Extremely easy IF statement is not evaluating! php

Extremely easy IF statement is not evaluating! php - php

I'd like to have my website redirect to the previous page after submitting login info.
I have searched around for this problem
I have echoed the contents of $url and even did strcmp and it evaluates true (not shown here)
Problem: The ELSE statement always evaluates even though $url == mlbmain.php OR course-website.php
Any suggestions?
<?PHP
require_once("./include/membersite_config.php");
echo "</br> </br> </br> </br>";
$url = isset($_GET['return_url']) ? $_GET['return_url'] : 'login.php';
//url now == to /mlbmain.php OR /course-website.php
$url = substr($url,1);
//url now == to mlbmain.php OR course-website.php
echo $url; //Just to make sure
$url = trim($url); //trim it to make sure no whitespaces
echo "</br>";
echo $url; //Just to make sure it's still the same
if(isset($_POST['submitted']))
{
if($fgmembersite->Login())
{
if($url == "mlbmain.php"){
$fgmembersite->RedirectToURL("mlbmain.php");
}
else if($url == "course-website.php"){
$fgmembersite->RedirectToURL("course-website.php");
}
else
$fgmembersite->RedirectToURL("index.php");
}
}
?>

After you press the Submit button you are making a POST request and the return_url variable will not be available anymore which was set with a GET request. You could create a hidden input field that will store the redirect_url and submit it with the form.

Since you say
It seems to be going to index.php by default
The problem is probably either with
if(isset($_POST['submitted']))
or
if($fgmembersite->Login())
and not related to $url at all.

I guess it can not find mlbmain.php or course-website.php at the current folder, so it throws 404 not found an probably you managed this error to redirect to index.php

Related

Redirect user to previous page after log in using PHP [duplicate]

After successful login, the user should be redirected to the page he came from, let's say he's been browsing a post and wants to log in so he can leave a comment, so he should be redirected to the post he was browsing. So here is what I have:
login.php shows the login form:
<form method="post" action="login-check.php">
... //input for username and password
</form>
The login-check.php checks if the username and pass are entered, does the user exist, or if he's already logged in, and a p parameter is sent to login.php:
<?php
session_start();
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
header("Location:login.php?p=1");
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
header("Location:login.php?p=2");
exit();
}
elseif(isset($_SESSION['id_login'])) {
header("Location:login.php?p=3");
exit();
}
?>
then parameter p is sent back to login.php and displays the according message:
<?php
if(isset($_GET['p'])) {
$p = $_GET["p"];
if($p=="1")
echo "<p class=\"red\">You didn't fill the form.</p><br></br>";
if($p=="2")
echo "<p class=\"red\">User exists.</p><br></br>";
if($p=="3")
header("Location: index.php");
}
?>
BUT, instead of going to index.php after successful login, it should go to the page the user has previously been. I've tried in different ways, but it either doesn't work at all or returns to login.php.

A common way to do this is to pass the user's current page to the Login form via a $_GET variable.
For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we're going to change your script so that is also tells the login page to remember where you are:
header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
// Note: $_SERVER['REQUEST_URI'] is your current page
This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:
// login.php
echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
echo htmlspecialchars($_GET['location']);
}
echo '" />';
// Will show something like this:
// <input type="hidden" name="location" value="comment.php?articleid=17" />
// login-check.php
session_start();
// our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
$redirect = $_POST['location'];
}
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
$url = 'login.php?p=1';
// if we have a redirect URL, pass it back to login.php so we don't forget it
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location: " . $url);
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
$url = 'login.php?p=2';
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location:" . $url);
exit();
}
elseif(isset($_SESSION['id_login'])) {
// if login is successful and there is a redirect address, send the user directly there
if($redirect) {
header("Location:". $redirect);
} else {
header("Location:login.php?p=3");
}
exit();
}
Gotchas
You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... then they will be sent to a foreign URL that will try to do something bad.
Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don't break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?'s and will not work correctly)

When user gets to the login page use this to see where is come from
$_SERVER['HTTP_REFERER']
Then set this value into the session, and when he is authenticated use url from the session to redirect him back. But you should do some checking before, if the url is your site. Maybe he come from another site directly to login :)

You can save a page using php, like this:
$_SESSION['current_page'] = $_SERVER['REQUEST_URI']
And return to the page with:
header("Location: ". $_SESSION['current_page'])

You should probably place the url to redirect to in a POST variable.

Since the login page is a separate page, I am assuming that you want to redirect to the page that the user reached the login page from.
$_SERVER['REQUEST_URI'] will simply hold the current page. What you want to do is use $_SERVER['HTTP_REFERER']
So save the HTTP_REFERER in a hidden element on your form <input type="hidden" name="referer" value="<?= $_SERVER['HTTP_REFERER'] ?>" /> but keep in mind that in the PHP that processes the form you will need some logic that redirects back to the login page if login fails but also to check that the referer is actually your website, if it isn't, then redirect back to the homepage.

Another way, using SESSION
Assign current URL to session (use it on every page)
$_SESSION['rdrurl'] = $_SERVER['REQUEST_URI'];
and in your login page, use
if(isset($_SESSION['rdrurl']))
header('location: '.$_SESSION['rdrurl']);
else
header('location: http://example.com');

use something like
$_SERVER['HTTP_REFERER'];
And if it's a successful login, display a link saying "Click here to go back" and a link to the referrer, and when the page loads, use some javascript to automatically load that page (don't use back() or whatever that function is as it won't re-load the page and it'll appear like the user never logged in.

You can use session to to store the current page on which you want to return after login and that will work for other pages if you maintain session properly. It is very useful technique as you can develop your breadcrumb using it.

you can use this:
$refererpage = $_SERVER['HTTP_REFERER']; //get referer stored in a variable
if (strpos($refererpage, $_SERVER['SERVER_NAME']) == TRUE) { //if the start position of the referer and the server name is equal
$refvar= $refererpage; //create a mew variable to be used to locate header
} else { //if referer's address is not the same as server name
$refvar= "index.php"; //set the variable to another direction for this request
}
and add the header where ever u want as:
header('location: '. $refvr); //set the header location to the referer varaible

You should try something like $_SERVER['HTTP_REFERER'].

You should first get user refer page in a variable using $_SERVER['HTTP_REFERER']; in your login page.
LIKE:
<?php
session_start();
$refPage = $_SERVER['HTTP_REFERER'];
?>
And now when the user clicks to Login then change header location to user refer page
LIKE:
<?php
if(isset($_POST[login])){
session_start();
header('location:' . $refPage);
}
?>
And in this time you should first check that user refers page empty or not because your user can visit direct your login page then your $refPage variable will be empty so after Click to Login page stays here
LIKE:
<?php
if(isset($_POST[login])){
session_start();
$refPage = $_SERVER['HTTP_REFERER']; // get reffer page url
if(empty($refPage)){
header('location: yourredirectpage'); // if ref page is empty then set default redirect page.
}else{
header('location:' . $refPage); // or if ref page in not empty then redirect page to reffer page
}
}
?>
Or you can use input type hidden where you can set value $_SERVER['HTTP_REFERER'];
LIKE:
<input type="hidden" name="refPage" value="<?php echo $_SERVER['HTTP_REFERER']; ?>">
And when a user clicks to Login then you can get the refPage value and redirect the previous page. And you should also check empty refer page. Because your user can visit direct your login page.
Thank you.

I have created a function to store URL of previous page
//functions.php
function set_previous_page_url(){
$current_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
$previous_url = $_SERVER['HTTP_REFERER'];
if (!($current_url === $previous_url)){
$_SESSION['redirect_url'] = $previous_url;
}
if(isset($_SESSION['redirect_url'])){
$url = $_SESSION['redirect_url'];
return $url;
} else {
$url = "index.php";
return $url;
}
}
And call this function in login.php
// login.php
<?php
// set previous page url to redirect after login
$url = set_previous_page_url();
if(ifItIsMethod('post')){
if(isset($_POST['username']) && isset($_POST['password'])){
if (login_user($_POST['username'], $_POST['password'])) {
redirect($url);
//unset session defined in set_previous_page_url() function
if(isset($_SESSION['redirect_url'])){
unset($_SESSION['redirect_url']);
}
}
}
}
?>

Construct the form action such that it 'remembers', or persists, the previous page by writing out a returnurl=value query string key/value pair to the URL - this can be passed from any page that redirects to login.

I think you might need the $_SERVER['REQUEST_URI'];
if(isset($_SESSION['id_login'])) {
header("Location:" . $_SERVER['REQUEST_URI']);
}
That should take the url they're at and redirect them them after a successful login.

how about this :: javascript+php
echo "<script language=javascript> javascript:history.back();</script>";
it will work same as the previous button in your browser

Use hidden input in your login page.
Like:
<input name="location" value="<?php if(!empty($_SERVER['HTTP_REFERER'])) echo $_SERVER['HTTP_REFERER']; else echo 'products.php'; ?>" type="text" style="display: none;" />

You can try
echo "<SCRIPT>alert(\"Login Successful Redirecting To Previous Page \");history.go(-2)</SCRIPT>";
Or
echo "<SCRIPT>alert(\"Login Successful Redirecting To Previous Page \");history.go(-1)</SCRIPT>";

#philipobenito's answer worked best for me.
I first created a hidden input that contain the user's HTTP referer
<input type="hidden" name="referer" value="<?= $_SERVER['HTTP_REFERER'] ?>" />
and after a successful login i redirected the users to whatever value was stored in that hidden input
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
if(!empty($_POST['referer'])){
header('Location: '.$_POST['referer']);
}
else{
header('Location: members.php'); //members.php is a page used to send a user to their profile page.
}
exit;

How to continue the previous action after login [duplicate]

After successful login, the user should be redirected to the page he came from, let's say he's been browsing a post and wants to log in so he can leave a comment, so he should be redirected to the post he was browsing. So here is what I have:
login.php shows the login form:
<form method="post" action="login-check.php">
... //input for username and password
</form>
The login-check.php checks if the username and pass are entered, does the user exist, or if he's already logged in, and a p parameter is sent to login.php:
<?php
session_start();
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
header("Location:login.php?p=1");
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
header("Location:login.php?p=2");
exit();
}
elseif(isset($_SESSION['id_login'])) {
header("Location:login.php?p=3");
exit();
}
?>
then parameter p is sent back to login.php and displays the according message:
<?php
if(isset($_GET['p'])) {
$p = $_GET["p"];
if($p=="1")
echo "<p class=\"red\">You didn't fill the form.</p><br></br>";
if($p=="2")
echo "<p class=\"red\">User exists.</p><br></br>";
if($p=="3")
header("Location: index.php");
}
?>
BUT, instead of going to index.php after successful login, it should go to the page the user has previously been. I've tried in different ways, but it either doesn't work at all or returns to login.php.

A common way to do this is to pass the user's current page to the Login form via a $_GET variable.
For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we're going to change your script so that is also tells the login page to remember where you are:
header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
// Note: $_SERVER['REQUEST_URI'] is your current page
This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:
// login.php
echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
echo htmlspecialchars($_GET['location']);
}
echo '" />';
// Will show something like this:
// <input type="hidden" name="location" value="comment.php?articleid=17" />
// login-check.php
session_start();
// our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
$redirect = $_POST['location'];
}
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
$url = 'login.php?p=1';
// if we have a redirect URL, pass it back to login.php so we don't forget it
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location: " . $url);
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
$url = 'login.php?p=2';
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location:" . $url);
exit();
}
elseif(isset($_SESSION['id_login'])) {
// if login is successful and there is a redirect address, send the user directly there
if($redirect) {
header("Location:". $redirect);
} else {
header("Location:login.php?p=3");
}
exit();
}
Gotchas
You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... then they will be sent to a foreign URL that will try to do something bad.
Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don't break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?'s and will not work correctly)

When user gets to the login page use this to see where is come from
$_SERVER['HTTP_REFERER']
Then set this value into the session, and when he is authenticated use url from the session to redirect him back. But you should do some checking before, if the url is your site. Maybe he come from another site directly to login :)

You can save a page using php, like this:
$_SESSION['current_page'] = $_SERVER['REQUEST_URI']
And return to the page with:
header("Location: ". $_SESSION['current_page'])

You should probably place the url to redirect to in a POST variable.

Since the login page is a separate page, I am assuming that you want to redirect to the page that the user reached the login page from.
$_SERVER['REQUEST_URI'] will simply hold the current page. What you want to do is use $_SERVER['HTTP_REFERER']
So save the HTTP_REFERER in a hidden element on your form <input type="hidden" name="referer" value="<?= $_SERVER['HTTP_REFERER'] ?>" /> but keep in mind that in the PHP that processes the form you will need some logic that redirects back to the login page if login fails but also to check that the referer is actually your website, if it isn't, then redirect back to the homepage.

Another way, using SESSION
Assign current URL to session (use it on every page)
$_SESSION['rdrurl'] = $_SERVER['REQUEST_URI'];
and in your login page, use
if(isset($_SESSION['rdrurl']))
header('location: '.$_SESSION['rdrurl']);
else
header('location: http://example.com');

use something like
$_SERVER['HTTP_REFERER'];
And if it's a successful login, display a link saying "Click here to go back" and a link to the referrer, and when the page loads, use some javascript to automatically load that page (don't use back() or whatever that function is as it won't re-load the page and it'll appear like the user never logged in.

You can use session to to store the current page on which you want to return after login and that will work for other pages if you maintain session properly. It is very useful technique as you can develop your breadcrumb using it.

you can use this:
$refererpage = $_SERVER['HTTP_REFERER']; //get referer stored in a variable
if (strpos($refererpage, $_SERVER['SERVER_NAME']) == TRUE) { //if the start position of the referer and the server name is equal
$refvar= $refererpage; //create a mew variable to be used to locate header
} else { //if referer's address is not the same as server name
$refvar= "index.php"; //set the variable to another direction for this request
}
and add the header where ever u want as:
header('location: '. $refvr); //set the header location to the referer varaible

You should try something like $_SERVER['HTTP_REFERER'].

You should first get user refer page in a variable using $_SERVER['HTTP_REFERER']; in your login page.
LIKE:
<?php
session_start();
$refPage = $_SERVER['HTTP_REFERER'];
?>
And now when the user clicks to Login then change header location to user refer page
LIKE:
<?php
if(isset($_POST[login])){
session_start();
header('location:' . $refPage);
}
?>
And in this time you should first check that user refers page empty or not because your user can visit direct your login page then your $refPage variable will be empty so after Click to Login page stays here
LIKE:
<?php
if(isset($_POST[login])){
session_start();
$refPage = $_SERVER['HTTP_REFERER']; // get reffer page url
if(empty($refPage)){
header('location: yourredirectpage'); // if ref page is empty then set default redirect page.
}else{
header('location:' . $refPage); // or if ref page in not empty then redirect page to reffer page
}
}
?>
Or you can use input type hidden where you can set value $_SERVER['HTTP_REFERER'];
LIKE:
<input type="hidden" name="refPage" value="<?php echo $_SERVER['HTTP_REFERER']; ?>">
And when a user clicks to Login then you can get the refPage value and redirect the previous page. And you should also check empty refer page. Because your user can visit direct your login page.
Thank you.

I have created a function to store URL of previous page
//functions.php
function set_previous_page_url(){
$current_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
$previous_url = $_SERVER['HTTP_REFERER'];
if (!($current_url === $previous_url)){
$_SESSION['redirect_url'] = $previous_url;
}
if(isset($_SESSION['redirect_url'])){
$url = $_SESSION['redirect_url'];
return $url;
} else {
$url = "index.php";
return $url;
}
}
And call this function in login.php
// login.php
<?php
// set previous page url to redirect after login
$url = set_previous_page_url();
if(ifItIsMethod('post')){
if(isset($_POST['username']) && isset($_POST['password'])){
if (login_user($_POST['username'], $_POST['password'])) {
redirect($url);
//unset session defined in set_previous_page_url() function
if(isset($_SESSION['redirect_url'])){
unset($_SESSION['redirect_url']);
}
}
}
}
?>

Construct the form action such that it 'remembers', or persists, the previous page by writing out a returnurl=value query string key/value pair to the URL - this can be passed from any page that redirects to login.

I think you might need the $_SERVER['REQUEST_URI'];
if(isset($_SESSION['id_login'])) {
header("Location:" . $_SERVER['REQUEST_URI']);
}
That should take the url they're at and redirect them them after a successful login.

how about this :: javascript+php
echo "<script language=javascript> javascript:history.back();</script>";
it will work same as the previous button in your browser

Use hidden input in your login page.
Like:
<input name="location" value="<?php if(!empty($_SERVER['HTTP_REFERER'])) echo $_SERVER['HTTP_REFERER']; else echo 'products.php'; ?>" type="text" style="display: none;" />

You can try
echo "<SCRIPT>alert(\"Login Successful Redirecting To Previous Page \");history.go(-2)</SCRIPT>";
Or
echo "<SCRIPT>alert(\"Login Successful Redirecting To Previous Page \");history.go(-1)</SCRIPT>";

#philipobenito's answer worked best for me.
I first created a hidden input that contain the user's HTTP referer
<input type="hidden" name="referer" value="<?= $_SERVER['HTTP_REFERER'] ?>" />
and after a successful login i redirected the users to whatever value was stored in that hidden input
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
if(!empty($_POST['referer'])){
header('Location: '.$_POST['referer']);
}
else{
header('Location: members.php'); //members.php is a page used to send a user to their profile page.
}
exit;

How to include 2 checks in a if statement

Basically I am coding a script where it simply redirects the user to the destination page. And I want to be able to check if multiple websites are not equal to the value; if this is so, it will run a error, else it will proceed.
I can't seem to get this to work though, although I am sure there's a way to check multiple values.
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co", "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>

You can make an array of items to check for and then check if the url is in the array:
if (!in_array($url, array("***.co", "***.net")))
{
}
You can also use multiple conditions like #wrigby showed, but the solution using an array makes it easier to add more (or a dynamic number of) urls. But if there are always two, his is better.

You'll need two complete conditionals, connected with a logical and (&&) operator:
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co" && $url != "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>

Redirecting to previous page after login?

After successful login, the user should be redirected to the page he came from, let's say he's been browsing a post and wants to log in so he can leave a comment, so he should be redirected to the post he was browsing. So here is what I have:
login.php shows the login form:
<form method="post" action="login-check.php">
... //input for username and password
</form>
The login-check.php checks if the username and pass are entered, does the user exist, or if he's already logged in, and a p parameter is sent to login.php:
<?php
session_start();
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
header("Location:login.php?p=1");
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
header("Location:login.php?p=2");
exit();
}
elseif(isset($_SESSION['id_login'])) {
header("Location:login.php?p=3");
exit();
}
?>
then parameter p is sent back to login.php and displays the according message:
<?php
if(isset($_GET['p'])) {
$p = $_GET["p"];
if($p=="1")
echo "<p class=\"red\">You didn't fill the form.</p><br></br>";
if($p=="2")
echo "<p class=\"red\">User exists.</p><br></br>";
if($p=="3")
header("Location: index.php");
}
?>
BUT, instead of going to index.php after successful login, it should go to the page the user has previously been. I've tried in different ways, but it either doesn't work at all or returns to login.php.

A common way to do this is to pass the user's current page to the Login form via a $_GET variable.
For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we're going to change your script so that is also tells the login page to remember where you are:
header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
// Note: $_SERVER['REQUEST_URI'] is your current page
This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:
// login.php
echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
echo htmlspecialchars($_GET['location']);
}
echo '" />';
// Will show something like this:
// <input type="hidden" name="location" value="comment.php?articleid=17" />
// login-check.php
session_start();
// our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
$redirect = $_POST['location'];
}
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
$url = 'login.php?p=1';
// if we have a redirect URL, pass it back to login.php so we don't forget it
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location: " . $url);
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
$url = 'login.php?p=2';
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location:" . $url);
exit();
}
elseif(isset($_SESSION['id_login'])) {
// if login is successful and there is a redirect address, send the user directly there
if($redirect) {
header("Location:". $redirect);
} else {
header("Location:login.php?p=3");
}
exit();
}
Gotchas
You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... then they will be sent to a foreign URL that will try to do something bad.
Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don't break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?'s and will not work correctly)

When user gets to the login page use this to see where is come from
$_SERVER['HTTP_REFERER']
Then set this value into the session, and when he is authenticated use url from the session to redirect him back. But you should do some checking before, if the url is your site. Maybe he come from another site directly to login :)

You can save a page using php, like this:
$_SESSION['current_page'] = $_SERVER['REQUEST_URI']
And return to the page with:
header("Location: ". $_SESSION['current_page'])

You should probably place the url to redirect to in a POST variable.

Since the login page is a separate page, I am assuming that you want to redirect to the page that the user reached the login page from.
$_SERVER['REQUEST_URI'] will simply hold the current page. What you want to do is use $_SERVER['HTTP_REFERER']
So save the HTTP_REFERER in a hidden element on your form <input type="hidden" name="referer" value="<?= $_SERVER['HTTP_REFERER'] ?>" /> but keep in mind that in the PHP that processes the form you will need some logic that redirects back to the login page if login fails but also to check that the referer is actually your website, if it isn't, then redirect back to the homepage.

Another way, using SESSION
Assign current URL to session (use it on every page)
$_SESSION['rdrurl'] = $_SERVER['REQUEST_URI'];
and in your login page, use
if(isset($_SESSION['rdrurl']))
header('location: '.$_SESSION['rdrurl']);
else
header('location: http://example.com');

use something like
$_SERVER['HTTP_REFERER'];
And if it's a successful login, display a link saying "Click here to go back" and a link to the referrer, and when the page loads, use some javascript to automatically load that page (don't use back() or whatever that function is as it won't re-load the page and it'll appear like the user never logged in.

You can use session to to store the current page on which you want to return after login and that will work for other pages if you maintain session properly. It is very useful technique as you can develop your breadcrumb using it.

you can use this:
$refererpage = $_SERVER['HTTP_REFERER']; //get referer stored in a variable
if (strpos($refererpage, $_SERVER['SERVER_NAME']) == TRUE) { //if the start position of the referer and the server name is equal
$refvar= $refererpage; //create a mew variable to be used to locate header
} else { //if referer's address is not the same as server name
$refvar= "index.php"; //set the variable to another direction for this request
}
and add the header where ever u want as:
header('location: '. $refvr); //set the header location to the referer varaible

You should try something like $_SERVER['HTTP_REFERER'].

You should first get user refer page in a variable using $_SERVER['HTTP_REFERER']; in your login page.
LIKE:
<?php
session_start();
$refPage = $_SERVER['HTTP_REFERER'];
?>
And now when the user clicks to Login then change header location to user refer page
LIKE:
<?php
if(isset($_POST[login])){
session_start();
header('location:' . $refPage);
}
?>
And in this time you should first check that user refers page empty or not because your user can visit direct your login page then your $refPage variable will be empty so after Click to Login page stays here
LIKE:
<?php
if(isset($_POST[login])){
session_start();
$refPage = $_SERVER['HTTP_REFERER']; // get reffer page url
if(empty($refPage)){
header('location: yourredirectpage'); // if ref page is empty then set default redirect page.
}else{
header('location:' . $refPage); // or if ref page in not empty then redirect page to reffer page
}
}
?>
Or you can use input type hidden where you can set value $_SERVER['HTTP_REFERER'];
LIKE:
<input type="hidden" name="refPage" value="<?php echo $_SERVER['HTTP_REFERER']; ?>">
And when a user clicks to Login then you can get the refPage value and redirect the previous page. And you should also check empty refer page. Because your user can visit direct your login page.
Thank you.

I have created a function to store URL of previous page
//functions.php
function set_previous_page_url(){
$current_url = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? "https" : "http") . "://{$_SERVER['HTTP_HOST']}{$_SERVER['REQUEST_URI']}";
$previous_url = $_SERVER['HTTP_REFERER'];
if (!($current_url === $previous_url)){
$_SESSION['redirect_url'] = $previous_url;
}
if(isset($_SESSION['redirect_url'])){
$url = $_SESSION['redirect_url'];
return $url;
} else {
$url = "index.php";
return $url;
}
}
And call this function in login.php
// login.php
<?php
// set previous page url to redirect after login
$url = set_previous_page_url();
if(ifItIsMethod('post')){
if(isset($_POST['username']) && isset($_POST['password'])){
if (login_user($_POST['username'], $_POST['password'])) {
redirect($url);
//unset session defined in set_previous_page_url() function
if(isset($_SESSION['redirect_url'])){
unset($_SESSION['redirect_url']);
}
}
}
}
?>

Construct the form action such that it 'remembers', or persists, the previous page by writing out a returnurl=value query string key/value pair to the URL - this can be passed from any page that redirects to login.

I think you might need the $_SERVER['REQUEST_URI'];
if(isset($_SESSION['id_login'])) {
header("Location:" . $_SERVER['REQUEST_URI']);
}
That should take the url they're at and redirect them them after a successful login.

how about this :: javascript+php
echo "<script language=javascript> javascript:history.back();</script>";
it will work same as the previous button in your browser

Use hidden input in your login page.
Like:
<input name="location" value="<?php if(!empty($_SERVER['HTTP_REFERER'])) echo $_SERVER['HTTP_REFERER']; else echo 'products.php'; ?>" type="text" style="display: none;" />

You can try
echo "<SCRIPT>alert(\"Login Successful Redirecting To Previous Page \");history.go(-2)</SCRIPT>";
Or
echo "<SCRIPT>alert(\"Login Successful Redirecting To Previous Page \");history.go(-1)</SCRIPT>";

#philipobenito's answer worked best for me.
I first created a hidden input that contain the user's HTTP referer
<input type="hidden" name="referer" value="<?= $_SERVER['HTTP_REFERER'] ?>" />
and after a successful login i redirected the users to whatever value was stored in that hidden input
$_POST = filter_input_array(INPUT_POST, FILTER_SANITIZE_STRING);
if(!empty($_POST['referer'])){
header('Location: '.$_POST['referer']);
}
else{
header('Location: members.php'); //members.php is a page used to send a user to their profile page.
}
exit;

Check session and cookie not working in PHP

I have this code that makes sure your are logged in, and then making sure you are on the right page by checking a cookie set at login. This code works on a page in a directory underneath the login in script, however in a page in a directory below that it always takes you to accessdenied. Any ideas?
<?php
session_start();
if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) {
header("location: http://mywebsite.com/member/accessdenied.html");
exit();
}
$_COOKIE["verify"] = $verify;
if( $verify != file_get_contents("name.txt")) {
header("location: http://mywebsite.com/member/accessdenied.html");
} else { }
?>
And it seems like just the bottom part, the part that checks the cookie, isn't working. Again, any ideas?

I think you have your cookie assignment backwards:
$_COOKIE["verify"] = $verify;
Should be
$verify = $_COOKIE["verify"];
And that should be:
$verify = isset($_COOKIE["verify"])?$_COOKIE["verify"]:false;
As if the cookie was not previously set, well it would give a notice error.

<?php
$verify = $_COOKIE["verify"];
if( $verify == file_get_contents("name.txt")) {
echo $verify . 'is equal to the content of name.txt'
} else {
echo $verify . 'is NOT equal to the content of name.txt'
}
?>
Try debugging the code with this. See if the content of your variable is what you want. But I find it unusual that a variable would be a file.

are you sure you always get the content from file_get_contents? I could imagine it's found in one directory but not in the other!

antoher idea: cookies can be set to be relevant for a particular directory only. I just realize, what we're missing here, is the part where you set the cookie in the first place.

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

Extremely easy IF statement is not evaluating! php - php

After you press the Submit button you are making a POST request and the return_url variable will not be available anymore which was set with a GET request. You could create a hidden input field that will store the redirect_url and submit it with the form.

Since you say It seems to be going to index.php by default The problem is probably either with if(isset($_POST['submitted'])) or if($fgmembersite->Login()) and not related to $url at all.

I guess it can not find mlbmain.php or course-website.php at the current folder, so it throws 404 not found an probably you managed this error to redirect to index.php

Related

Redirect user to previous page after log in using PHP [duplicate]

How to continue the previous action after login [duplicate]

How to include 2 checks in a if statement

Redirecting to previous page after login?

Check session and cookie not working in PHP

Categories

Resources