Header() can you send a value with it?

[dj-kenpo]

hi, so I'm a little lost.

in my security script when someone is NOT logged in, I use: header('Location: index.php');

 

thing is, I would liek to keep track of what page they were ON so once they log in it takes them BACK.

 

ie, user goes to example.com/photos.php gets redirected to login, then after that gets taken BACK to photos.

 

I tried detecting the previous page with both getenv ("HTTP_REFERER"); and  $_SERVER['SCRIPT_URI'];

 

which as I discovered don't work with a header.

so is there any other way to detect the previous page, or send it via a post or variable when using header()?

 

thanks

[MadTechie]

using ("HTTP_REFERER") will work but not in the index.php as the header is like the user manually entered the address, so i would say store ("HTTP_REFERER") in a session (from the files they tried to access and not the index.php)

 

hope that helps

[utexas_pjm]

The problem with HTTP_REFERER is that is specified by the client (read browser).  The client can really send in whatever it wants as the referer, or omit it all together.  I would suggest taking an approach more like this:

 

<?php
  session_start();
  // push the currently requested page into the session array so we can get at it later.
  $_SESSION['post_login_redirect'] = $_SERVER['PHP_SELF'];
  if(!$_SESSION['logged_in']){
    // redirect to login page
    header('location: login.php');
  }
?>

 

Then in your login script...

 

<?php
// ...
if($successfulLogin){
  if(isset($_SESSION['post_login_redirect']))
    header('location: ' . $_SESSION['post_login_Redirect');
}
?>

 

Best,

 

Patrick