I put together the following script which is supposed to be a members only/restricted page on a website. The page redirects every user to a login page (access_denied.php) if the user is not logged in/authenticated. My next puzzle is to figure out a way to be redirected to the original page which the user intended to visit, after he logs in. Is there some line of code that has to be included in the target page or the login page to accomplish this?
<?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //authenticate user //Start session session_start(); //Connect to database require ('config.php'); //Check whether the session variable id is present or not if(!isset($_SESSION['id']) || (trim($_SESSION['id']) == '')) { header("location: access_denied.php"); exit(); } else{ require ('header_blogs.html'); //need the header print'Your entry has been submitted. Thank you!
'; print '
Return to hahap tok
'; } else { print "Could not add the entry because: " . mysql_error() . ". The query was $query.
"; } mysql_close(); } //Display the form. print'Please, Add Your Contribution to Half Tok Library!
      Title:            
      Explanation:
                        Just in case this might be helpful, here is the login script
<?php //address error handling ini_set ('display_errors', 1); error_reporting (E_ALL & ~E_NOTICE); //Turn on output buffering. Allows for headers to be called anywhere on script. See pg228 Ulman. ob_start(); //start session session_start(); //include the config or connect file require_once("config.php"); // username and password sent from form //NEVER Remove the mysql_real_escape_string. Else there could be an Sql-Injection! $username=mysql_real_escape_string($_POST['username']); $password=mysql_real_escape_string($_POST['password']); $sql="SELECT * FROM members WHERE username='$username' and password='$password'"; //the variable assigned to the post username should match the named attribute of username of login form. same for the password. $result=mysql_query($sql); // Replace counting function based on database you are using. $count=mysql_num_rows($result); // If result matched $myusername and $mypassword, table row must be 1 if($count==1){ // Register username, firstname and redirect to file session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['id'] = $member['member_id']; $_SESSION['firstname'] = $member['firstname']; $_SESSION['lastname'] = $member['lastname']; session_write_close(); header("location: member_index.php"); exit(); }else { //Login failed header("location: login_failed.php"); exit(); } ?>I was thinking about creating a unique login page for every page on the site that requires authentication, that would redirect the user to the appropriate target page upon logging in using the header function, but I would love to believe that there is some line of code that would do the same job, using just one login page for the entire website. Any suggestions would be greatly appreciated.