$_SERVER['HTTP-REFERRER']

jonahpup · May 31, 2007

Hi,

I have a login script that is working great, except for one little bit... Once the user is logged in, I want to give them the option of returning to the page they came from... However, when the user is logged in, and they click on the return to previous page link, they are taken back to the login page they just filled in... how do I get around this??

Here is my code!

<?php
ob_start();

include("config.php"); 

$pass = md5($_POST['password']);

// connect to the mysql server 
$link = mysql_connect($server, $db_user, $db_pass) 
or die ("Could not connect to mysql because ".mysql_error()); 

// select the database
mysql_select_db($database) 
or die ("Could not select database because ".mysql_error()); 

$match = "select id from $table where username = '".$_POST['username']."' 
and password = '$pass';"; 

// Gather referrer info
$ref = $_SERVER['HTTP_REFERER'];

$qry = mysql_query($match) 
or die ("Could not match data because ".mysql_error()); 
$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) { 
echo "Sorry, there is no username or password with: <strong>".$_POST['username']."</strong><br>"; 
echo "<a href=login.html>Try again</a>"; 
exit;

} else { 

setcookie("loggedin", "".$_POST['username']."", time()+(3600));
setcookie("username", "".$_POST['username']."", time()+(3600));
echo "Welcome: <strong>".$_POST['username']."</strong><br>"; 
echo "Return to the <a href=$ref>previous</a> page."; 
}
ob_end_flush();
?>

Caesar · May 31, 2007

Store the originating/refering page in a session variable.

jonahpup · June 1, 2007

ok... sorry dont mean to sound like retard, but im pretty new to php...

how do I go about doing that???

Caesar · June 1, 2007

Somewhere on the login page, you define the session variable...

<?php

  session_start();

  $_SESSION['referer'] = $_SERVER['HTTP_REFERER'];

  //YOUR OTHER CODE HERE//

?>

Then in any other page you call that value up like so...

<?php

  session_start();

  $refurl = $_SESSION['referer'];

?>

You can also use a cookie to do this.

Of course you'll want to add functionality to check the refering url and whatnot...some cleansing and finessing of it all. But that is the basics of it.

jonahpup · June 1, 2007

thanks caesar... same thing is still happening tho...

basically what it is doing is:

I goto newpage.php

I am told that I need to login... so I click the "login" anchor which takes me to login.php

I then enter my username and password, and click Login...

I am then being taken back to login.php instead of newpage.php

I need it so that I am taken back to newpage.php (or whatever page I have come from)...

Caesar · June 1, 2007

Can you please show the code where your form is at?

jonahpup · June 1, 2007

Ok

//This is test.php the page I initially goto.  If I am logged in, I am shown the page... if not I am shown a message saying I must log in

<?php
$username = $_COOKIE['loggedin'];
if (!isset($_COOKIE['loggedin'])) die("You are not logged in, <a href=login.php>click here</a> to login.");
echo "You are logged in $username";
?>

<html>
<head>
</head>
<body>
<h2>This is a test page.</h2>
<p>If you see this text, you are currently logged in.</p>
<p><a href="logout.php">Click here to log out</a></p>
</body>
</html>

// This is login.php - the page users are sent to to enter their login details.

// Once username and password has been checked and is correct, I want the user to be able to go back to the page they came from... in this case test.php

<?php

session_start();
$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
$ref = $_SESSION['referer'];

ob_start();

include("config.php"); 

$pass = md5($_POST['password']);

// connect to the mysql server 
$link = mysql_connect($server, $db_user, $db_pass) 
or die ("Could not connect to mysql because ".mysql_error()); 

// select the database
mysql_select_db($database) 
or die ("Could not select database because ".mysql_error()); 

$match = "select id from $table where username = '".$_POST['username']."' 
and password = '$pass';"; 

$qry = mysql_query($match) 
or die ("Could not match data because ".mysql_error()); 
$num_rows = mysql_num_rows($qry); 

if ($num_rows <= 0) { 
echo "Sorry, there is no username or password with: <strong>".$_POST['username']."</strong><br>"; 
echo "<a href=login.html>Try again</a>"; 
exit;

} else { 

setcookie("loggedin", "".$_POST['username']."", time()+(3600));
setcookie("username", "".$_POST['username']."", time()+(3600));
echo "Welcome: <strong>".$_POST['username']."</strong><br>"; 
echo "Return to the <a href=$ref>previous</a> page."; 

}
ob_end_flush();
?>

saf · June 1, 2007

If the login form is also on the login.php page then this is what is happening:

1. You reach login.php from test.php and the HTTP_REFFERER is set to text.php

2. You fill out the form and submit it to login.php

3. This time arround the code segment is called again and HTTP_REFFERER is set to login.php, thus you are going back to login.php once the script is executed.

Solution:

Change this ->

$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
$ref = $_SESSION['referer'];

to this ->

if($_SERVER['HTTP_REFERER']!="http://yoursite.com/login.php"){
    $_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
    $ref = $_SESSION['referer'];
}

Sign In

$_SERVER['HTTP-REFERRER']

Recommended Posts

jonahpup

Link to comment

Share on other sites

Caesar

Link to comment

Share on other sites

jonahpup

Link to comment

Share on other sites

Caesar

Link to comment

Share on other sites

jonahpup

Link to comment

Share on other sites

Caesar

Link to comment

Share on other sites

jonahpup

Link to comment

Share on other sites

saf

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information