php - How do I redirect to referring page/url after successful login?

170

I'm aware that this topic has been covered before here on Stack, and I have looked at some answers, but I'm still a bit stuck, being fairly new to PHP. Every page on my website requires a login, and so users are redirected to a login page on page load. At the top of each page then I have:

<?
require("log.php");
include_once("config.php"); 
include_once("functions.php"); 
?>

This redirects the user to log.php (with new code added):

<?
session_name("MyLogin");
session_start();

    if(isset($_SESSION['url'])) 
       $url = $_SESSION['url']; // holds url for last page visited.
    else 
       $url = "index.php"; // default page for

if($_GET['action'] == "login") {
$conn = mysql_connect("localhost","",""); // your MySQL connection data
$db = mysql_select_db(""); //put your database name in here 
$name = $_POST['user'];
$q_user = mysql_query("SELECT * FROM users WHERE login='$name'");

if (!$q_user) {
    die(mysql_error());
}

if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM users WHERE login='$name'");
$data = mysql_fetch_array($query);
if($_POST['pwd'] == $data['password']) { 
$_SESSION["name"] = $name;
header("Location: http://monthlymixup.com/$url"); // success page. put the URL you want 
exit;
} else {
header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
exit;
}
} else {
header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
exit;
}
}

// if the session is not registered
if(session_is_registered("name") == false) {
header("Location: login.php");
}

?>

The login form is contained in login.php. The code for login.pho relevant to the PHP/log.php is:

<?
session_start();

if($_GET['login'] == "failed") {
print $_GET['cause'];
}
?>

and

<form name="login_form" id="form" method="post" action="log.php?action=login">

The answer that I came across stated that I should add:

session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI'];

to the top of each page, which I did, at the top of the page (above "require("log.php");"), and then add:

if(isset($_SESSION['url'])) 
   $url = $_SESSION['url']; // holds url for last page visited.
else 
   $url = "index.php"; // default page for

to my login page, and use the following URL for redirect on successful login:

header("Location: http://example.com/$url"); // perform correct redirect.

I am not 100% where the code which stores the referring URL should go, at the top of log.php or login.php.

I have tried adding it to both, but the login page is just looping once I have entered the username and password.

I wonder if someone could help me get this working?

Thanks,

Nick

639

Answer

Solution:

It appears that I don't have the privilege to comment on your post, so I'll do the best that I can to answer. I apologize for all of the scenarios, I'm just doing the best I can to answer on a whim.

SCENARIO 1:

If you've truly not selected a database in your code, as demonstrated here, could that potentially be your issue? Please do note, that the code below, is the code you've posted.

$db = mysql_select_db(""); //put your database name in here 

SCENARIO 2:

The code below is not something I've ever used in anything I've built, might I suggest that you try replacing that line of code with the line below it?

if(session_is_registered("name") == false) { // Current
if(isset($_SESSION['name']) == false) { // Potential Replacement

SCENARIO 3:

If you're logic for the following, exists on the login.php file as well... That could potentially be your problem. Upon visiting your site, I noticed your form appears on login.php, yet your logic is posting to log.php. I'm hoping this bit of code can help rule out that "jump", as login.php might be saving itself and overwriting the $_SESSION variable you've established

session_start(); // starts the session
$_SESSION['url'] = $_SERVER['REQUEST_URI'];

If it's too complex to take it out of the login.php file, if you even have it there, I've put together some code that you can use to create "internal" breadcrumbs, so you can go 2 pages back in your history.

    if(!isset($_SESSION['internal_breadcrumbs']))
        $_SESSION['internal_breadcrumbs'] = array();

    $_SESSION['internal_breadcrumbs'][] = $_SERVER['REQUEST_URI'];

    $max_breadcrumbs = 5;

    while(count($_SESSION['internal_breadcrumbs']) > $max_breadcrumbs)
        array_shift($_SESSION['internal_breadcrumbs']);

That will create an array with a max of $max_breadcrumbs elements, with your most recent page at the end, like the following

Array
(
    [internal_breadcrumbs] => Array
        (
            [0] => /other_page.php
            [1] => /other_page.php
            [2] => /other_page.php
            [3] => /user_page.php <-- desired page
            [4] => /login.php <-- most recent page
        )

)

So now... you can setup your url to be something more like the following...

// I'm doing - 2 to accommodate for zero indexing, to get 1 from the current page
if(isset($_SESSION['internal_breadcrumbs'])) 
    $url = $_SESSION['internal_breadcrumbs'][count($_SESSION['internal_breadcrumbs']) - 2];
else 
   $url = "index.php"; // default page for

All the best, and I certainly hope this has helped in some way.

599

Answer

Solution:

IN SCENARIO 4

From the client test the login/password which ajax XMLHttpRequest with javascript code to a dedicated script for validation (do it on mode https for secure)

If response is right send the login password to your script server.

Stips : Encoding password is better secure !

445

Answer

Solution:

Using header() function it's a bad idea.

Manual specification say ;

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

So in your case, i suggest that to use cookies with an ID generate only for the session, at the first connection its generate, and the duration of the cookie maybe for only from 2 to 10 minutes.

Regenerate cookie each time the loging.PHP is called !

Have a nice day

People are also looking for solutions to the problem: php - How to use " if(!empty($_POST[' .... '])){$.... = '-';} "?

Source

Didn't find the answer?

Our community is visited by hundreds of web development professionals every day. Ask your question and get a quick answer for free.

Ask a Question

Write quick answer

Do you know the answer to this question? Write a quick response to it. With your help, we will make our community stronger.

Similar questions

Find the answer in similar questions on our website.