Page 1 of 1
Redirecting after a successful user authentication?
Posted: Sat Jul 15, 2006 10:14 am
by sejf83
I am building a Web site in PHP with a public area and password-protected area. I will have links from the public area to specific pages that the user must be authenticated to see.
Is there anyway to redirect the user to the original link they clicked on after they successfully complete the log in process?
For example, let's say a user clicks on the following a href:
topsecret.php
Because there is an include in that PHP file that requires user authentication, the browser redirects to a page such as login.php, which posts a form to loginProcess.php.
After loginProcess.php runs, I want the browser to redirect automatically to topsecret.php.
Any thoughts?
Thanks!
Posted: Sat Jul 15, 2006 10:16 am
by MrPotatoes
Code: Select all
$fileAndFilePath = 'topsecret.php';
header("Location: " . $fileAndFilePath)
Posted: Sat Jul 15, 2006 10:58 am
by sejf83
Thanks. But I don't know which link they are clicking on in advance. Is there a way to generate the correct redirect path dynamically?
Posted: Sat Jul 15, 2006 11:01 am
by Burrito
the way I do it is on the page where I'm redirecting to my login page (typically session.inc.php), I fetch the the full url (including any params) and pass it to my login page (login.php) via a urlencoded() param.
after they submit the form, I use a header redirection to the originial location.
Posted: Sat Jul 15, 2006 11:45 am
by sejf83
Thanks Burrito! I'll give that a try.
Posted: Sun Jul 16, 2006 11:23 am
by sejf83
I am having trouble getting this to work...
I have an include file in my password-protected pages with the following code:
Code: Select all
<?php
session_start();
// See if a user is logged in. If not, redirect to the log in page
if(isset($_SESSION["authenticatedUser"]))
{
$appUserId = $_SESSION["authenticatedUser"];
}
else {
$_SESSION["logInMessage"] = "You must log in to access this page.";
$_SESSION["redirect"] = $_SERVER["HTTP_REFERER"];
header("Location: logIn.php");
}
?>
This then goes to a log in page which posts to logInProcess.php. After successful user authentication, I've included the following to redirect back to the referrer:
Code: Select all
<?php
session_start();
if($authenticateUser)
{
if(isset($_SESSION["redirect"]))
header("Location: ".urlencode($_SESSION["redirect"]));
else
header("Location: fileList.php");
}
?>
Trouble is that $_SESSION["redirect"] is never set. Am I missing something??
Thanks.
Posted: Sun Jul 16, 2006 12:16 pm
by Burrito
let me try to explain a little better the way I do it by showing you some code I might use.
session.inc.php (untested)
Code: Select all
session_start();
function geturl()
{
$ports = array('https' => 443, 'http' => 80);
$prefix = (empty($_SERVER['HTTPS']) || $_SERVER['HTTPS'] == "off" ? 'http' : 'https');
$url = $prefix;
$url .= '://';
$url .= $_SERVER['HTTP_HOST'];
$url .= $_SERVER['SERVER_PORT'] != $ports[$prefix] ? ':' . $_SERVER['SERVER_PORT'] : '';
$url .= $_SERVER['PHP_SELF'];
$url .= (isset($_SERVER['QUERY_STRING']) && $_SERVER['QUERY_STRING'] != "" ? "?".$_SERVER['QUERY_STRING'] : "");
return $url;
}
if(!isset($_SESSION['logged_in'] && !isset($login))
{
header("Location: login.php?oldurl=".urlencode(geturl()));
}
then on login.php, you'll have the old url in the querystring in the url
login.php (untested)
Code: Select all
<?
$login = TRUE;
include("session.inc.php");
if(isset($_POST....))
// do your sql query here
// if sql passes then include this
$oldurl = urldecode($_GET['oldurl']);
header("Location: $oldurl");
?>
<form method="post">
<!-- form stuff here -->
</form>
that make sense?
Posted: Sun Jul 16, 2006 12:40 pm
by sejf83
My redirect is actually taking place on a logInProcess.php page -- not the logIn.php page -- so I am not quite understanding how to redirect from the second page.
I tried to code the $oldurl param in a hidden form element, then access it on logInProcess, but it just causes the browser to hang up.
Posted: Sun Jul 16, 2006 12:47 pm
by Burrito
if you're doing the login processing on a different page, then you'll need to pass the old string as a hidden var (as you've tried) or put it back in the url:
Code: Select all
<form action="someprocessingpage.php?oldurl=<?=$_GET['oldurl'];?>" method="post">
the better alternative in your situation would be to use a hidden form var though. not sure what would be making it kill your page though, check the source of the login page to see what's being put in that form var.
Posted: Sun Jul 16, 2006 12:53 pm
by sejf83
Thanks. I got it to work on some of my pages -- but others give me an error message before redirecting to the logIn form:
(see:
http://lab.slais.ucl.ac.uk:8036/~p100sa ... erList.php)
Something must be interfering with the code example you gave me on my page that it killing it! Any ideas?
Edited to add: The ones that don't work are in a subdirectory off of the root....
Posted: Sun Jul 16, 2006 1:00 pm
by Burrito
I'm getting a 404
Posted: Sun Jul 16, 2006 1:03 pm
by sejf83
Yeah -- that's what I mean. Without the geturl function, everything works. Perhaps I have a path amiss somewhere.
Posted: Sun Jul 16, 2006 1:09 pm
by Burrito
I don't see why the geturl function would cause a 404? if anything it would cause a 500...
you dont 'have to use that function...write your own...just so long as you get the current url you're fine.