Page 1 of 1

redirecting back

Posted: Tue Sep 13, 2005 4:37 pm
by umbra
I am trying to redirect back to the previous page whatever it may be. Is that possible?

Posted: Tue Sep 13, 2005 5:30 pm
by Ambush Commander
Yeah.

(I'm sure you meant to ask How?)

(Well, be more specific. What exactly is this "previous page"?)

Posted: Tue Sep 13, 2005 5:41 pm
by umbra
Ambush Commander wrote:Yeah.

(I'm sure you meant to ask How?)

(Well, be more specific. What exactly is this "previous page"?)
Well, when the user deletes an entry from the database, he/she gets the 'The record has been deleted from the database.' message. After that message I want to put a link that redirects the user to the page where he/she comes from. The problem is that there are multiple pages that this delete thing can be done, so I don't know where to redirect the page. I just have to redirect it 'back'.

I found that there is a variable called $_SERVER['HTTP_REFERER'] that returns the URL of the referring page as a string but I couldn't use it. I get an undefined index:'HTTP_REFERER' error everytime I use it.

Posted: Tue Sep 13, 2005 5:45 pm
by timvw
As you've experienced already, a UA is not required to send the HTTP_REFERRER header..

Assuming the user is always on your site, you could build a stack with visited pages.. And when he deletes, you can simply remove the "delete.php" from the stack, and see what is on top..

Posted: Tue Sep 13, 2005 5:51 pm
by Ambush Commander
Or you could force the submitting forms to tell delete.php its location. Or it could be smart enough to figure it out itself.

Posted: Tue Sep 13, 2005 6:12 pm
by umbra
And can I get the location where the user is in? I mean is there a variable or function that tells me the url of the visited page?

Posted: Tue Sep 13, 2005 6:14 pm
by patrikG

Code: Select all

<a href="javascript:history.go(-1)">back to previous page</a>

Posted: Tue Sep 13, 2005 6:22 pm
by umbra
patrikG wrote:

Code: Select all

<a href="javascript:history.go(-1)">back to previous page</a>
Hey thanks that worked! It seems I really have to learn js :)

Posted: Wed Sep 14, 2005 7:58 am
by timvw
That only works for people that have JavaScript enabled...

You can see where the user is through $_SERVER['PHP_SELF'] (Don't forget to run htmlentities/strip_tags on the vaue if you are going to display it to the user because otherwise you might allow others to perform an XSS exploit)

Posted: Wed Sep 14, 2005 9:54 am
by jwalsh
On your form page...

Code: Select all

<form action="deletepage.php" method="post">
PUT FORM HERE
<input name="currentpage" type="hidden" value="<? echo $_SERVER['PHP_SELF'];?>">
<input name="Submit" type="submit">
</form>
and the delete page use the following link.

Code: Select all

<a href="<? echo $_POST['currentpage']; ?>">Go back to previous page</a>

Posted: Wed Sep 14, 2005 1:17 pm
by timvw
jwalsh wrote:

Code: Select all

<input name="currentpage" type="hidden" value="<? echo $_SERVER['PHP_SELF'];?>">
Read http://blog.phpdoc.info/archives/13-XSS-Woes.html why this code is open for an XSS attack.

Posted: Wed Sep 14, 2005 4:33 pm
by raghavan20
hi timv, do you think the SERVER variable HTTP_REFERER can be of any use?
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
I do not see this code working.

Code: Select all

<?php
if(isset($_SERVER['HTTP_REFERER'])){
echo $_SERVER['HTTP_REFERER'];
}else
echo "I dont know the previous page";
?>

Posted: Wed Sep 14, 2005 4:36 pm
by jwalsh
I do not see this code working.

Code: Select all

<?php
if(isset($_SERVER['HTTP_REFERER'])){
echo $_SERVER['HTTP_REFERER'];
}else
echo "I dont know the previous page";
?>
change to...

Code: Select all

<?php
if(isset($_SERVER['HTTP_REFERER'])) {
    echo $_SERVER['HTTP_REFERER'];
}else {
    echo "I dont know the previous page"; 
}
?>

Posted: Wed Sep 14, 2005 5:10 pm
by timvw
That doesn't really work either, because a UserAgent is not required to send that header.. Therefor, it's not certain that it will exist.. As the OP already mentionned..

The advantage of a script/task stack as i suggested is that it also allows you to control users that hit the back button.. Or generate breadcrumbs.. Or keep the user at the same page untill he completes the required actions..