Redirecting to previous page after login?

by

A common way to do this is to pass the user’s current page to the Login form via a $_GET variable.

For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we’re going to change your script so that is also tells the login page to remember where you are:

header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
// Note: $_SERVER['REQUEST_URI'] is your current page

This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:

//  login.php
echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
    echo htmlspecialchars($_GET['location']);
}
echo '" />';
//  Will show something like this:
//  <input type="hidden" name="location" value="comment.php?articleid=17" />

 

//  login-check.php
session_start();

//  our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
    $redirect = $_POST['location'];
}

if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
    $url="login.php?p=1";
    // if we have a redirect URL, pass it back to login.php so we don't forget it
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location: " . $url);
   exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
    $url="login.php?p=2";
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location:" . $url);
   exit();
}
elseif(isset($_SESSION['id_login'])) {
    // if login is successful and there is a redirect address, send the user directly there
    if($redirect) {
        header("Location:". $redirect);
    } else {
        header("Location:login.php?p=3");
    }
    exit();
}

Gotchas

You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php… then they will be sent to a foreign URL that will try to do something bad.

Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don’t break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?‘s and will not work correctly)

More Related Contents:

  1. Redirecting to previous page after login? PHP
  2. Redirecting WordPress’s Login/Register page to a custom login/registration page
  3. PHP store hours, closed dates [closed]
  4. PHP session lost after redirect
  5. How can I find where I will be redirected using cURL in PHP?
  6. PHP Sessions across sub domains
  7. GET URL parameter in PHP
  8. Why I have to call ‘exit’ after redirection through header(‘Location..’) in PHP?
  9. PHP Curl And Cookies
  10. PHP page redirect [duplicate]
  11. How to programmatically login/authenticate a user?
  12. Page redirect after certain time PHP
  13. Redirect with CodeIgniter
  14. PHP header(Location: …): Force URL change in address bar
  15. Custom user authentication base on the response of an API call
  16. How To Detect An Incoming Request (With PHP Script) From a CNAME Subdomain?
  17. Laravel 5.3 auth check in constructor returning false
  18. Laravel 5.4 redirection to custom url after login
  19. How to kill a/all php sessions?
  20. PHP header location-redirect doesn’t work – why? [duplicate]
  21. REST API Authorization & Authentication (web + mobile)
  22. CakePHP remember me with Auth
  23. How to redirect to the same page in PHP
  24. How validate unique email out of the user that is updating it in Laravel?
  25. How to properly use Bearer tokens?
  26. WWW to non-WWW Redirect with PHP
  27. PHP authentication with multiple domains and subdomains
  28. destroy session when broswer tab closed
  29. SQLSTATE[HY000] [1698] Access denied for user ‘root’@’localhost’
  30. Single Session Login in Laravel

Leave a Comment