Simple redirect with header() if statement

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jeffimperial
Forum Newbie
Posts: 13
Joined: Sun Feb 01, 2009 9:54 pm

Simple redirect with header() if statement

Post by jeffimperial »

Hey guys.. I need help. Can anyone show me sample snippets of code for using the header statement with if statements? I created a simple login page. If the visitor inputs the right password, they are redirected to index.php. But when I simply type in the full WWW address of index.php, the page still opens. This looks like a security issue. What I want to happen is that if the visitor is coming from anywhere but login.php, I want them redirected to login.php... Am I making any sense here?

As in:

Code: Select all

If visitor_is_from_login.php
     redirect_to_index.php
Else
     redirect_to_login.php
...
something like that.
jothirajan
Forum Commoner
Posts: 69
Joined: Tue Jan 27, 2009 12:06 am

Re: Simple redirect with header() if statement

Post by jothirajan »

Just try this.

So i want to allow only the correct login'd persons into my site.

For example consider a login page - http://www.test.com/login.php

<?php

if(password=="correct") // replace this condition as per ur requirement
{
header("profile.php") //// if login is correct i am going to redirect the person to the profile page
}
else
{
header("index.php") //// if login is incorrect then redirect him to the index page...
}


This is ok.....

But?. I am having the following files

index.php
1.php
....
....
... 100.php . And i just want to make only the correct login'd persons to go the pages from 1.php to 100.php. If they did't then they will only visit the index.php

Here it goes. This is the thing here i need the security...

Make use of common class file(checking the session) and assign in all the security pages. So for the index.php i dont want this common class file. only for 1.php to 100.php files.

For the security pages check the session ........

Thanks
JOE
jeffimperial
Forum Newbie
Posts: 13
Joined: Sun Feb 01, 2009 9:54 pm

Re: Simple redirect with header() if statement

Post by jeffimperial »

Thank you for that.. I applied what you suggested and it's working niceley.. however, the first problem still persists. Typing into my Web browser's address bar http://www.test.com/profile.php has the same effect as putting in the right password into login.php... I mean, what I want to happen is that only people referred by login.php can have access to the page. Say, if the person isn't jumping from login.php and tries to access profile.php directly, then that person needs to be redirected to login.php.. I'm not sure if this is making any sense yet.
User avatar
susrisha
Forum Contributor
Posts: 439
Joined: Thu Aug 07, 2008 11:43 pm
Location: Hyderabad India

Re: Simple redirect with header() if statement

Post by susrisha »

Not sure if this will help. but try the $_SERVER[REFERER] variable. This will store the page name which called your profile.php. If the user straight away types in profile.php, the variable will be null. check if its null and then write the redirect code. If the referer is login.php, then authenticate it and redirect to profile.php.

does that sound good enough??
mickeyunderscore
Forum Contributor
Posts: 129
Joined: Sat Jan 31, 2009 9:00 am
Location: UK

Re: Simple redirect with header() if statement

Post by mickeyunderscore »

Do what jothirajan suggested. Use either sessions or cookies and create a PHP script to check for these, you can then require the check script at the top of each page.

Don't use the 'referrer' variable, because unfortunately this can be faked easily and is often omitted completely by some browsers.
jothirajan
Forum Commoner
Posts: 69
Joined: Tue Jan 27, 2009 12:06 am

Re: Simple redirect with header() if statement

Post by jothirajan »

jeffimperial wrote:Thank you for that.. I applied what you suggested and it's working niceley.. however, the first problem still persists. Typing into my Web browser's address bar http://www.test.com/profile.php has the same effect as putting in the right password into login.php... I mean, what I want to happen is that only people referred by login.php can have access to the page. Say, if the person isn't jumping from login.php and tries to access profile.php directly, then that person needs to be redirected to login.php.. I'm not sure if this is making any sense yet.
Yes you are right.

Consider.....

Your login.php did't want the session security, because login page is for all users.

This is my login.php

<?php

if($_REQUEST['txt_username']=="demo" and $_REQUEST['txt_password']=="demo")

{
// this is the sample format...do not follow this....for example check the login values with the database user table.....I am just directly matching.... //

So this condition satisfies then make the assign the session .... My advice is make all this session assignment in the common file.......

session_register("user_id"); ///// session register
$_SESSION['user_id']= 1; //// this is the particular ID of that user from the DB // I am directly assigning 1/// do not follow
$SESSION_USER_ID=$_SESSION['user_id'];
}
?>

So for my profile.php i have to check whether the session was created or not ?
See this works...

<?php

if($_SESSION['user_id']=="")
/// if session is not created then redirect him.....put the code in all the files for to restrict the unregistered users.....
{
header("location:index.php")
}

?>

/* the above thing that i have written is for your reference only */
/* make all the session work in common files */

Thanks a lot.
JOE
jeffimperial
Forum Newbie
Posts: 13
Joined: Sun Feb 01, 2009 9:54 pm

Re: Simple redirect with header() if statement

Post by jeffimperial »

Wow, I'm amazed at how this community thing works! Though my realizations from this Forum has led me to the conclusion that I badly needed to remake the login system, it wasn't as difficult as it should have been. Hehe!

Thank you. For sure, I'll be back again to ask for help. Again, thank you guys..
jothirajan
Forum Commoner
Posts: 69
Joined: Tue Jan 27, 2009 12:06 am

Re: Simple redirect with header() if statement

Post by jothirajan »

jeffimperial wrote:Wow, I'm amazed at how this community thing works! Though my realizations from this Forum has led me to the conclusion that I badly needed to remake the login system, it wasn't as difficult as it should have been. Hehe!

Thank you. For sure, I'll be back again to ask for help. Again, thank you guys..

Thanks and Welcome .....

JOE
Post Reply