, oh well.

Link to comment
Share on other sites
davidannis Regular Member

davidannis

Posted
Posted

You should always redirect using a 303 after any successful login, otherwise a few clicks on the back button could be used to sign in.

The 303 response code is a very good idea, but don't know how to do that in php. Looks like response code is just added to the header() but I'm not sure of the syntax.

 

Also the from_reg whatever whatever is too specific.  You could generalize that "FROM" and use it for all sorts of different stuff like tracking users' click trends.

True, but the OP wasn't trying to build a user click tracking system.

 

Also, getting this from value defined by means of a hidden form input is bad practice. 1. it's now user data. and 2. if it's a path, users can redirect themselves anyplace.

1. User data can be validated 2. (a) in the example I provided it is just either true or something else so that is not an issue (b) the user can go anyplace by typing in a URL. Unless I am missing something there is nothing magical in going to a URL via a redirect that creates a vulnerability that wouldn't be there if you went there directly.

 

Using the $_SERVER super variable to capture any referrer URL, and validating it's part of your site, and ensuring it's a suitable location for the user is, imo, just much better.

That was my original thought too (#2) but SocialCloud pointed out that not all browsers send the http_referrer (#3). The hidden field was a way to make sure it worked in those cases.

Link to comment
Share on other sites
scootstah Member

scootstah

Posted
Posted

And, when you decide to move your files around.... it becomes your problem.

Why code problems, when you can code solutions!?

You'd also face that problem with any link on your site. If you "change your files around", the links will break.

 

There is a solution to that, though: use a routing library. That way you can have a static route key that will map a URI to a page/class/function/something. That way, you use the route key in your links (and in this case, the form field) and then you're golden. As long as the route key stays the same, you can change the link as much as you want.

Link to comment
Share on other sites
objnoob Member

objnoob

Posted
Posted (edited)

There is a solution to that, though: use a routing library. That way you can have a static route key that will map a URI to a page/class/function/something. That way, you use the route key in your links (and in this case, the form field) and then you're golden. As long as the route key stays the same, you can change the link as much as you want.

 

Solutions!  I like!

One could also postback to self.  ie,

<html><head></head><body>

<?php
     # comments page

     $user = null;  # assume no user is signed in
     $showForm = false;   # whether to show the comments form

     if ( ! isset($_POST['btnComments'])) {
         $showForm = true;   # comments form not submitted, lets show it.... but before, lets check some other stuff
         if(  isset($_SESSION['user']) ){   
              $user = $_SESSION['user'];  # check, set $user if signed in
         }elseif( isset($_POST['btnLogin']) ){
              require '/var/www/scripts/login-process.php';   # not signed in, but clicked to log in. validate this attempt by including the proper script
         }else{
              echo "Hey buddy! Sign in if you have an account!:  <form method=post><input name=login /><input type=password name=password /><input type=submit name=btnLogin /></form><br />";
         } 

      }else{
            // process comments form, user submitted comments
            $errors = array();  //  store any errors in this array
      }
   
 if($showForm || $errors):

?>

<form method=post>
  YADDA YADDA
</form>

<?php else: ?>

     <p>Thanks for those comments, buddy!</p>

<?php endif; ?>

</body>
</html>
Edited by objnoob
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.