Redirecting after a successful user authentication?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Redirecting after a successful user authentication?

Post by sejf83 »

I am building a Web site in PHP with a public area and password-protected area. I will have links from the public area to specific pages that the user must be authenticated to see.

Is there anyway to redirect the user to the original link they clicked on after they successfully complete the log in process?

For example, let's say a user clicks on the following a href:

topsecret.php

Because there is an include in that PHP file that requires user authentication, the browser redirects to a page such as login.php, which posts a form to loginProcess.php.

After loginProcess.php runs, I want the browser to redirect automatically to topsecret.php.

Any thoughts?

Thanks!
User avatar
MrPotatoes
Forum Regular
Posts: 617
Joined: Wed May 24, 2006 6:42 am

Post by MrPotatoes »

Code: Select all

$fileAndFilePath = 'topsecret.php';
header("Location: " . $fileAndFilePath)
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Post by sejf83 »

Thanks. But I don't know which link they are clicking on in advance. Is there a way to generate the correct redirect path dynamically?
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

the way I do it is on the page where I'm redirecting to my login page (typically session.inc.php), I fetch the the full url (including any params) and pass it to my login page (login.php) via a urlencoded() param.

after they submit the form, I use a header redirection to the originial location.
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Post by sejf83 »

Thanks Burrito! I'll give that a try.
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Post by sejf83 »

I am having trouble getting this to work...

I have an include file in my password-protected pages with the following code:

Code: Select all

<?php
session_start();

// See if a user is logged in. If not, redirect to the log in page
if(isset($_SESSION["authenticatedUser"]))
{
   $appUserId = $_SESSION["authenticatedUser"];
}
else {
   $_SESSION["logInMessage"] = "You must log in to access this page.";
   $_SESSION["redirect"] = $_SERVER["HTTP_REFERER"];
   header("Location: logIn.php");
}
?>
This then goes to a log in page which posts to logInProcess.php. After successful user authentication, I've included the following to redirect back to the referrer:

Code: Select all

<?php

session_start();

if($authenticateUser)
{
   if(isset($_SESSION["redirect"]))
      header("Location: ".urlencode($_SESSION["redirect"]));
   else
      header("Location: fileList.php");
}

?>
Trouble is that $_SESSION["redirect"] is never set. Am I missing something??

Thanks.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

let me try to explain a little better the way I do it by showing you some code I might use.

session.inc.php (untested)

Code: Select all

session_start();

function geturl() 
{ 
  $ports = array('https' => 443, 'http' => 80); 
  $prefix = (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off" ? 'http' : 'https'); 
  $url = $prefix; 
  $url .= '://'; 
  $url .= $_SERVER['HTTP_HOST']; 
  $url .= $_SERVER['SERVER_PORT'] != $ports[$prefix] ? ':' . $_SERVER['SERVER_PORT'] : ''; 
  $url .= $_SERVER['PHP_SELF']; 
  $url .= (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "" ? "?".$_SERVER['QUERY_STRING'] : ""); 
  return $url; 
} 

if(!isset($_SESSION['logged_in'] && !isset($login))
{
  header("Location: login.php?oldurl=".urlencode(geturl()));
}
then on login.php, you'll have the old url in the querystring in the url

login.php (untested)

Code: Select all

<?
$login = TRUE;
include("session.inc.php");
if(isset($_POST....))
// do your sql query here
// if sql passes then include this
$oldurl = urldecode($_GET['oldurl']);
header("Location: $oldurl");
?>

<form method="post">
<!-- form stuff here -->
</form>
that make sense?
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Post by sejf83 »

My redirect is actually taking place on a logInProcess.php page -- not the logIn.php page -- so I am not quite understanding how to redirect from the second page.

I tried to code the $oldurl param in a hidden form element, then access it on logInProcess, but it just causes the browser to hang up.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

if you're doing the login processing on a different page, then you'll need to pass the old string as a hidden var (as you've tried) or put it back in the url:

Code: Select all

<form action="someprocessingpage.php?oldurl=<?=$_GET['oldurl'];?>" method="post">
the better alternative in your situation would be to use a hidden form var though. not sure what would be making it kill your page though, check the source of the login page to see what's being put in that form var.
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Post by sejf83 »

Thanks. I got it to work on some of my pages -- but others give me an error message before redirecting to the logIn form:

(see: http://lab.slais.ucl.ac.uk:8036/~p100sa ... erList.php)

Something must be interfering with the code example you gave me on my page that it killing it! Any ideas?

Edited to add: The ones that don't work are in a subdirectory off of the root....
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

I'm getting a 404
sejf83
Forum Newbie
Posts: 20
Joined: Fri May 19, 2006 3:53 am

Post by sejf83 »

Yeah -- that's what I mean. Without the geturl function, everything works. Perhaps I have a path amiss somewhere.
User avatar
Burrito
Spockulator
Posts: 4715
Joined: Wed Feb 04, 2004 8:15 pm
Location: Eden, Utah

Post by Burrito »

I don't see why the geturl function would cause a 404? if anything it would cause a 500... 8O

you dont 'have to use that function...write your own...just so long as you get the current url you're fine.
Post Reply