tags:

views:

137

answers:

4
Q: 

PHP Login System problem... Sending errors from page to page...

Hi, I have a login form in every page of a website so the user can login from everywhere. I have a login.php file that I refer to it from the form (using 'action').

I use $_SERVER['HTTP_REFERER'] to redirect the user to the same page he logged in from when he succesfully log in or when he logs out.

But if there was a problem logging in, how can I send an error to the same page he is trying to log in?? I have tried sending the error using $_GET, like this:

// process the script only if the form has been submitted
if (array_key_exists('login', $_POST)) {
    // Login code goes here...

 // If there was a problem, destroy the session and prepare error message
 else {
 $_SESSION = array();
 session_destroy();
 header('Location: '.$_SERVER['HTTP_REFERER'].'?error');
 exit;
}

But the problem is that a lot of pages in the website are like this details.php?mid=0172495. They already recive information from the $_GET method and for security reasons I cant use another $_GET method...

So, How can I pass the error??? Thanks...

A: 

I'm not sure what exactly you mean by "for security reasons I cant use another $_GET method", but in the case that there's already something in the query string, you just need to append another variable to it, instead of replacing it.

That is, if the address is like details.php?mid=0172495, you should be sending them to details.php?mid=0172495&error, whereas if it was just details.php, you send them to details.php?error.

Chad Birch  2009-04-09 17:04:01
How can I send the address in a $_GET variable to the login script???
Jonathan  2009-04-09 17:18:50
A: 

To add to what Chad Birch said...

In your login script where you redirect, check the HTTP_REFERER value for the character '?'. If it is present, append '&error' to the HTTP_REFERER and redirect to that. Otherwise append '?error' to the HTTP_REFERER and redirect to that.

Matt  2009-04-09 17:08:05
How can I do that??? I'm really new to PHP...
Jonathan  2009-04-09 17:17:18
header('Location: ' . $_SERVER['HTTP_REFERER'] . (strpos($_SERVER['HTTP_REFERER'], '?') !== FALSE ? '
Matt  2009-04-09 17:23:19
+2  A: 

Since you're already using sessions, after you destroy the session why not create a new one with $_SESSION['error'] or something similar set? Or alternatively simply don't delete the session at all but set the error which you can immediately check in other pages?

Rob  2009-04-09 17:11:38
This is a solution, but it is also not very scalable. That is, if your script is served from more than one server, sessions will no longer function unless you create your own session handler that uses a database or some other method that works across multiple servers.
Matt  2009-04-09 17:16:05
That's definitely correct, $_GET and sessions seem the easiest ways to pass data from one page to another, but maybe a more robust solution is necessary. Maybe based on the comment the original poster asked he is able to use $_GET after all.
Rob  2009-04-09 17:22:30
If you are running across multiple servers, you should share you sessions between them. Otherwise you are defeating the purpose of the session variable. (look into memcached session handler)
St. John Johnson  2009-04-09 17:38:32
A: 

Another way of doing what you need is to include your login.php file in every page that has the login form and just post to that same page. So you won't need any redirection at all.

This maybe is not a good scalable and maintainable solution, but it is simple. It all depends what kind of app you are writing. But you are saying that you are new to php so you can start like this. You can always go fancy later...

Bojan Milenkoski  2009-04-09 19:24:32

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases