Sessions / Login / Http_referrer

ezekiel

Here is my problem.

My site requires users to login to gain access.
If a user trys to access a page with the site and is not authenticated then they are forwarded back to the login screen.

So i've secured my site, but I've created an inconvenience. If user X tries to access http://mysite.com/mypage.php?var1=y&var2=p, I'd like to forward them back to that page after logging in.

I've tried setting a session var to the HTTP_REFFER and PHP_SELF before I forward to the login page; I get the URL but no variables attached.

Any Suggestions? Thanks in Advance!

cool-palace-ceo

Here is what i did, and it worked just fine.... (and i used $PHP_SELF)

this is the first file, like the one someone would call with out being logged in:

<?php
session_start();

$username = $_SESSION["username"];
$password = $_SESSION["password"];

if(!$username || !$password) {
echo "<B>Redirecting To Logon Page</B>";
echo "<meta http-equiv=\"refresh\" content=\"2;url=login.php?page=$PHP_SELF\">";
} else {
echo "<b>Welcome, $username!</b>";
}

?>

and here the logon page, that will redirect them page to that page above ^

<?php
session_start();

$_SESSION["username"] = "brian";
$_SESSION["password"] = "brian";

if(!$page) {
echo "<b>WELCOME, $url</b>";
} else {
echo "<b>Redirecting To Previous Page</b>";
echo "<meta http-equiv=\"refresh\" content=\"2;url=$page\">";
}

?>

this is obviously very simple, but this same method will always work, no matter how hard the method

ezekiel

cool-palace-ceo,

Thanks for the reply. I do something similar to this already and it works great.

However, the problem is that the PHP_SELF server var does not store HTTP_POST_VARS in it. So suppose I access mypage.php i can easily get the value of mypage.php to perform a redirect. Now if i was to access mypage.php?theme=100 I want to return that entire url not just the mypage.php portion.

Any suggestions?

keith73

Originally posted by ezekiel
cool-palace-ceo,

Thanks for the reply. I do something similar to this already and it works great.

However, the problem is that the PHP_SELF server var does not store HTTP_POST_VARS in it. So suppose I access mypage.php i can easily get the value of mypage.php to perform a redirect. Now if i was to access mypage.php?theme=100 I want to return that entire url not just the mypage.php portion.

Any suggestions?

1) post some code. It's hard for us to guess what you're doing.
2) the Referer is stored in $SERVER['HTTP_REFERER'] (PHP 4+)
3) PHP_SELF doesn't store HTTP_POST_VARS in it. It just references the script back to itself.
4) HTTP_POST_VARS is obsolete, you should use $POST

one other note about the HTTP_REFERER
It is not reliable because many proxy servers hide the referer link and IP address.

Keith