Help: redirect to the right page.

jfernandez

I have attached four files. index.php, login.php, main.php and functions.inc

The intention is to access main.php, if the user is not logged in, system redirects the user to login.php, after the user gives correct username/passwd, the system goes to main.php. But if the user gives the wrong username/passwd, system prompts the user to input the correct username/passwd in the login.php. It goes to the main.php only after user gives the correct username/password.

My scripts goes to the main.php after user gives the correct username/passwd in the login.php. But if user give the wrong info at the first time and gives the correct login info at the second time, the system goes to the index.php (which is not what I want).

Can someone with more experience let me know what I did wrong. thanks very much.

The correct login is username/password are "foo"/"bar"

main.php
********
<?PHP
include('functions.inc');

requiresLogin($_SERVER['REQUEST_URI']);

?>
<html>
<head><title>main</title>
</head>
<body>
<h1>This page requires login first</h1>
</body>
</html>

$page_action = $_POST['page_action'];
$msg = "";

if($page_action == "login")
{
$login_name = $POST['login_name'];
$password = $POST['password'];
if(Login($login_name, $password))
{
$ret = $_POST['ret'];

	if(!$ret)
	{
		$ret = "index.php";
	}
	redirect($ret);
}
else
{
	$msg = "User Name or Password invalid";
}

}
?>

<html>
<head>
<title>Login</title>
<script language="javascript">
<!--
function handleLogin()
{
if(document.forms[0].login_name.value == "")
{
alert("Please enter your Login Name!");
return false;
}
if(document.forms[0].password.value == "")
{
alert("Please enter your Password!");
return false;
}

document.forms[0].page_action.value = "login";
document.forms[0].submit();

}

function setfocus()
{
document.forms[0].login_name.focus();
document.forms[0].login_name.select();
}

//-->
</script>
</head>
<body onLoad="setfocus()">

<table cellpadding=20>
<tr valign=top>
<td width=25></td>
<td bgcolor=#f0f0b0>
<form name="login" method="post" action="<?=$SERVER["PHP_SELF"]?>">
<input type="hidden" name="page_action" value="">
<input type="hidden" name="ret" value="<?=$GET['ret']?>">
<table>
<tr>
<td>Login Name:</td>
<td><input type="text" name="login_name" value="<?echo $login_name;?>" size=20 maxlength=32></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password" value="<?echo $password;?>" size=20 maxlength=32></td>
</tr>
<tr>
<td><input type="button" name="login_button" value=" LOGIN " onClick="javascript:handleLogin()">
<td><input type="button" value=" CANCEL " onClick="javascript:history.go(-1)"></td>
</tr>
<tr>
<td align="center" colspan="2" height="10"><font color="red"><?echo $msg;?> </font></td>
</tr>
</table>
</form>
</td>
</tr>
</table>
</body>
</html>

index.php
*******
<html>
<head><title>index</title></head>
<body>
<h1>this is the index file</h1>
</body>
</html>

functions.inc
****************
<?PHP
function redirect($location)
{
header("Location: " . $location);
exit();
}

function requiresLogin($ret='')
{
if(!$_SESSION['USER_ID'])
{
$uri = "login.php";
if(!$ret)
{
$ret = "index.php";
}
$uri .= '?ret='.urlencode($ret);

    redirect($uri);
    exit();
}

}

function Login($login_name, $password)
{
if($login_name == "foo" && $password == "bar")
{
$_SESSION['USER_ID'] = "foo";
return 1;
}
else
{
return 0;
}
}

session_start();
ob_start();
?>

bpat1434

[php][/code] tags around your PHP code really help when we try and look at your code....

I notice that you reference page_action, but you dont' set it in your login form. And when you submit the login, the URI changes, so it loses the $_GET['ret'] value from the initial login. That's your issue right there: the URI changes.

I think the way to circumvent this would be to do the following:

// Put this under $page_action in "login.php":
$return_to = (isset($_POST['ret']))?$_POST['ret']:$_GET['ret'];

Then just echo that as the value of your hidden field, rather than rely upon 1 method.

If the user clicks through to login.php from main.php, the $GET['ret'] value is populated. Thus $return_to will hold that value because $POST is gonna be empty. WHen the form is posted, $_POST['ret'] is going to be populated with the URI, so if they failed the login, then the hidden field will have the value of the older POST, and thus solve your problem.

~Brett

jfernandez

Thanks Brett for the reply. It works now. I really appreciated.

The page_action value was set to "" as a hidden value, but it was set to "login" in the javascript.

document.forms[0].page_action.value = "login";

Thanks again for the help.

Joaquin