[RESOLVED] Redirect after login

[nmadd]

Hi all,
I've been using PHP for about 3 days and I absolutely love it so far. Here's my first question. User tries to access a page and they are not logged in. They are redirected to the login page. After they successfully log in, they are directed back to the page they came from.

Here is and example of how I get to the login page.

PHP Code:

if (!isset($_SESSION['loggedin_username'])) {
    header('Location: login.php?url=' . urlencode($_SERVER['SCRIPT_NAME']));
} 


Here is and example of what the url looks like in the browser after reaching the login page from above.

Code:

http://127.0.0.1/www/ff/login.php?url=%2Fwww%2Fff%2Feditpost.php

Here is the block that is trying to redirect after a successfull login. $count returns 1 if the user is in the DB.

PHP Code:

if ($count == 1) {
    // The user exists. Register them.
    $_SESSION['loggedin_id'] = $userid;
    $_SESSION['loggedin_username'] = $username;
    
    // Redirect the user to the page that they came from.
    if (isset($_GET['url'])) {
        $url = $_GET['url'];
    } else {
        $url = 'index.php';
    }

    header("Location: $url");    
} 


However, I always get directed back to index.php. But if I echo the $_GET['id'] variable it will show a valid url such as /www/ff/editpost.php.

What stupid mistake am I making? Thanks.

[zalez]

What do you get when you echo $_GET['url'] ?

[nmadd]

Thanks for the ultra speedy reply.

But if I echo the $_GET['id'] variable it will show a valid url such as /www/ff/editpost.php

I'll post the whole crappin' page if you want to see it.

[zalez]

However, I always get directed back to index.php. But if I echo the $_GET['id'] variable it will show a valid url such as /www/ff/editpost.php.

What stupid mistake am I making? Thanks.

$_GET['id] and $_GET['url'] are different. And from what I am seeing, you are checking if $_GET['url'] is set. And then trying to navigate to $_GET['url']

[nmadd]

$_GET['id] and $_GET['url'] is different

My fault, sorry. Just a typo.
It is in fact

PHP Code:

echo $_GET['url']; 


But then I give it 'index.php' if it is not set. Is this wrong?

PHP Code:

        if (isset($_GET['url'])) {
            $url = $_GET['url'];
        } else {
            $url = 'index.php';
        }

        header("Location: $url"); 


[zalez]

Take out the isset check real quick and try it

[zalez]

PHP Code:

if (isset($_GET['url'])) { 
            $url = $_GET['url']; 
        } else { 
            echo $_GET['url']; //place this here to see what url is
            $url = 'index.php'; 
        } 


That is what I would do for testing purposes

On a side note: what part of Colorado are you from?

[nmadd]

Take out the isset check real quick and try it

Crap. That still doesn't seem to work. It echos: /www/ff/editpost.php

PHP Code:

echo $_GET['url'];
$url = $_GET['url'];
header("Location: " . $url); 


If I put the url directly in there it works however. Could it be something with the other code I have in this page?

EDIT: Cool. Let me try the post above. Be right back.

[zalez]

What happens if you do something like:

PHP Code:

header("Location: " . $_GET['url']); 


Or Try:

PHP Code:

header("Location: $url"); 


[nmadd]

Okay, so those work. I copied the link I posted above, pasted it into my browser and got redirected to the editpost.php page. So I'm doing something stupid in between I guess.

I live in Denver proper. Not actually downtown but a stones throw away.

[zalez]

Go ahead and post the code for your page if it isn't horribly huge

I was born and raised in Colorado and now live in Wyoming

[nmadd]

I was born and raised in NJ but have been in Colorado for 12 years. Just another transplant.

Here's my big mess. Thanks for taking a look.

PHP Code:

<?php

require_once('header.inc');
require_once('functions.inc');

?>

<h1 class="title">Login</h1>
<div class="entry">
<ul>
  <li>You must login before you can add a new post, edit your old posts or changed your password.</li>
</ul>

<form action="login.php" method="POST">
<fieldset style="width: 75%;">
  <legend>Login</legend><br />
  <label style="text-align: right;">User Name:</label><input type="text" style="width: 175;" name="username" /><br /><br />
  <label style="text-align: right;">Password:</label><input type="password" style="width: 175;" name="password" /><br /><br />
  <input type="submit" style="width: 100; float: right;" value="Login"/>
</fieldset>
</form>
</div>

<?php

/**
 * Check that the user is in the database.
 */
if (isset($_POST['username']) && isset($_POST['password'])) {

    $username = $_POST['username'];
    // The password is encrypted in the database.
    $password = md5($_POST['password']);

    // Connect to the database and see if the user exists.
    $link = connect_db();

    $sql = sprintf(
        "SELECT
            PosterID,
            UserName,
            UserPassword
        FROM
            posters
        WHERE
            UserName = '%s' AND
            UserPassword = '%s';",
        mysql_real_escape_string($username, $link),
        mysql_real_escape_string($password, $link));

    // Get the results and determine if the user exists.
    $result = mysql_query($sql, $link);
    $count = mysql_num_rows($result);
    
    $row = mysql_fetch_assoc($result);
    $userid = $row['PosterID'];
    
    // Clean up.
    mysql_free_result($result);
    mysql_close($link);

    if ($count == 1) {
        // The user exists. Register them.
        $_SESSION['loggedin_id'] = $userid;
        $_SESSION['loggedin_username'] = $username;
        
        // Redirect the user to the page that they came from.
        if (isset($_GET['url'])) {
            $url = $_GET['url'];
        } else {
            $url = 'index.php';
        }
        
        header('Location: ' . $url);
        
    } else { ?>

<p style="color: #CD0000;">You must be really smart. You typed in the wrong username or password.<br />
Knowing you, they are probably both wrong.<br />
Try again Mr. Wizard.</p>

<?php
    } // End else
} // End if (isset

// The footer.
require_once('footer.inc');

?>

They get initially redirected like:

PHP Code:

// Check that the user is logged in first.
session_start();

if (!isset($_SESSION['loggedin_username'])) {
    header('Location: login.php?url=' . urlencode($_SERVER['SCRIPT_NAME']));
} 


[zalez]

Try this too:

PHP Code:

header('Location: http://127.0.0.1' . $_GET['url']); 


[zalez]

I think I figured it out. You send the url when you get redirected to login.php. Then when you post, you are not sending the url along with the post there fore it is losing the url.

PHP Code:

<?php 

require_once('header.inc'); 
require_once('functions.inc'); 

?> 

<h1 class="title">Login</h1> 
<div class="entry"> 
<ul> 
  <li>You must login before you can add a new post, edit your old posts or changed your password.</li> 
</ul> 

<form action="login.php" method="POST"> 
<fieldset style="width: 75%;"> 
  <legend>Login</legend><br /> 
  <label style="text-align: right;">User Name:</label><input type="text" style="width: 175;" name="username" /><br /><br /> 
  <label style="text-align: right;">Password:</label><input type="password" style="width: 175;" name="password" /><br /><br /> 
  <input type="hidden" name="url" value="<?php echo $_GET['url']; ?>"/>
  <input type="submit" style="width: 100; float: right;" value="Login"/> 
</fieldset> 
</form> 
</div> 

<?php 

/** 
* Check that the user is in the database. 
*/ 
if (isset($_POST['username']) && isset($_POST['password'])) { 

    $username = $_POST['username']; 
    // The password is encrypted in the database. 
    $password = md5($_POST['password']); 

    // Connect to the database and see if the user exists. 
    $link = connect_db(); 

    $sql = sprintf( 
        "SELECT 
            PosterID, 
            UserName, 
            UserPassword 
        FROM 
            posters 
        WHERE 
            UserName = '%s' AND 
            UserPassword = '%s';", 
        mysql_real_escape_string($username, $link), 
        mysql_real_escape_string($password, $link)); 

    // Get the results and determine if the user exists. 
    $result = mysql_query($sql, $link); 
    $count = mysql_num_rows($result); 
     
    $row = mysql_fetch_assoc($result); 
    $userid = $row['PosterID']; 
     
    // Clean up. 
    mysql_free_result($result); 
    mysql_close($link); 

    if ($count == 1) { 
        // The user exists. Register them. 
        $_SESSION['loggedin_id'] = $userid; 
        $_SESSION['loggedin_username'] = $username; 
         
        // Redirect the user to the page that they came from. 
        if (isset($_POST['url'])) { 
            $url = $_POST['url']; 
        } else { 
            $url = 'index.php'; 
        } 
         
        header('Location: ' . $url); 
         
    } else { ?> 

<p style="color: #CD0000;">You must be really smart. You typed in the wrong username or password.<br /> 
Knowing you, they are probably both wrong.<br /> 
Try again Mr. Wizard.</p> 

<?php 
    } // End else 
} // End if (isset 

// The footer. 
require_once('footer.inc'); 

?> 

They get initially redirected like:

Try this. What I did was add a hidden field to your form. Then it will pass as a post.

[nmadd]

Holy crap. That works. Thank you very much for your help. I have been beating my head against the wall all morning.

[zalez]

Anytime. I love php If you get stumped just drop me a line.