Page 1 of 1

Redirecting to appropriate page

Posted: Mon Sep 24, 2007 2:42 am
by shivam0101
hello,

In a shopping cart page, if the user has not logged in, he will be sent to login page, if he enters username and password correctly, he should be redirected to the page where he was. I tried using sessions.

This is the code i tried,

login page,

$query_member_details=mysql_query("SELECT * FROM members WHERE member_username='$member_username' AND member_password='$member_password' AND confirm_flag='YES' AND member_flag=1");

Code: Select all

if(mysql_num_rows($query_member_details) > 0)
	  {
	     $fetch_member_details=mysql_fetch_array($query_member_details);
		 $member_id=$fetch_member_details['member_id'];
		 
		 session_start();
		 $_SESSION['member_id']=$member_id;
                              
                                if(isset($_SESSION['shop']))// this i am setting it in shop.php before sending to login page.
                                    header("Location:".SITE_URL."/shop.php");
                                else		 
		    header("Location:".SITE_URL);
		 
	  }
once he is directed to shop.php he should not see again buy now, since he allready has clicked. i.e once he is authenticated, the details should be entered into database and redirected to index.php (where all products are listed). I hope i am explaining properly



Thanks

Posted: Mon Sep 24, 2007 3:45 am
by aceconcepts
First of all, your username and password query is open to SQL injection attacks - take a alook at sprintf and mysql_real_excape_string.

Regarding the redirection after login you could use the following code to store the url the user returns to before they are told to login:

Code: Select all

$returnTo=$_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$returnTo must obviously be set (on the page you want them to return to) before the user is sent to the login page.

Posted: Mon Sep 24, 2007 7:37 am
by superdezign
As long as you use the GET method for shopping, then you can just save the URL in a session variable.

The way I do that is that I have a central authentication where if a user is denied access to something, that URL is saved and then they are redirected to the login screen. The login page checks for that variable and, if it exists, it gives the user a message letting them know that after logging in, they will be sent back, as well as using that data for the redirection. I also have a counter in the session that counts the number of pages that have been accessed since the URL was saved so that the only time they are redirected is directly after coming from that page.

Posted: Mon Sep 24, 2007 7:41 am
by aceconcepts
$returnTo should be

Code: Select all

$_SESSION['returnTo']