Hi all,
I've been using PHP for about 3 days and I absolutely love it so far. Here's my first question. User tries to access a page and they are not logged in. They are redirected to the login page. After they successfully log in, they are directed back to the page they came from.

Here is and example of how I get to the login page.
if (!isset($_SESSION['loggedin_username'])) {
header('Location: login.php?url=' . urlencode($_SERVER['SCRIPT_NAME']));
}
Here is and example of what the url looks like in the browser after reaching the login page from above.
http://127.0.0.1/www/ff/login.php?url=%2Fwww%2Fff%2Feditpost.php
Here is the block that is trying to redirect after a successfull login. $count returns 1 if the user is in the DB.
if ($count == 1) {
// The user exists. Register them.
$_SESSION['loggedin_id'] = $userid;
$_SESSION['loggedin_username'] = $username;

// Redirect the user to the page that they came from.
if (isset($_GET['url'])) {
$url = $_GET['url'];
} else {
$url = 'index.php';
}

header("Location: $url");
}

However, I always get directed back to index.php. But if I echo the $_GET['id'] variable it will show a valid url such as /www/ff/editpost.php.

What stupid mistake am I making? Thanks.

What do you get when you echo $_GET['url'] ?

Thanks for the ultra speedy reply.

But if I echo the $_GET['id'] variable it will show a valid url such as /www/ff/editpost.php

:thumb:

I'll post the whole crappin' page if you want to see it.

However, I always get directed back to index.php. But if I echo the $_GET['id'] variable it will show a valid url such as /www/ff/editpost.php.

What stupid mistake am I making? Thanks.

$_GET['id] and $_GET['url'] are different. And from what I am seeing, you are checking if $_GET['url'] is set. And then trying to navigate to $_GET['url']

$_GET['id] and $_GET['url'] is different

My fault, sorry. Just a typo.
It is in fact
echo $_GET['url'];

But then I give it 'index.php' if it is not set. Is this wrong?
if (isset($_GET['url'])) {
$url = $_GET['url'];
} else {
$url = 'index.php';
}

header("Location: $url");

Take out the isset check real quick and try it

if (isset($_GET['url'])) {
$url = $_GET['url'];
} else {
echo $_GET['url']; //place this here to see what url is
$url = 'index.php';
}



That is what I would do for testing purposes

On a side note: what part of Colorado are you from?

Take out the isset check real quick and try it
Crap. That still doesn't seem to work. It echos: /www/ff/editpost.php
echo $_GET['url'];
$url = $_GET['url'];
header("Location: " . $url);
If I put the url directly in there it works however. Could it be something with the other code I have in this page?

EDIT: Cool. Let me try the post above. Be right back.

What happens if you do something like:


header("Location: " . $_GET['url']);


Or Try:

header("Location: $url");

Okay, so those work. I copied the link I posted above, pasted it into my browser and got redirected to the editpost.php page. So I'm doing something stupid in between I guess. :ehh:

I live in Denver proper. Not actually downtown but a stones throw away.

Go ahead and post the code for your page if it isn't horribly huge :)

I was born and raised in Colorado and now live in Wyoming :)

I was born and raised in NJ but have been in Colorado for 12 years. Just another transplant. :bigyello:

Here's my big mess. Thanks for taking a look.
<?php

require_once('header.inc');
require_once('functions.inc');

?>

<h1 class="title">Login</h1>
<div class="entry">
<ul>
<li>You must login before you can add a new post, edit your old posts or changed your password.</li>
</ul>

<form action="login.php" method="POST">
<fieldset style="width: 75%;">
<legend>Login</legend><br />
<label style="text-align: right;">User Name:</label><input type="text" style="width: 175;" name="username" /><br /><br />
<label style="text-align: right;">Password:</label><input type="password" style="width: 175;" name="password" /><br /><br />
<input type="submit" style="width: 100; float: right;" value="Login"/>
</fieldset>
</form>
</div>

<?php

/**
* Check that the user is in the database.
*/
if (isset($_POST['username']) && isset($_POST['password'])) {

$username = $_POST['username'];
// The password is encrypted in the database.
$password = md5($_POST['password']);

// Connect to the database and see if the user exists.
$link = connect_db();

$sql = sprintf(
"SELECT
PosterID,
UserName,
UserPassword
FROM
posters
WHERE
UserName = '%s' AND
UserPassword = '%s';",
mysql_real_escape_string($username, $link),
mysql_real_escape_string($password, $link));

// Get the results and determine if the user exists.
$result = mysql_query($sql, $link);
$count = mysql_num_rows($result);

$row = mysql_fetch_assoc($result);
$userid = $row['PosterID'];

// Clean up.
mysql_free_result($result);
mysql_close($link);

if ($count == 1) {
// The user exists. Register them.
$_SESSION['loggedin_id'] = $userid;
$_SESSION['loggedin_username'] = $username;

// Redirect the user to the page that they came from.
if (isset($_GET['url'])) {
$url = $_GET['url'];
} else {
$url = 'index.php';
}

header('Location: ' . $url);

} else { ?>

<p style="color: #CD0000;">You must be really smart. You typed in the wrong username or password.<br />
Knowing you, they are probably both wrong.<br />
Try again Mr. Wizard.</p>

<?php
} // End else
} // End if (isset

// The footer.
require_once('footer.inc');

?>

They get initially redirected like:
// Check that the user is logged in first.
session_start();

if (!isset($_SESSION['loggedin_username'])) {
header('Location: login.php?url=' . urlencode($_SERVER['SCRIPT_NAME']));
}

Try this too:


header('Location: http://127.0.0.1' . $_GET['url']);

I think I figured it out. You send the url when you get redirected to login.php. Then when you post, you are not sending the url along with the post there fore it is losing the url.


<?php

require_once('header.inc');
require_once('functions.inc');

?>

<h1 class="title">Login</h1>
<div class="entry">
<ul>
<li>You must login before you can add a new post, edit your old posts or changed your password.</li>
</ul>

<form action="login.php" method="POST">
<fieldset style="width: 75%;">
<legend>Login</legend><br />
<label style="text-align: right;">User Name:</label><input type="text" style="width: 175;" name="username" /><br /><br />
<label style="text-align: right;">Password:</label><input type="password" style="width: 175;" name="password" /><br /><br />
<input type="hidden" name="url" value="<?php echo $_GET['url']; ?>"/>
<input type="submit" style="width: 100; float: right;" value="Login"/>
</fieldset>
</form>
</div>

<?php

/**
* Check that the user is in the database.
*/
if (isset($_POST['username']) && isset($_POST['password'])) {

$username = $_POST['username'];
// The password is encrypted in the database.
$password = md5($_POST['password']);

// Connect to the database and see if the user exists.
$link = connect_db();

$sql = sprintf(
"SELECT
PosterID,
UserName,
UserPassword
FROM
posters
WHERE
UserName = '%s' AND
UserPassword = '%s';",
mysql_real_escape_string($username, $link),
mysql_real_escape_string($password, $link));

// Get the results and determine if the user exists.
$result = mysql_query($sql, $link);
$count = mysql_num_rows($result);

$row = mysql_fetch_assoc($result);
$userid = $row['PosterID'];

// Clean up.
mysql_free_result($result);
mysql_close($link);

if ($count == 1) {
// The user exists. Register them.
$_SESSION['loggedin_id'] = $userid;
$_SESSION['loggedin_username'] = $username;

// Redirect the user to the page that they came from.
if (isset($_POST['url'])) {
$url = $_POST['url'];
} else {
$url = 'index.php';
}

header('Location: ' . $url);

} else { ?>

<p style="color: #CD0000;">You must be really smart. You typed in the wrong username or password.<br />
Knowing you, they are probably both wrong.<br />
Try again Mr. Wizard.</p>

<?php
} // End else
} // End if (isset

// The footer.
require_once('footer.inc');

?>

They get initially redirected like:



Try this. What I did was add a hidden field to your form. Then it will pass as a post.

Holy crap. That works. Thank you very much for your help. I have been beating my head against the wall all morning.

Anytime. I love php :) If you get stumped just drop me a line.