User Redirection

Hi,

I am having a little problem with my coding and was wondering if someone could please help me.

The code below is a working login script where when a user logs in they are redirected to a URL which I have in my SQL database. The problem I am having is I would like to create a link on every page which says something like “My Account” - and when a user clicks the link the script automatically knows who is logged on and redirects to the page which matches the URL in the database.

I hope I am making sense as I’ve been working on it for days and cannot figure out how to do it. :o

[php]<?php
session_start();

require ‘config.php’;

$user_name = $_POST[‘username’];
$user_password = $_POST[‘password’];

$qry = “SELECT id, redirect
FROM
users
WHERE
username = '”.$user_name."’ AND
password = ‘".$user_password."’";

$result = mysql_query($qry);

$count = (int)mysql_num_rows($result);
if($count != 0) {

$row = mysql_fetch_assoc($result);
$_SESSION['loggedIn'] = true;
header('Location: '.$row['redirect']);

} else {

header('Location: index.php');

}

exit;
?>[/php]

The config.php has basically my login details for phpmyadmin and nothing else. If anyone can help me it would be greatly appreciated.

Kind regards,

Robert.

Well, what are you storing as the “redirect” value?

If it is a file inside the current file, it should be in the format of something like “user.php”, “user.php?userid=93” or some other standard name for a file which can use arguments as I showed in the second example. It could also include folders if there is nesting needed such as “userfiles/user93.php”, “userfiles/users/index.php?userid=93” or any other such standard file. For all of these, they must not start with a “/” and should be an actual filename ending with an extension!

If it is an actual redirect URL, it should be a full URL such as “http://www.google.com/” or “www.xyz.com/subfolder/user93.php”… A full URL to a domain which would pull the default file for that domain or an actual full domain with a file and extension.

If you are not sure what is in the database, echo it just before the PHP-header line to see what you are sending out in the location URL… Good luck!

Thank you for the reply ErnieAlex.

In my database the redirect field is a full URL (eg. www.xyz.com/subfolder/user93.php).

When the user initially logs in they are actually redirected to the URL in the database - that is working fine.

But if they navigate to anothe page the only way for them to get back to the page is to press the back button. This is the reason I would like to create a link, but don’t know how to do it.

use a session variable to see if they’re logged in or not
[php]
session_start();

if(!isset($_SESSION[‘AUTH’])) {
// redirect to login page
} else {
// display my content link
}[/php]

Thanks for the reply richei.

This is what I have tried but with no joy. This is what I have typed in…

[php]session_start();
if(!isset($_SESSION[‘AUTH’])) {
// redirect to login page
} else {
header('Location: '.$row[‘redirect’]);
}[/php]

I’m not quite sure what I am supposed to type inside the header location.

Okay, I see it now, this line is wrong: header('Location: '.$row[‘redirect’]);

Inside the header is usually ‘Location: www.xyx.com’ … NOTE: quotes!
You create it something like 'Location: ’ . www.xyz.com … NOTE: no quotes around URL…

Try this version:

header("‘Location: " . $row[‘redirect’] . "’"); … NOTE: the last is double-single-double quotes…

This should create the correct ‘Location: www.xyz.com’ … as needed… Hope that does it!

Try this version:

header("‘Location: " . $row[‘redirect’] . "’");

I have tried using the method you mentioned but it still doesn’t work.

When the user logs in initially the code works but when I try to send the user to the same page again after login it won’t.

Instead the header command, // it out and just echo the value to see if it is correct…
Perhaps you do not have the correct page shown or the folders are not correct or HTTP: is missing…

An:
echo $row[‘redirect’]; should show what you are trying to move to.

I have tried to echo out the redirect url but I am just getting a blank page, so obviously this is where the problem is.

I can’t understand why it works fine on the login page but it won’t let me redirect a user again.

Well, we at least are narrowing it down some. Leave the echo in place for later and look at the query:
$qry = “SELECT id, redirect
FROM
users
WHERE
username = '”.$user_name."’ AND
password = ‘".$user_password."’";

Make sure the user_name and user_password you are testing with gets into this query.
I would do another echo just above the query like:
echo $user_name . “
”;
echo $user_password . “
”;
die();

And, see if it is pulling the correct inputs to the query. (Standard debugging procedure!)
And, then, echo the query and die after the name/pass is checked out. Sometimes a small quote or whatever inside the actual query can stop it from pulling correctly.

Lastly, you can print the full row of data after the query using:
print_r($row);
This will show you the entire row outputted from the query and perhaps you will see something in that array.

Good luck… Let the debugging start… LOL…

Thanks ErnieAlex for the tips. I have tried the echoing out the $user_name and $user_password to which I am still getting a blank screen which suggests there is a major error with my script. It’s basically not seeing who is logged in at all.

here is my full code at the moment:

login.php (which works fine and lets the user log in and redirects to the URL in my database):
[php]<?php
session_start();

require ‘config.php’;

$user_name = $_POST[‘username’];
$user_password = $_POST[‘password’];

$qry = “SELECT id, redirect
FROM
users
WHERE
username = '”.$user_name."’ AND
password = ‘".$user_password."’";

$result = mysql_query($qry);

$count = (int)mysql_num_rows($result);
if($count != 0) {

$row = mysql_fetch_assoc($result);
$_SESSION['loggedIn'] = true;
header('Location: '.$row['redirect']);

} else {

header('Location: index.php');

}

exit;
?>[/php]

Then there is account.php (which is just showing a blank page - even after echoing out the username after login):
[php]<?php
session_start();

require ‘config.php’;

$user_name = $_POST[‘username’];
$user_password = $_POST[‘password’];

$qry = “SELECT id, redirect
FROM
users
WHERE
username = '”.$user_name."’ AND
password = ‘".$user_password."’";

$result = mysql_query($qry);
$count = (int)mysql_num_rows($result);
$row = mysql_fetch_assoc($result);

if(isset($_SESSION[‘loggedIn’])) {
header("‘Location: " . $row[‘redirect’] . "’");
} else {

}

?>[/php]

I have a normal php page which has a link to account.php. My Account
When I click this link it just goes to account.php but a blank page appears. Could it be something to do with the $_POST on my account.php page?

:o :o :o

Well, do you mean that you are using: My Account
to get to your account.php??? You can’t do that.

If you do not POST the form, there are no $_POST[] variables to be used. I thought you echo’d these variables for $user_name and $user_password? If so, they are not coming from an HREF tag as above…
Also, did you echo the $_SESSION[‘loggedIn’] variable to make sure it is set?

Perhaps one of your two pages that call this account.php file is not set up correctly.
Does the one that works use the same way to call the account.php file?

ok, on the login page, change this to
[php]
if($count != 0) {
$row = mysql_fetch_assoc($result);
$_SESSION[‘uname’] = $_POST[‘username’]; // change to match yours
$_SESSION[‘upass’] = $_POST[‘password’];
$_SESSION[‘loggedIn’] = true;
header(‘Location: $row[redirect]’);
} else {
header(‘Location: index.php’);
}[/php]

then on the account page, just change those $_POST references to the equivelent session variables. that should solve that issue.

When I click the link My Account what I would like to happen is get redirected to the URL in the database - just like the same way when the user logs in.

I did echo out the $_SESSION[‘loggedIn’] variable and it is set.

on login.php the user uses a form to type username & password. then they are automatically redirected to the URL in the database - That works.
So from there if the user wants to return to that same URL I thought I could create a php file (ie. account.php) which when clicked it would redirect the user back to the same URL in the database… Is that not possible?

on the login page, you need to run a check for that loggedin session before you do anything else on there. If its true, then send them to where ever they need to be. If its not, then display the login form. Sounds like the other pages just need to be restructured to use sessions instead of _POST.

Sure, that should work. But, since you already have the URL page from the login page, why not just return it in a $_SESSION[] variable. Then it is always there for the user. Just save the page he is redirected to in the log in page in the variable and on the next page when they get there, just add an HREF that says "RETURN TO: " and the reference. That would work.

As far as your current code goes, I just can’t see why it is not working. It should work!
I will look at it more a bit later…

This seems to be getting closer. Now when I echo out the username & password it’s not just a blank page anymore but it is displaying the correct details. So this suggests the page now knows who is logged in.

But it’s not redirecting to the URL in the database. When I echo $row[‘redirect’]; it’s showing a blank page so I think now it’s just getting the information from the database.

If you are echo’ing $row[‘redirect’] after the query and it is blank, then, either you have it spelled wrong. (which I doubt as it works in the previous page. Or, there is nothing in the database for that field. You should log into your database and make sure that there is an entry for that user/password…

I can’t understand it. There is definitely a URL in the database because when the user initially logs in they are actually redirected to the correct URL.

When I echo $row on it’s own I am still getting a blank page.

When I echo $result I am getting Resource id #3