jonahpup Posted May 2, 2007 Share Posted May 2, 2007 Ok... after getting some really good help on here yesterday, I decided I would ask for a bit more help... I have a 3 page (index.php, login.php, and logout.php) user login script which connects to my user database to check username and password for user logging in. if you have a look at www.350finale.co.nz/test and use the username: test and password: test you will see how it all works... What I want to know is, if I directly type in www.350finale.co.nz/test/page2.php it will redirect me to the login page (unless I am already logged in), which is what I want, however, once I have logged in, I want it to take me back to page2.php not index.php like it currently is. How do I do this??? I will include the code for my index.php page, and login.php (logout.php is as I want it). index.php <?php // Connects to your Database mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { ?> <html> <head> <link rel="stylesheet" href="styles/main.css" type="text/css" /> </head> <body> <div id="main"> <h1>Welcome</h1> <div style="border: 1px dashed black; padding: 1.5em"> <h3>You are now logged in</h3> <p>Click on a link below!</p> <a href="logout.php">Logout</a><br /><br /> <a href="page2.php">Next Page</a> </div> </div> </body> </html> <? } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } ?> login.php <?php // Connects to your Database mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: index.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { ?> <html> <head> <link rel="stylesheet" href="styles/main.css" type="text/css" /> </head> <body> <div id="main"> <div style="border: 1px dashed black; padding: 1.5em"> <? die('Incorrect password, click the BACK button and please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: index.php"); } } } else { // if they are not logged in ?> <html> <head> <link rel="stylesheet" href="styles/main.css" type="text/css" /> </head> <body> <div id="main"> <div style="border: 1px dashed black; padding: 1.5em"> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> </div> </div> </body> </html> page2.php <?php // Connects to your Database mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { ?> <html> <head> <link rel="stylesheet" href="styles/main.css" type="text/css" /> </head> <body> <div id="main"> <h1>Page 2</h1> <div style="border: 1px dashed black; padding: 1.5em"> <h3>You are now logged in and can view content on Page 2</h3> <a href="logout.php">Logout</a><br /> </div> </div> </body> </html> <? } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } ?> If anyone can help me, that would be awesome! Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/ Share on other sites More sharing options...
john010117 Posted May 2, 2007 Share Posted May 2, 2007 You could do an if/else statement. Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243867 Share on other sites More sharing options...
jonahpup Posted May 3, 2007 Author Share Posted May 3, 2007 You could do an if/else statement. *looks embarrassed and confused* How?? sorry I am new to php and get messed up with the syntax... Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243873 Share on other sites More sharing options...
trq Posted May 3, 2007 Share Posted May 3, 2007 In login.php, change this.... //then redirect them to the members area header("Location: index.php"); to.... //then redirect them to the members area header("Location: index2.php"); Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243885 Share on other sites More sharing options...
jonahpup Posted May 3, 2007 Author Share Posted May 3, 2007 In login.php, change this.... //then redirect them to the members area header("Location: index.php"); to.... //then redirect them to the members area header("Location: index2.php"); I tried that... but it will then redirect to index2.php when logged in, no matter what page they have come from... I need it so that whatever page a user comes from, once the user is successfully logged in, I want them to be returned to the page they came from... ??? Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243890 Share on other sites More sharing options...
trq Posted May 3, 2007 Share Posted May 3, 2007 Well, thats different. The most reliable way is to send the previous page through a url variable. Can we see the code within index2.php that redirects a user to login.php if they are not logged in? Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243893 Share on other sites More sharing options...
jonahpup Posted May 3, 2007 Author Share Posted May 3, 2007 <?php // Connects to your Database mysql_connect("localhost", "username", "password") or die(mysql_error()); mysql_select_db("database") or die(mysql_error()); //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: login.php"); } //otherwise they are shown the admin area else { ?> <html> <head> <link rel="stylesheet" href="styles/main.css" type="text/css" /> </head> <body> <div id="main"> <h1>Page 2</h1> <div style="border: 1px dashed black; padding: 1.5em"> <h3>You are now logged in and can view content on Page 2</h3> <a href="logout.php">Logout</a><br /> </div> </div> </body> </html> <? } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: login.php"); } ?> Here is the code! Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243895 Share on other sites More sharing options...
corbin Posted May 3, 2007 Share Posted May 3, 2007 edit: 2 people have posted, and I think they answered your question, but I already typed this so might as well post it ;p My personal favorite way to do that is to do something like: if($_SESSION['username']) { //assuming when users login you set the username key of the session array to their username //display normal content or what ever you want logged in people to see } else { include("login form file"); } Note: with the session if thing, you could easily use a cookie check or anything else there instead. Then your login file would contain the login form (with the action set to "" or $_SERVER['PHP_SELF']) and the logic necessary to process it. That way the page would include the login field instead of redirecting to it, and it would show the correct page if the $_SESSION['username'] or what ever value was when the login form was submitted (assuming the password and user were correct ;p). I hope that made sense.... Anyway, working with your existing code, the easiest thing to do would be either check the referrer via $_SERVER['HTTP_REFERER']. You would have to pass this as a hidden field in the form, since the referrer would end up being login.php if you evaluated it after you submitted the form. You would definitely want to check the referrer and make sure it's from your site, and so on before you redirected. Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-243898 Share on other sites More sharing options...
dj-kenpo Posted May 3, 2007 Share Posted May 3, 2007 $ref = $_SERVER['HTTP_REFERER']; if(preg_match('/^(www\.example¦example)\.com/', $ref) ){ //do matched stuff } else{ //do unmatched stuff } assuming your site is example.com then you can check the http refer. if it came from your domain, use it, else ignore, and pass it as they said as a hidden form variable. Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-244025 Share on other sites More sharing options...
dj-kenpo Posted May 3, 2007 Share Posted May 3, 2007 http refer is acctually the incorrect way to do it now that I looked furthur, as the $server command is limited on many shared hosts (ie, on my dreamhost accoutn it works on one server, not the other...) also, it relies on the clients browser, so it's hit and miss, many browsers don't report it due to security. it's much better to use sessions to supply the previous page url I'll let someone else do the example code for that one tho... Quote Link to comment https://forums.phpfreaks.com/topic/49731-user-login-required-to-access-pages/#findComment-244074 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.