Page 1 of 1

Simple redirect with header() if statement

Posted: Sun Feb 01, 2009 10:02 pm
by jeffimperial
Hey guys.. I need help. Can anyone show me sample snippets of code for using the header statement with if statements? I created a simple login page. If the visitor inputs the right password, they are redirected to index.php. But when I simply type in the full WWW address of index.php, the page still opens. This looks like a security issue. What I want to happen is that if the visitor is coming from anywhere but login.php, I want them redirected to login.php... Am I making any sense here?

As in:

Code: Select all

If visitor_is_from_login.php
     redirect_to_index.php
Else
     redirect_to_login.php
...
something like that.

Re: Simple redirect with header() if statement

Posted: Mon Feb 02, 2009 12:10 am
by jothirajan
Just try this.

So i want to allow only the correct login'd persons into my site.

For example consider a login page - http://www.test.com/login.php

<?php

if(password=="correct") // replace this condition as per ur requirement
{
header("profile.php") //// if login is correct i am going to redirect the person to the profile page
}
else
{
header("index.php") //// if login is incorrect then redirect him to the index page...
}


This is ok.....

But?. I am having the following files

index.php
1.php
....
....
... 100.php . And i just want to make only the correct login'd persons to go the pages from 1.php to 100.php. If they did't then they will only visit the index.php

Here it goes. This is the thing here i need the security...

Make use of common class file(checking the session) and assign in all the security pages. So for the index.php i dont want this common class file. only for 1.php to 100.php files.

For the security pages check the session ........

Thanks
JOE

Re: Simple redirect with header() if statement

Posted: Mon Feb 02, 2009 12:51 am
by jeffimperial
Thank you for that.. I applied what you suggested and it's working niceley.. however, the first problem still persists. Typing into my Web browser's address bar http://www.test.com/profile.php has the same effect as putting in the right password into login.php... I mean, what I want to happen is that only people referred by login.php can have access to the page. Say, if the person isn't jumping from login.php and tries to access profile.php directly, then that person needs to be redirected to login.php.. I'm not sure if this is making any sense yet.

Re: Simple redirect with header() if statement

Posted: Mon Feb 02, 2009 1:40 am
by susrisha
Not sure if this will help. but try the $_SERVER[REFERER] variable. This will store the page name which called your profile.php. If the user straight away types in profile.php, the variable will be null. check if its null and then write the redirect code. If the referer is login.php, then authenticate it and redirect to profile.php.

does that sound good enough??

Re: Simple redirect with header() if statement

Posted: Mon Feb 02, 2009 8:59 am
by mickeyunderscore
Do what jothirajan suggested. Use either sessions or cookies and create a PHP script to check for these, you can then require the check script at the top of each page.

Don't use the 'referrer' variable, because unfortunately this can be faked easily and is often omitted completely by some browsers.

Re: Simple redirect with header() if statement

Posted: Mon Feb 02, 2009 10:07 pm
by jothirajan
jeffimperial wrote:Thank you for that.. I applied what you suggested and it's working niceley.. however, the first problem still persists. Typing into my Web browser's address bar http://www.test.com/profile.php has the same effect as putting in the right password into login.php... I mean, what I want to happen is that only people referred by login.php can have access to the page. Say, if the person isn't jumping from login.php and tries to access profile.php directly, then that person needs to be redirected to login.php.. I'm not sure if this is making any sense yet.
Yes you are right.

Consider.....

Your login.php did't want the session security, because login page is for all users.

This is my login.php

<?php

if($_REQUEST['txt_username']=="demo" and $_REQUEST['txt_password']=="demo")

{
// this is the sample format...do not follow this....for example check the login values with the database user table.....I am just directly matching.... //

So this condition satisfies then make the assign the session .... My advice is make all this session assignment in the common file.......

session_register("user_id"); ///// session register
$_SESSION['user_id']= 1; //// this is the particular ID of that user from the DB // I am directly assigning 1/// do not follow
$SESSION_USER_ID=$_SESSION['user_id'];
}
?>

So for my profile.php i have to check whether the session was created or not ?
See this works...

<?php

if($_SESSION['user_id']=="")
/// if session is not created then redirect him.....put the code in all the files for to restrict the unregistered users.....
{
header("location:index.php")
}

?>

/* the above thing that i have written is for your reference only */
/* make all the session work in common files */

Thanks a lot.
JOE

Re: Simple redirect with header() if statement

Posted: Tue Feb 03, 2009 5:12 am
by jeffimperial
Wow, I'm amazed at how this community thing works! Though my realizations from this Forum has led me to the conclusion that I badly needed to remake the login system, it wasn't as difficult as it should have been. Hehe!

Thank you. For sure, I'll be back again to ask for help. Again, thank you guys..

Re: Simple redirect with header() if statement

Posted: Tue Feb 03, 2009 8:16 am
by jothirajan
jeffimperial wrote:Wow, I'm amazed at how this community thing works! Though my realizations from this Forum has led me to the conclusion that I badly needed to remake the login system, it wasn't as difficult as it should have been. Hehe!

Thank you. For sure, I'll be back again to ask for help. Again, thank you guys..

Thanks and Welcome .....

JOE