Log in redirect probs and ideas

[jonnyw6969]

Hi,

Im building a site and which has a members login at the top of each page. You can log in from any page but once your logged in it always directs you to the home page. Is there any way of sending the user back to the page they where on before they logged in?

 

Thanks

Jon

[uniflare]

there are a number of ways, the easiest i believe would be using sessions, on each page set $_SESSION['currentpage'] = $_SERVER['REQUEST_URI']; (dont set it on login page obviously), then the last page they were on before logging it would be stored in that variable.

 

 

another way would be to add a query string login.php?lastpage=pageid, then carry pageid through the login procedure and redirect when logged in.

 

you could use cookies as well the same way you would use sessions but i believe sessions is more efficient.

 

 

hope this helps,

[jonnyw6969]

Hi,

 

Used sessions as you said and it worked perfectly.

Did think about that method but wasnt sure.

 

Many many thanks

Jon

[ToonMariner]

I would set a hidden input in your form called something like refpage="xxx" set the value of this to the current url...

 

on login success redirect to the refpage.

 

Now some may bemoan the idea of this as a security flaw - make sure that the refpage does NOT point to a different site in your processing file.

 

You could also use $_SERVER['HTTP_REFERER'] BUT this is not set in the headers on all browsers...

 

Like I said its not an essential feature so don't go over board - the easiest to implement is actually just to check the $_SERVER['HTTP_REFERER'] alue and redirect there...

[cooldude832]

simplier solution is to have all your logins redirect to $_SERVER['PHP_SELF'];

and have in your heading

if($_POST['login'] == "yes"){

$login = login();

//Verify Login

}

 

 

it runs on every page pre any output being sent so you can do all your db querying up there and spit out errors/success before any output

no need to redirect at all

<?php
function login(){
  //Open SQL connection
   $username = mysql_real_escape_string($_POST['username']);
   $password=  md5(mysql_real_escape_string($_POST['password']));
   $q = "Select Username, UserID from `users` where Username = '".$username."' and Password = '".$password."'";
   $r  = mysql_query($q) or die(mysql_error());
   if(mysql_num_rows($r) >0){
       $return = mysql_fetch_assoc($r);
    }
    else{
         $return = FALSE;
    }
    return $return;
}

if($_POST['login'] == "yes"){
$login = login();
if($_SESSION['Logged_in'] != "yes" && $login){
     #Store user data
}
else{
   #display login errror
}
}
#continue page stuff

[cordoprod]

If you use the header() function, place ob_start(); at the top of the page and ob_end_flush(); at the bottom page.

[cooldude832]

If you use the header() function, place ob_start(); at the top of the page and ob_end_flush(); at the bottom page.

 

 

why?

 

you can do headers without buffering

[uniflare]

i believe he said that so that he could use headers even if the script had outputted to browser.

 

ie php/html incline scripts would pose a problem if for instance you had a conditional redirect in the middle of the script. of course this is not good practice as checks like this should be performed before any output as quite obviously you dont need to output to a page the user wont ever see.

 

,