Can you describe what this means?

dw89

header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));

This is from a login script that if yuo are not logged in then it returns you to a login page..it works but I don't understand some of it.

up to here I do: header('Location: Login.php?refer='.urlencode

but the rest I don't, someone be kind enough to explain?

Thanks

Dave :o

thorpe

$PHP_SELF refers to the page this is on, and $HTTP_SERVER_VARS['QUERY_STRING'] refers to whatever value is in the querystring.

i would say this is used so that once you are logged in, the script can redirect you back to where you came from.

subwayman

It simply passes on any query string entered in the oringal page to the login page.

For example. Let's say someone tries to access a product description on a page with url:

www.mystore.com/product?productid=widgit1

But this page is restricted so the user gets redirected to the login page. If you don't pass on the query string (?productid=widgit1) to the login page it won;t be a ble to redirect the user back to the original request if the login is successful.

dw89

Oh, it's from this.....an include file which the document says is a 'smart' page that you put in all the .php files you want securing.

// Check for a cookie, if none got to login page
if(!isset($HTTP_COOKIE_VARS['session_id'])) {
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

// Try to find a match in the database
$sGUID = $HTTP_COOKIE_VARS['session_id'];
$hDB = mysql_connect('server', 'username', 'password');
mysql_select_db('database', $hD😎;

$sQuery = "
Select iUser
From tblUsers
Where sGUID = '$sGUID'";

$hResult = mysql_query($sQuery, $hD😎;

if(!mysql_num_rows($hResult)) {
// No match for guid
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}
?>

dw89

thanks I understand. One other thing you could help me with perhaps is the following code which is part of the login script which checks the user/pw entered. I want to put an access level variable on each page that is secured by the previously mentioned include script (say $access=3; or some such). In this code below I need to check it (say I've got a level access in the same tblusers db table) but everything I try doesn't work. Here's the standard code:

<?PHP
// Check for a cookie, if none got to login page
if(!isset($_COOKIE['session_id'])) {
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

// Try to find a match in the database
$sGUID = $_COOKIE['session_id'];
$hDB = mysql_connect([removed]);
mysql_select_db('test', $hD😎;

$sQuery = "
Select iUser, sClearance
From tblUsers
Where sGUID = '$sGUID'";

$hResult = mysql_query($sQuery, $hD😎;

if(!mysql_num_rows($hResult)) {
// No match for guid
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

and here's the code I've tried:

<?PHP
// Check for a cookie, if none got to login page
if(!isset($_COOKIE['session_id'])) {
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}

// Try to find a match in the database
$sGUID = $_COOKIE['session_id'];
$hDB = mysql_connect([removed]);
mysql_select_db('test', $hD😎;

$sQuery = "
Select iUser, sClearance
From tblUsers
Where sGUID = '$sGUID'";

$hResult = mysql_query($sQuery, $hD😎;

if(!mysql_num_rows($hResult)) {
// No match for guid
header('Location: Login.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
}
/else {
// Now check clearance
//if(mysql_num_rows($hResult)) {
//$aResult = mysql_fetch_row($hResult);
//$sClearance='$aResult[1]';
$sClearance=2;
$UserSecurityLevel=3;
if $sClearance<$UserSecurityLevel {
header('Location: error.php?refer='.urlencode($PHP_SELF.'?'.$HTTP_SERVER_VARS['QUERY_STRING']));
//header('Location: http://localhost/error.php');
}
}/
?>

subwayman

if $sClearance<$UserSecurityLevel {

should be

if ($sClearance<$UserSecurityLevel) {

dw89

Thanks so much mate!! I'll try it later! See it doesn't matter how much you code and how many hours you look at something usually an obvious mistake is spotted by someone else!!!

Thanks again!

Dave :o