HTTP_REFERER situation

ethought

One of these days I will get out of the Newbies Forum. 🙂

I have a login page and when I go to this page from another page, I save the HTTP_REFERER variable so I know where I came from. This works as long as I login correctly. However, if I don't login correctly, I am sent back to the login page, and then my HTTP_REFERER become the login page and so no matter what I do now, I am always sent to the login page.

I am wondering the best approach to resolve this. Below, I have my Login Action code where I handle the login.

session_start();
	require_once('Connections/Holocron.php');
	$referer = $_SERVER['HTTP_REFERER']; 	
	$user = $_POST['username'];
	$password = $_POST['password'];

mysql_select_db($database_Holocron, $Holocron);
$query = mysql_query("SELECT * FROM users WHERE Username = '$user'");
$data = mysql_fetch_object($query);
$stored_pass = $data->Password;

if ($stored_pass == $password)
{
	$query2 = mysql_query("SELECT rolename FROM user_roles WHERE Username = '$user'");
	$data2 = mysql_fetch_object($query2);
		$_SESSION['loggedin'] = 1;
		$_SESSION['user'] = $data->Username;
		$_SESSION['role'] = $data2->rolename;

		echo $referer . "<BR>";
		echo "Logging you in $user with role $data2->rolename. Please wait...";
		echo "<meta http-equiv='refresh' content='3;URL=" . $referer . "'>";
}
else
{
	Header("Location:LoginForm.php?failed=true");
}

Thanks.

Gregg

stolzyboy

you can, on your login page, get the referer from that and pass that variable however and if you logged in wrong, simply use the variable from the old referer page, so

you come from test.php page, it goes to login.php page

your referer is test.php right now, keep that variable in a hidden field, then you log in wrong, it will be posted any way, then you can redirect back to test.php with the var you kept it in

get it?

ethought

Well, I understand what you are saying, but I am not sure that I understand the logic. Because if I am setting that hidden field, won't it be set to the HTTP_REFERER which goes back to login.php anyway? So wouldn't it do the same thing?

stolzyboy

you check if the referer is login.php, if it is, use the hidden var from the previous page

furanku

Hi ethought,

or you save the referer in a session and a boolean for check proper login.
at the second login (and of course every login) you check if your boolean is set. if not its the first login, if notyou check the referer in the session.

codesnips you need are something of this:
start_session();
session_set($firstlogin) true/false;
register_session($referer);
unregister_session($referer);

Check Docs for proper syntax!

Ciao Fu-Ran-Ku