tags:

views:

62

answers:

2
+1  Q: 

Remembering URL until authentication is complete

How do I remember a url in php to serve it to a user after authentication. The idea is the user will request the url but while unauthenticated. In this case, I forward him to the login page, but what's the best practice to save that url so I can serve it to him once authenticated. I thought about saving it in session variables, but not sure about the implementation. Are there best practices for this?

+4  A: 

Put it in a hidden field in the form or save it to a session variable.

Example

login.php?l=account.php (where l is the page to go after login).

<form action="action/login.php" method="post">
<input type="hidden" value="<?php echo $_GET['l'] ? $_GET['l'] : 'index.php'; ?>" name="redirect" />
...
</form>

action/login.php

<?php

  ... do some checking here...

  if($loggedin){

    redirect($_POST['redirect']);
    // redirect() a wrapper function for header("Location: $url");

  }else{

    redirect('login.php?l='.$_POST['redirect']);
    // go back to login page

  }

?>
thephpdeveloper  2009-10-31 15:01:10
Preferably the former. Sessions will cause troubles (redirect to the wrong URL) if the user opens multiple login forms from different locations.
Lukáš Lalinský  2009-10-31 15:03:56
And of course *NEVER* output raw user input into your HTML. :) use `htmlspecialchars()` on it.
Lukáš Lalinský  2009-10-31 15:05:39
The only issue here is that most people like to automatically redirect to the login page
Joe Philllips  2009-10-31 15:05:43
yep correct, never output raw user input!
thephpdeveloper  2009-10-31 15:06:32
@Lukas - Great point. Twitter uses a session, and it's a usability nightmare if I open a bunch of links in tabs that all require login - I lose all but the last one.
ceejayoz  2009-10-31 16:45:02
+1  A: 

When the user goes to ProtectedPage.php without being authenticated, this should automatically redirect them to LoginView.php (with the previous page's URL attached). They can then proceed to login and the LoginAction.php page will redirect them back to the ProtectedPage.php

ProtectedPage.php

<?php
    if (!$authenticated) {
        header("Location: /LoginView.php?r=ProtectedPage.php");
    }
?>

LoginView.php

<form action="LoginAction.php" method="post">
<input type="hidden" id="r" value="<?php echo $_GET['r'] ?>" />
...
</form>

LoginAction.php

<?php
    ... Authenticate the user ...

    if (!empty($_POST['r'])) { header("Location: {$_POST['r']}"); }
    else { header("Location: /"); }
?>
Joe Philllips  2009-10-31 15:03:53

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases