One more thing: since the REQUEST_URI only returns something along the lines of "/page.php" then where I put the url would I need to code it like this: "http://www.itweb.mysite.com"?
Redirect user to previous page after valid log in
Looks like I had a typo in there before:
header("Location: http://www.itweb.mysite.com".$url);That sort of thing should work. To debug stuff like this, in a development environment, just do something like:
echo "http://www.itweb.mysite.com".$url;
exit;and then delete those lines for production, replacing them with the [man]header/man call.
... or just leave the header() call in place exactly as is and simply view the response headers the server sent to your web browser. 
Everything appears to be working fine. At least it redirects me to the previous page I viewed when I test it. But, from my original post I have the following code near the top of my page on the log in:
if (!isset($_SESSION['ValidLogIn'])){
This now sits underneath the code (with the valid urls):
<?php
session_start();
if(isset($_SESSION['url'])) {
$url = $_SESSION['url'];
}
else {
$url = "index.php";
}
But I am not setting the session variable for ValidLogIn anywhere. Therefore, the code on my header page, where I want to change the "Log In" and "Create Account" links to "Log Out" and "Edit Account", plus add a personalized greeting using the members name obviously will not work. Will it?? Since I changed the code to validate a user log in to this:
if($username == TRUE){
$_SESSION['UserName'] = $username['USER_NAME'];
header("Location: http://mysite.com".$url");
exit();
}
Should I change the name ValidLogIn to UserName?? Or do I need to create a session variable named ValidLogIn within the if statement where I check to see if it is set?
As a newbie I am unfamiliar with whether or not you can have two session variables running at the same time. What is confusing me is that the header.php page contains only the header information for every page. And for every page I include the header.php. That is where I am getting confused now. Any help would be greatly appreciated on how to solve this.
I hope this post makes sense. If not, please ask for clarification.
Has anyone had a look at this thread in the past few days? I'm still confused about the if statement with ValidLogIn and whether or not that is necessary or if I should rename it to UserName to get it to work. If need be I can post the entire code as I have it now for clarification as to how it is set up and as to what exactly I am asking here. I'm out of town and do not have access to check the code until I return home on Wednesday.
I'd truly appreciate any, and all, help I can get in this matter as it is rather confusing to me. I have been researching on the internet and from what i understand you can only have one session variable set up per website. Is this correct??
hugoriffic;11025811 wrote:But I am not setting the session variable for ValidLogIn anywhere.
Then why are you trying to check if it exists before executing some code? Doesn't it seem a bit silly to you to wrap code inside a conditional statement that should never evaluate to anything but false?
hugoriffic;11025811 wrote:Should I change the name ValidLogIn to UserName?? Or do I need to create a session variable named ValidLogIn within the if statement where I check to see if it is set?
You can do either one, or you could even pick an entirely different name. What you shouldn't, do, is define something called "foo" in one spot and then check to see if it exists as "bar" in another.
hugoriffic;11025811 wrote:As a newbie I am unfamiliar with whether or not you can have two session variables running at the same time.
Not sure what you mean by "running" there. Variables don't "run" at all - they're just pieces of information that are stored somewhere and given a specific name. As for session variables, the default behavior is to store the entire session data in a single file on disk. That one file can have any number of session variables inside of it.
EDIT: Just to clarify... the "single file on disk" refers to what is done for each session. If 10 users visit your site, there should be 10 different sessions being created and stored on disk (e.g. in 10 different files).
hugoriffic;11025907 wrote:I have been researching on the internet and from what i understand you can only have one session variable set up per website. Is this correct??
Most certainly not.
OK, I've thought about your reply bradgrafelman, and re-read this entire post from start to finish several times, and now I want to run the logic by everyone to see if I understand it correctly. That way I might be able to figure this out on my own. So, here goes...
First off every time I have seen a log in page that redirects back to a prior page that log in page did not contain the opening
session_start();
Only the pages that were linked to it contained this. So, I'm assuming this is unnecessary on the log in page.
Secondly these lines
if($username == TRUE){
$_SESSION['UserName'] = $username['USER_NAME'];
header("Location: http://mysite.com".$url");
exit();
}
First check to see if a valid log in has been entered, and if so, the username variable is set to the session ID variable and then the page is redirected back to the previous page.
The lines that sit on the top of every page including the log in
<?php
session_start();
if(isset($_SESSION['url'])) {
$url = $_SESSION['url'];
}
else {
$url = "index.php";
}
Start the session ID that has been created from the valid log in then check as to whether the current url matches the url that the user is on and, if so redirects them back to the previous page, or, if not, send them to the index.php page. This only happens if a valid log in was created. Other wise this line occurs
if($username == FALSE)
{
$Password = null;
showForm('Invalid log in information.');
exit();
}
Which keeps them on the log in page and send up the error message.
Therefore, the line
if (!isset($_SESSION['ValidLogIn'])){
does nothing because there is no ValidLogIn session ID being set so this needs to be removed.
Because these lines
$UserName = $_POST['txtUserName'];
$Password = $_POST['txtPassword'];
//validate username and password match
if($Password != Password($UserName) && isset($_POST['btnSubmit']))
{
showForm('User Name And Password Do Not Match!');
exit();
}
check to see if a valid check in is made pass the variable $UserName down to the valid check which if true sets the session ID.
Therefore, I should change this line on the header page (where I want to change the log in to log out etc
if (isset($_SESSION['ValidLogIn'])){
needs to be changed to
if (isset($_SESSION['UserName])){
Is this correct??
hugoriffic;11025915 wrote:OK, I've thought about your reply bradgrafelman, and re-read this entire post from start to finish several times, and now I want to run the logic by everyone to see if I understand it correctly. That way I might be able to figure this out on my own. So, here goes...
First off every time I have seen a log in page that redirects back to a prior page that log in page did not contain the openingsession_start();
Then you should read someone else's code. If you do not call session_start() on a "log in page", you cannot assign any value to the $_SESSION array, like a username, user ID, "is_logged_in" flag, etc. There is, I suppose, some room for ambiguity here; for example, what's a "log in page", exactly? Is it the form for entering user credentials, or the handler that processes said credentials once they're submitted?
It is the form for entering credentials. OK, other than that, does is my logic correct? Am I stepping through the processes properly?
I meant to ask if my logic is correct? Does it look good?
Please, can someone comment on my logic??
5 days later
yes where?
4 days later
I tried the code suggested by hugoriffic and it worked. Thanks for sharing the code.