I know that I can redirect to a website by using:
<?php header('Location: http://site/'); ?>
but how can I make it redirect to a variable value and make the redirect URI look like:
http://myURL.com/redirect.php?variable=http://redirect.com
Thanks!
Your page that asks a user for the URL:
<form action="redirect.php" method="GET">
<input type="text" name="url" />
<input type="submit" />
</form>
redirect.php
<?php
if(isset($_GET['url'])){
header("Location: http://" . $_GET['url'] . "");
exit();
}
?>
What this does
When a user submits a form on your index page (or wherever you dropped the <form> code they are redirected to http://yoursite/redirect.php and the variable url is appended to the URL as such: http://yoursite/redirect.php?url=THEURL where "THEURL" in this example is the URL that the user typed in on the form.
Please note, this is nowhere near secure enough, not does it do any validation (which you should absolutely do).
Related
I would like to detect how a user accesses a page with php. For example, if I have this form on an html page:
<form action="php/file.php" method="post">
<input type="text" name="text">
<input type="submit">
</form>
and I send it to file.php:
<?php
echo $_POST["text"];
?>
It should work as normal, but if I went to file.php directly, (something like example.com/php/file.php) I would like it to display something like the 404 error page.
Is there any way to do this? Thanks!
In your case, you can check if $_POST["text"] is set, if not means the page is being accessed directed (by GET) or the text field is not being sent (by POST).
if (!isset($_POST['text']) {
header('Location: 404.php'); //redirect to 404 page
return false;
}
Note: this code should be added before write/print any other character so that redirect can work
I have entered the following code to prevent CSRF but issuing and checking tokens.
The top section goes on the login.php, the second part goes on the landing page. The issuing of the token works, and when I print $_SESSION['token']on the landing page they match up. However, when i substitute the other code in, its says that they don't match and shows 'expired'.
<?php
session_start();
$_SESSION['token'] = $token;
$_SESSION['token'] = uniqid(md5(microtime()), true);
print $_SESSION['token'];
?>
<html>
<head>
<title>My first PHP website</title>
</head>
<body>
<h2>Please login here to see your tour</h2>
<form action= "checklogin.php" method="post">
Enter Username: <input type="text" name="username" required="required"/> <br/>
Enter Password: <input type="password" name="password" required="required" /> <br/>
<input type="hidden" name="token" value="<?php echo $_SESSION['token'] ?>" />
<input type="submit" value= "login" />
</form>
</body>
<?php
session_start();
print $_SESSION['token'];
session_start();
if ($_POST['token'] !== $_SESSION['token']) {
die('expired');
}
?>
Following our discussion in the comments of your question I'm posting this answer so the information is summarized.
Your code is basically correct but the issue you're having is because after the redirect to the user's unique landing page you no longer can access the data in $_POST you originally have in your checklogin.php, i.e. after submitting the login form.
So in your checklogin.php script you have among others these options:
Include the token in the URL you're redirecting to and then check the $_SESSION['token'] against $_GET['token'].
Set a flag in the $_SESSION indicating that the use has been allowed access to the system. Something like $_SESSION['loggedIn'] = true; (that's what I would recommend)
NOTE: Here you are facing another issue: you have to think about restricting access of each user to only their own page. Imagine that if a user somehow knows the URL of another user's home page they could easily edit the URL and reach it. My recommendation is to save the user's id in the $_SESSION and then at the top of each user's home page to check whether the currently logged in user is allowed to open the said page.
I hope that makes it more clear!
The form action is login.php so when a user logs in the POST data is submitted to the login.php page. Your question does not explain how the user then gets directed to their landing page.
One option would be to try the following.
Replace:
<form action="login.php" method="post">
With:
<form action="landingpage.php" method="post">
That way on your landing page you will be able to get the value of
$_POST['token']
I am having an issue on how to make it where users who are viewing any page can log in on the page they are viewing and it stays on that page. How would this be accomplished?
Below is a single line I am currently using, however, if on any page and a user logs in, they are redirected to their profile. How can I set this line where it logs the user in, and it stays on that same page they are viewing? So in other words, are not redirected to their profile...
PHP:
header("Location: members.php?id=" . $_SESSION['username']);
If more info is needed, let me know and I can make an edit ;)
Have the login form submit the address of the current page. Then you can simply redirect back to that address when the login succeeds, e.g.
<form>
<input type="hidden" name="curpage" value="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) ?>" />
<input type="text" name="username" />
<input type="password" name="password" />
<input type="submit" />
</form>
if ($login_is_successful) {
header("Location: {$_POST['curpage']}");
}
You could try using the referer, but since that's not sent by all browser, and is not always accurate, you're better off sing alternate "current location" tracking means, such as the above hidden form field.
When they click on the login button you can read the url and save it to a varibale and redirect them to this url.
So instead of
header("Location: members.php?id=" . $_SESSION['username']);
you can use sth. like:
header("Location: $last_page);
Try this
you can create a php file with this code and include into your code like this
session.php
<?php
session_start();
error_reporting(0);
if(isset($_SESSION["usuario"]))
{
$usuario = $_SESSION["usuario"];
else{
header('Location: members.php?id=" . $_SESSION['username']');
}
?>
index.php
<?php
include ('session.php');
?>
to avoid using same code in every page
I was trying to redirect users to the previous page after authentication. It works well with the below codes.
The file login_page.php (the page where users enter login credentials) contains the below code which stores the SOURCE URL and passes it to next page.
<input type="hidden" name="url" value=<?php echo $_SERVER['HTTP_REFERER'] ; ?> />
File do_authentication.php (page which does the authentication) has the code echo "<meta http-equiv='Refresh' content=0;url='$_POST[url]'>"; which redirects to SOURCE URL
In the normal situation it works, but in situations when user enters wrong credentials, the page is redirected to login_page.php and it asks the user to try again with correct credentials. At that time, 'url' value changes to login_page.php.
What is the correct/better logic to solve this?
I've always used the session to retain the original page when doing login. This will not work if the session isn't supported. Then I just send the user to the home page.
A Stack Overflow post discussing this is Redirect to previous page after logging in using PHP.
You should consider using session variables to store the value of the page you want to redirect to. HTTP_REFERRER is not right option.
Just try below:
<input type="hidden" name="url" value=<?php echo pathinfo(__FILE__,PATHINFO_FILENAME ).".".pathinfo(__FILE__,PATHINFO_EXTENSION); ?> />
Use:
header("location: ".$_POST['url']); // Redirects to posted page
exit; // Prevents execution of other code after this
In login_page.php, you could check if you already passed a URL; if so, pass this one instead of the HTTP_REFERER.
<?php if(isset($_POST['url']) ?>
<input type="hidden" name="url" value=<?php echo $_POST['url'] ; ?> />
<?php else ?>
<input type="hidden" name="url" value=<?php echo $_SERVER['HTTP_REFERER'] ; ?> />
Or in a more concise way
<?php $url= (isset($_POST['url'])) ? $_POST['url'] : $_SERVER['HTTP_REFERER']; ?>
<input type="hidden" name="url" value=<?php echo $url; ?> />
Suppose i am using pure php, with no javascript/jquery or ajax.
I have many pages in a website, lets say page1, page2, page3 and page4.
all of the first three pages have a link to go to page4, to log in.
In page 4 i have a form field, and above I have a php script to catch the user input and put the username in a session and after that i want to redirect to the page where the user came from, but the page is not redirecting.
Let me put the code.
<?php
ob_start();
session_start();
if(isset($_POST['username'])){
$username = $_POST['username'];
$_SESSION['username'] = $username;
if(isset($_SERVER['HTTP_REFERER'])){
$referer = $_SERVER['HTTP_REFERER'];
header('location: '.$referer);
}
}
?>
<form action="page4.php" method="POST">
Username: <input type="text" name="username" /><br/>
<input type="submit" value="Submit" />
</form>
I am starting again all page1, page2, page3 with ob_start() and session_start();
If I use a specific page into the header function then it is redirecting, no problem
for example header (location: page2.php).
I am guessing the reason is maybe as my form field and the php script are at the same page (page4)
So how to redirect dynamically? User might come from page 1 or page2 or page 3 and after log in i want them back to the specific page they came from.
In page1.php, page2.php, page3.php:
<?php
session_start();
$_SESSION['page'] = $_SERVER['PHP_SELF'];
in page4.php:
<?php
session_start();
// process form
if ($form_proccessed == true) // or whatever
{
header("Location: {$_SESSION['page']}\r\n");
exit;
}
Using $_SERVER['PHP_SELF'] you wont have to worry about updating the code if you save the file as a new file with a new name.
It can be done with an hidden input field inside the formĀ :
<input type="hidden" name="referer" value="$_SERVER[HTTP_REFERER]">