User Login Question

[sws]

Hi,

I have a login script that works great. The user clicks the login link and the form comes up, once they have logged in they are directed back to the home page and greeted.

The site is a fantasy sports site that I'm creating and I am stuck.  I have a link for visitors to click to enter a hockey contest. I've coded it so that if the user is not logged in they can't view the entry form where they submit their picks.  I must have them logged in before they can see this form because my form gathers their user name in a hidden variable so I can tell who has made the picks.

So, if they try to click on the enter contest link, they are directed immediately to the login page. This is fine. The user then logs in. This is where my problem comes in..... once they login, the script directs them back to the home page. I need it to continue them on to the hockey roster page so they can submit their picks.  I will have this dillemma every time I create a new sports pool.  Do I have to create a separate login script that will redirect them to the appropriate pool page for each contest ?

Can someone please tell me how to accomplish this ?

Thanks.

[trq]

You need to store there refering page in a session or pass it through the url or even try checking the $_SERVER['HTTP_REFERER'] variable depending on how reliable you want this to be.

You then simply redirect them back to where they came from after they login.

[sws]

Thanks Thorpe.

Here is my code:
[code]<?php
include ("config.php");
# Include the config.php file

error_reporting (E_ALL & ~ E_NOTICE);
# Don't show notices.

if (empty($online['id'])){
# If they're not logged in already

if ($_POST['Login']) {
# If the login was made

$user = clean($_POST['username']);
# clean the username
$pass = clean($_POST['password']);
# clean the password

if (!$user | !$pass){
# if either of the fields are empty
echo ' <b>You left a field empty.</b><a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else {

$pass = md5($pass);

/*
Make the password a hash so hopefully it'll
be equal to atleast one of the passwords in
the database
*/

$query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'";
$query = mysql_query($query);

# Select the row of the user logging in

if (mysql_num_rows($query) == 1){
# If a row with the right information is found...

$expire = time() + (7*86400);
# We'll set an expire time for the cookie, in this case a week.

setcookie("username", $user, $expire);
# Set a cookie for the username

setcookie("password", $pass, $expire);                                           
# Set a cookie for the hashed password

echo 'Success, you have been logged in!<br />';
echo '<a href="index.php">Continue</a>...';
# Give a message of success

}
else {
# If no rows were found with the given information
echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

}

}
else {
# The form wasn't submitted
?>
<tr><td bgcolor="EEEEEE" align="center"><br /><font face="SerpentineDBol">
Log in to Play!!</font><br />
</td></tr>
<tr><td align="center" bgcolor="#EEEEEE">
<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
  Username:<br />
  <input name="username" type="text" id="username">
  <br />
  Password:<br />
  <input name="password" type="password" id="password">
  <br />
  <input name="Login" type="submit" id="Login" value="Login">
</form>
</td></tr>
</table>
<?
}

}
else {
# They're already logged in
echo 'You are already logged in!';
}
?> [/code]

Would you mind showing me how to do this ?

[sws]

Actually I changed my code from

[code]echo 'Success, you have been logged in!<br />';
echo '<a href="index.php">Continue</a>...';
# Give a message of success
[/code]

to:

[code]echo 'Success, you have been logged in!<br />';
echo '<a href="'.$_SERVER['HTTP_REFERER'].'">Continue</a>...';
# Give a message of success [/code]

And it's working the way it should but it's directing me back to the login page instead of the entry form.

The way I have it set up is that if they click the link to enter, if they aren't logged in they are automatically directed to the login page.

Therefore, the HTTP_REFERER variable is set to the login script.

Any advice ?

[sws]

The login page will always be the referer so how else could I handle this ?

[Orio]

Use Javascript's history object:
[code]<a href="javascript:history.go(-3)">Go back 3 pages</a>
<a href="javascript:history.go(-1)">Go back to the previous page</a>[/code]

Orio.

[sws]

Thanks Orio. Tried it but doesn't work.

The "enter today!" link is supposed to take them to a form in which they enter their picks.  They don't even make it to the form page if they aren't logged in. They go right to the login page. Once they've logged in, it's THEN supposed to take them to the form so they can select their players and submit their picks.

I can't figure out how to handle this.

Does anybody know a better way ?

[XeroXer]

When they get to the login page you can set a session variable:
[code]$_SESSION['page'] = $_SERVER['HTTP_REFERER'];[/code]
Then when you list the continue text just use:
[code]echo 'Success, you have been logged in!<br />';
echo '<a href="'.$_SESSION['page'].'">Continue</a>...';
# Give a message of success[/code]
This will redirect them to the page they where when they need to login.
Hopefully this will work.
I am no king on php but..

[Orio]

Oh, now I understand :)
The page with the form probbly has something like this, right?
[code]<?php
if(user_not_logged_in)
{
header("Location: login.php");
exit;
}
?>[/code]

So I suggest you to change it into:
[code]<?php
if(user_not_logged_in)
{
$_SESSION['ref']="enter_today_link_goes_here"; //insert in here the real link, not this text
header("Location: login.php");
exit;
}
?>[/code]

Now In the page that checks the login, change it so it will be simillar to this:
[code]<?php
if(user found and was logged in)
{
if(isset($_SESSION['ref']))
{
header("Location:".$ref);
exit;
}
else
{
//show the regular message you had of "login successful"
}
}
?>[/code]


Orio.

[sws]

Hmmm getting close.

I followed your advice but rather than taking me to the form, it's just displaying my Login Successful message.

Here's the two pages in question:

Form page:
[code]<?php
include ("config.php");
# Include the config.php file here

error_reporting (E_ALL & ~ E_NOTICE);
# Don't show notices.

echo '<table align="center" border="0" cellpadding="0" cellspacing="0" width="850">
<tr>
      <td height="22" background="images/nav_bar_02.jpg"><font color="#FFFFFF"><marquee behavior="slide" height="22" direction="left">Welcome to ULTIMATE POOLIES.com We are pleased to announce that our HOCKEY Contests are now in progress!!!</marquee></font>
  </td>
  </tr>
  <tr>
      <td bgcolor="#FFFFFF"><font face="SerpentineDBol" size="+3" color="#FF0000">Ultimate Poolies.com </font>';
if(!empty($online['id']))
{
  print'Welcome <b>'.stripslashes($online['username']). '</b> You have <b>'. ($online['credits']). '  Credits'. '</b>- <a href="logout.php">Logout</a><br />';
}
else {
# Else, they are not logged in.
$_SESSION['ref']="hockey_pickem_roster.php"; // Page to be directed to once they log in.
header("Location: login.php");
exit;

}

?>[/code]

Login page:

[code]<?php
include ("config.php");
# Include the config.php file

error_reporting (E_ALL & ~ E_NOTICE);
# Don't show notices.

if (empty($online['id'])){
# If they're not logged in already

if ($_POST['Login']) {
# If the login was made

$user = clean($_POST['username']);
# clean the username
$pass = clean($_POST['password']);
# clean the password

if (!$user | !$pass){
# if either of the fields are empty
echo ' <b>You left a field empty.</b><a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else {

$pass = md5($pass);

/*
Make the password a hash so hopefully it'll
be equal to atleast one of the passwords in
the database
*/

$query = "SELECT * FROM `users` WHERE username = '$user' AND password = '$pass'";
$query = mysql_query($query);

# Select the row of the user logging in

if (mysql_num_rows($query) == 1){
# If a row with the right information is found...

$expire = time() + (7*86400);
# We'll set an expire time for the cookie, in this case a week.

setcookie("username", $user, $expire);
# Set a cookie for the username

setcookie("password", $pass, $expire);                                           
# Set a cookie for the hashed password

if(isset($_SESSION['ref']))
{
header("Location:".$ref);
exit;
}
else
{
//show the regular message you had of "login successful"
echo 'Login Successful';
}

}
else {
# If no rows were found with the given information
echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

}

}
else {
# The form wasn't submitted
?>
<tr><td bgcolor="EEEEEE" align="center"><br /><font face="SerpentineDBol">
Log in to Play!!</font><br />
</td></tr>
<tr><td align="center" bgcolor="#EEEEEE">
<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
  Username:<br />
  <input name="username" type="text" id="username">
  <br />
  Password:<br />
  <input name="password" type="password" id="password">
  <br />
  <input name="Login" type="submit" id="Login" value="Login">
</form>
</td></tr>
</table>
<?
}

}
else {
# They're already logged in
echo 'You are already logged in!';

}
?> [/code]

Any idea where I've gone wrong ?

[Orio]

Oh, I assumed you were using sessions, not cookies :P
Can you add (at the very top of [b]config.php[/b] the harmless line "session_start();" ?

Orio.

[sws]

YESSSSS !!!!

Thanks Orio !!