PHP Redirect to a Page (Specifics Inside)

MrMaverick · April 12, 2012, 1:26am

How would you go about creating a PHP script for the following scenario? The reason being I wish to do this so it eliminates a navigation step for the users of my website.

Let’s say you go to a page of the website where authentication is required (you need to login). You came in externally, from a link on another web site, or a person gave you the link. My site will redirect you automatically to an error page explaining that you don’t have access to the page. So you enter the login details, and now your back at the home page. Well, if your not familiar with the layout of my website, this could be a problem, since, well, you don’t know where to go to find the information your looking for!

Logically, I guess the program layout would be to save the requested url into a PHP variable, and store it across pages using either a Session, Cookie, or transfer it through the url. Since these pages are login protected, it would make more sense to use a Cookie or a Session. Then, when the user logs in and submits the form, the variable would be used in the header() function so as to redirect the user back to their intended destination.

My real question would be: Does this code make sense to you?

On the Authorization Script.
[php]
/* LOL I am showing my steps as a student… ROFL! */

//If An Existing Session is NOT already present
if(!isset($_SESSION)) {
//Start a NEW Session
session_start();
}
else
{
//Do Nothing
}

//If the user is not logged in, save the requested URI for later redirection
//Obtain the host address or name requested
$host = $_SERVER[‘HTTP_HOST’];

//Obtain the URI requested
$uri = $_SERVER[‘REQUEST_URI’];

//Assemble the link together
$redirect_back = “http://$host$uri”;

//Store in the SESSION array
$_SESSION[‘orig_req’] = $redirect_back;
[/php]

On the login page:

[php]
/* Blah Blah Blah Login Code
{
//Login Code DUN DUN DUN
}
*/

//Redirect the user to their original page
header(“Location:” . $_SESSION[‘orig_req’] . “”);
[/php]

MrMaverick · April 12, 2012, 2:33am

I’ve tried to insert this code into an included file so I don’t have to copy and paste this into every php file. This ends up however returning the link to the included file and not the parent script that’s including that file. Is there a way around this problem?

Improvizionz · April 12, 2012, 6:57am

Okay, so your simpl trying to make it so if they are not logged in, it forces them to redirect to login? If that’s all, I would suggest you have something like a configuration file, and you simply enter something like:

<?php

// Put anything else up here.

$login = "http://site.com/loginurl.php";

if ($_SESSION['username']) // Test if logged in and you can change this to your session or any other method your using.
{
// Guess were logged in or at least they have a session for user.
}
else
{
header('Location: '.$login);
exit;
}

?>

Now I’m sorry to say with that you would have to include your configure PHP in everypage, but it could contain a lot of stuff to use on a lot of pages that’s easy to change.

I am not sure the “header()” code is correct, it’s been a while since I have used it, so if you get errors I am sorry. I don’t have any references to to look at right now. But I hope this helps you out, I also realize this may not be the best method, but it’s ones I use and it sounds easier than listing all that coding in every document.

MrMaverick · April 13, 2012, 12:43am

[php]
Okay, so your simply trying to make it so if they are not logged in, it forces them to redirect to login? If that’s all, I would suggest you have something like a configuration file, and you simply enter something like:
[/php]

I apologize if you have misinterpreted my question, but that is not the case. I have that procedural code down pat.

The feature I am talking about is that when a user is not logged in, and they request a page that requires them to be logged in, the server will remember what page they requested, so when they are redirected to the login page, enter their login information, and successfully log in, the server will be able to direct them back to their original requested page. In other words, the server remembers what the user wanted, and patiently waits for the user to login before giving them what they wanted.

I want to know how to do this through an included php script. So for example:

A user requests MEDIA.php. It is protected by the login script AUTH.php, which is included in MEDIA.php. The user is redirected to LOGIN.php, and proceeds to login. Once the user logs in, the server redirects them back to their request, MEDIA.php, instead of a set page such INDEX.php (the server’s home page, where the user can find links to all the pages through that page).

richei · April 13, 2012, 6:01pm

I know what your asking. you’re basically trying to prevent unauthorized access to pages. What you can do is on each page, if they aren’t logged in, set a session variable before the header, something like $_SESSION[‘reqpage’] = “media.php”.

Then on your log in page, set a hidden input to the name of the page, when they log in, see if its empty and if not, do a redirect to that page.

MrMaverick · April 14, 2012, 12:51am

I know what your asking. you're basically trying to prevent unauthorized access to pages.

I had to re-read that four times before I realized that these were separate sentences with a significant difference in context. Good thing I did, or I would have made myself post something much more stupid than this sentence.

What you can do is on each page, if they aren't logged in, set a session variable before the header, something like $_SESSION['reqpage'] = "media.php"

I do something of the sort, at least on the pages that requires a user to be logged in:
[php]
//If An Existing Session is NOT already present
if(!isset($_SESSION))
{//Start a NEW Session
session_start();
}
else{
//Do Nothing
}

//Save the Requested Link for later redirection
//Obtain the host address or name requested
$host = $_SERVER[‘HTTP_HOST’];
$uri = $_SERVER[‘REQUEST_URI’];

//Assemble the link together
$redirect_back = “http://$host$uri”;

//Store in the SESSION array
$_SESSION[‘orig_req’] = $redirect_back;

//Store the Footer Variable
$_SESSION[‘footer’] = “default”;

//Require The User To Be Logged In
require “auth/login_check.php”;

[/php]

And on the Login Page:

[php]
//Extract Original Request Information From Session
$request = $_SESSION[‘orig_req’];

//If no request URI is detected, tell the user they will navigate to their page manually.
if(!$request) {
$request = “home.php”;
echo “Error: No address to automatically redirect user to originally requested destination.
”;
}

//Message to the user indicating that the logon script has successsfully logged them in with no problems
echo “You have successfully logged in. If you can see this message, redirection has failed. Return to <a href=“home.php”>Home”;

//Redirect the user to their original page
header(“Location: $request”);
[/php]

I have the feature working on the web server now. However, I want to be able to use the code that formulates those links into an include file. Which I have tried to do, however, the $_SERVER variables change from the scope of the original script to the scope of the included file. Is there a way around that doesn’t involve more than perhaps 10 to 20 lines of code?

richei · April 14, 2012, 6:50am

you can’t check for the presence of a session without first starting it. an example would
[php]
// media.php
session_start();
if(!$_SESSION[‘auth’]) {
$_SESSION[‘reqpage’] = ‘media.php’;
header(‘Location: login.php’);
} // no else needed because we want the page to continue if they are logged in

//login.php
session_start();
if(isset($_POST[‘submit’])) {
$_SESSION[‘auth’] = 1;
// regular login verification set
if($_SESSION[‘reqpage’]) {
header(‘Location: $_SESSION[reqpage]’);
} else {
// wherever they go upon sucessful login
}
}
[/php]

That’s all that’s to it

MrMaverick · April 16, 2012, 2:39am

you can't check for the presence of a session without first starting it.

I do understand that I can’t work with a session if it hasn’t been initiated; things like checking the existence of variables.

So this code is basically useless? I thought I was checking to see if the session had already been started in the first place on this page.

[php]
//If An Existing Session is NOT already present
if(!isset($_SESSION)) {
//Start a NEW Session
session_start();
}
else {
//Do Nothing
}
[/php]

Your demo code has made it very clear as to how to handle simple hard coded re-directions for a page. I guess my question however was not asked clearly.

[i]I want to be able to have a single script handle all the redirection instead of having redundant code all across the main pages. So if I wanted to change the redirection code for example, I would only have to open up a single file instead of having to open perhaps 10 to 30 different .php files just to edit similar code.

It seems that such a script can be done via an include / require and using the $_SERVER superglobal. The problem I’ve had with trying something like this though is that the links have the wrong scope, that is to say they reference the included / required file instead of the parent script they are called from.[/i]

Is there a way to work around the fact that the $_SERVER superglobal returns the included file’s properties instead of it’s parent that called it in the first place?

Or is this not possible?

richei · April 16, 2012, 5:12am

There’s no simple way of doing that. Wish there was, because it would make my life easier. I can’t see a way of doing with includes, but you’re only dealing with 6 to 8 lines of code and less on the log in page.