dj-kenpo Posted May 7, 2007 Share Posted May 7, 2007 hi, so I'm a little lost. in my security script when someone is NOT logged in, I use: header('Location: index.php'); thing is, I would liek to keep track of what page they were ON so once they log in it takes them BACK. ie, user goes to example.com/photos.php gets redirected to login, then after that gets taken BACK to photos. I tried detecting the previous page with both getenv ("HTTP_REFERER"); and $_SERVER['SCRIPT_URI']; which as I discovered don't work with a header. so is there any other way to detect the previous page, or send it via a post or variable when using header()? thanks Quote Link to comment Share on other sites More sharing options...
MadTechie Posted May 7, 2007 Share Posted May 7, 2007 using ("HTTP_REFERER") will work but not in the index.php as the header is like the user manually entered the address, so i would say store ("HTTP_REFERER") in a session (from the files they tried to access and not the index.php) hope that helps Quote Link to comment Share on other sites More sharing options...
utexas_pjm Posted May 8, 2007 Share Posted May 8, 2007 The problem with HTTP_REFERER is that is specified by the client (read browser). The client can really send in whatever it wants as the referer, or omit it all together. I would suggest taking an approach more like this: <?php session_start(); // push the currently requested page into the session array so we can get at it later. $_SESSION['post_login_redirect'] = $_SERVER['PHP_SELF']; if(!$_SESSION['logged_in']){ // redirect to login page header('location: login.php'); } ?> Then in your login script... <?php // ... if($successfulLogin){ if(isset($_SESSION['post_login_redirect'])) header('location: ' . $_SESSION['post_login_Redirect'); } ?> Best, Patrick Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.