Redirecting to appropriate page

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
shivam0101
Forum Contributor
Posts: 197
Joined: Sat Jun 09, 2007 12:09 am

Redirecting to appropriate page

Post by shivam0101 »

hello,

In a shopping cart page, if the user has not logged in, he will be sent to login page, if he enters username and password correctly, he should be redirected to the page where he was. I tried using sessions.

This is the code i tried,

login page,

$query_member_details=mysql_query("SELECT * FROM members WHERE member_username='$member_username' AND member_password='$member_password' AND confirm_flag='YES' AND member_flag=1");

Code: Select all

if(mysql_num_rows($query_member_details) > 0)
	  {
	     $fetch_member_details=mysql_fetch_array($query_member_details);
		 $member_id=$fetch_member_details['member_id'];
		 
		 session_start();
		 $_SESSION['member_id']=$member_id;
                              
                                if(isset($_SESSION['shop']))// this i am setting it in shop.php before sending to login page.
                                    header("Location:".SITE_URL."/shop.php");
                                else		 
		    header("Location:".SITE_URL);
		 
	  }
once he is directed to shop.php he should not see again buy now, since he allready has clicked. i.e once he is authenticated, the details should be entered into database and redirected to index.php (where all products are listed). I hope i am explaining properly



Thanks
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Post by aceconcepts »

First of all, your username and password query is open to SQL injection attacks - take a alook at sprintf and mysql_real_excape_string.

Regarding the redirection after login you could use the following code to store the url the user returns to before they are told to login:

Code: Select all

$returnTo=$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$returnTo must obviously be set (on the page you want them to return to) before the user is sent to the login page.
User avatar
superdezign
DevNet Master
Posts: 4135
Joined: Sat Jan 20, 2007 11:06 pm

Post by superdezign »

As long as you use the GET method for shopping, then you can just save the URL in a session variable.

The way I do that is that I have a central authentication where if a user is denied access to something, that URL is saved and then they are redirected to the login screen. The login page checks for that variable and, if it exists, it gives the user a message letting them know that after logging in, they will be sent back, as well as using that data for the redirection. I also have a counter in the session that counts the number of pages that have been accessed since the URL was saved so that the only time they are redirected is directly after coming from that page.
User avatar
aceconcepts
DevNet Resident
Posts: 1424
Joined: Mon Feb 06, 2006 11:26 am
Location: London

Post by aceconcepts »

$returnTo should be

Code: Select all

$_SESSION['returnTo']
Post Reply