I'm trying to pass the URL of a page to a session variable, so i can use it in a login plugin.
The login plugin only refers to the profile page, but it won't refer to the previous page the user was on. I've tried using wp_get_referer(); in the login plugin itself, but because the login form sends it to a different page, the previous page according to wordpress is the login page.
In order to do this i first of all put the following in my functions.php:
add_action('init', 'myStartSession', 1);
function myStartSession() {
if(!session_id()) {
session_start();
}
}
In my header.php, I check if the user is on the login (profiel) page or not. If he isn't, the current URL should be placed in a session variable. If he is, the session variable shouldn't change. To do this, i use the following code, right below the start of <body>:
<?php
if (!is_page('profiel')) {
$_SESSION["refurl"] = $_SERVER['HTTP_REFERER'];
}
?>
However, this only seems to work sometimes. On the 'profiel' page, where the login form is, I added <?php echo 'session' .$_SESSION["refurl"]; ?> to check wether or not the previous URL has been saved to the session variable. The problem is that a lot of the times it refers to my home url, instead of the page previously visited. What am i doing wrong?
Related
So I'm hosting my website (let's call is abc.com) on goDaddy.
I have a login page (abc.com/login.html).
Which takes me to a second page called booking (abc.com/booking.html) once the login credentials are verified.
So I don't want people to be able to just type abc.com/booking.html and access it. I want them to go to abc.com/login.html and then go to abc.com/booking.html
So I came across 2 ways to fix this -
Include a validating php script in booking.html and changing the extension from html to phtml. -> This didn't work for me
Include a .htacess file. -> I'm not really sure how to do that
so your login screen should already have session code implemented into it that has a variable that specifies if the user is logged in or not. If you don't have that implemented yet, the code would look similar to:
<?php session_start();//at the very top of the page
?>
//... your own code
//if the user successfully logs in then:
$_SESSION['authenticated']=true;
Then on the booking.php page (it should be php to allow php scripts which is super important for validating if a user is logged in), you would then check if the user did log in. If he did, the rest of the page loads, if he didn't, you would redirect them to login.php:
at the very top of booking.php:
<?php session_start();
if (!isset($_SESSION['authenticated']))
{
//if the value was not set, you redirect the user to your login page
header('Location https://www.example.com/login.php');
exit;
}
else
{
//if the user did login, then you load the page normally
}
Use $_SESSION or
Pass a variable from login.php to booking.php. And then authenticate every user based on the variable passed using the $_POST method.
eg.
if (!isset($_POST['auth'])) {
// redirect user back to login page
} else {
// successful login
}
You can do it like
rename extensions of all pages where you want this authentification
e.g.
login.html >> login.php
booking.html >> booking.php
booking-suceess.html >> booking-success.php
create one script namely auth.php with following code
<?php
session_start();
if(!isset($_SESSION['username'])){
header("location:login.php");
}
?>
In login.php add session
$_SESSION['username'] = $_POST['username'];
Now you can add auth.php in any php page where you want login compulsory as follow :
include ('auth.php');
I am currently trying to setup a login script. I am trying to get it so when people use the login.php page it takes them back to the page they were viewing before they logged into the login.php page.
For example if they were on testpage1.php then went to login.php logged in it would redirect them to testpage1.php.
So far I have followed some tutorials on SESSIONS with the following.
session_start();
$_SESSION['url'] = $_SERVER['REQUEST_URI'];
and on the login page I have
if(isset($_SESSION['url'])) {
$url = $_SESSION['url']; // holds url for last page visited.
$page->body ("$url");
}
I printed out the $url just to see the full redirect and I notice that it will only ever take it back to the login.php page rather than testpage1.php.
I know I could set a header and just forward the user to index.php or something similar but I think that would break the flow of working on the site.
Is there a way to get the redirect to go to the page before what would be captured using REQUEST_URI?
You need to put session_start(); before using $_SESSION on any page where you use it.
I have created a facebook login using the tutorial from http://www.9lessons.info/2011/02/login-with-facebook-and-twitter.html. But the problem is after logging in the user will be redirected to the index.php page. How can i redirect him to the page from which he has clicked the login.
I tried saving the previous url to session. But i don't know why, its not working. It worked for normal login, but not for facebook. I also tried saving the previous url to cookie. It also didn't work. Url is saving, But after logging in session url/cookie url is lost. Can someone pls tell me an alternative method???
Example to store the current page
Do on all but your login page before redirect:
session_start();
$_SESSION['lastpage'] = $_SERVER['HTTP_REFERER'];
On all other pages :
session_start();
if(isset($_SESSION['lastpage'])) {
$lastpage = $_SESSION['lastpage'];
$_SESSION['lastpage'] = false;
unset($_SESSION['lastpage']);
header("location: " . $lastpage);
}
Something like that should work. Make sure to santize the $_SESSION variable, and also validate the last URL was from your site (or supported site) before setting the session var.
I am trying to redirect users to the page they were viewing before attempting to login. For example, if they were looking at baseurl/people/abraham_lincoln and then decided to log in, after they login they would be redirected to baseurl/people/abraham_lincoln. The weird thing is that it is working for some URLs and not others. For some URLs, I am getting "javascript/jsFunctions.js" appended as the URL instead of the URL they were previously on.
At the top of every controller, I set a session variable to do my redirect:
$this->session->set_userdata('Redirect', current_url());
I am printing this session variable to the top of my controller and at the top of my log in view for testing purposes. Here are a few results I am receiving when I go to my login.
An example of a URL that's working:
URL I attempt to log in from:
baseURL/people
What gets printed at the top of my controller as my Redirect session variable:
baseURL/people
What gets printed at the top of my log in view as my Redirect session variable:
baseURL/people
An example of a URL that's not working:
URL I attempt to log in from:
baseURL/people/abraham_lincoln
What gets printed at the top of my controller as my Redirect session variable:
baseURL/people/abraham_lincoln
What gets printed at the top of my log in view as my Redirect session variable:
baseURL/people/javascript/jsFunctions.js
I'm not sure if it matters, but I am also routing some of these URLs from the routes.php file:
$route['people/(:any)'] = "people/index/$1";
$route['people/(:any)/(:num)'] = "people/index/$1/$2";
I have tried to build my session variable many different ways, including:
current_url()
base_url().uri_string()
base_url().$this->uri->segment(1)....
base_url().$this->uri->rsegment(1)....
If anyone can think of why I'm getting those javascript variables instead of the URL I'm looking for I would appreciate any input.
Thanks!
P.S. I forgot to mention that if I refresh a page that isn't working, for example the abraham_lincoln page, and then go to login, I receive the correct Redirect session variable. Almost like it isn't getting set correctly the first time through, but don't know how I can solve this since I have tried setting the session variable both at the very top and right before the views are loaded.
the use case should only apply to the login process. thus putting this on the top of every controller would probably not what we want.
instead of putting current_url in session at the start, you should append it to the login link
<?php echo anchor('/home/login/' . url_encode(current_url()), 'login');?>
in the login function
<?php
public function login($redirecturl) {
$this->form_validation->set_rules('username', 'Username', 'required');
// etc.
if($this->form_validation->run()) {
$query = "select id from users where username=? and password=sha(?)";
// etc.
$this->session->set_userdata('userid', $row->id);
redirect($redirecturl);
} else {
$data['redirecturl']=$redirecturl;
$data['content']='loginview';
$this->load->view('template', $data);
}
}
?>
In the login view
<?php
echo form_open('/home/login/' . url_encode($redirecturl));
// etc.
?>
I am trying to set all of my pages to forward to the login screen if the user is not logged in using session data, however it is not working. When a user clicks the links it just continues to the new link as opposed to being forwarded to the login page. I know the session data is cleared so that is not the issue.
Here's the relevant Code:
Page Headers:
<?php
session_start();
if(!isset($_SESSION['answer']))
{
header('Location: /?login');
exit;
}?>
Login Session Declaration:
$answer = mssql_fetch_array($res);
$_SESSION['answer']=$answer[0];
Logout:
<?php
session_start();
session_destroy();
if(!isset($_SESSION['answer']))
{
header('Location: /?login');
exit;
}
?>
session_destroy doesn't unset any global variables.
If you need to redirect unconditionally right after session destroy - just remove isset, you don't need it.
In response on how to do this on every other page:
I use a required at the beginning of every secured php page on my site. I call it "auth.php". If the user is not logged in(check via session variable), the auth.php re-directs them to the login page.
If you have a header, this is a great place to put it (if it's only included in the secured section, which mine is).
My logout page destroys the session and sends them to the login page.