php redirect variables

[scollett]

Hey there!

I'm using my phpbb forum sessions to authorize users on the rest of the site. I've got it working fine, but right now after they log in, they're taken to the forum (since it's the forum login that they're using) I'd like to use a variable in the redirect to catch the page that they were trying to view before they logged in, and then redirect them to that page after they log in.

Is that possible?

This is the code I have on my restricted pages:

Code:

<? define('IN_PHPBB', true);
$phpbb_root_path = '/usr/www/users/thesea/TheSea_Org/aquarium_forum/';
include('/usr/www/users/thesea/TheSea_Org/aquarium_forum/extension.inc');
include('/usr/www/users/thesea/TheSea_Org/aquarium_forum/common.'.$phpEx);


$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);



if( !$userdata['session_logged_in'] )
   {
   redirect('/login.php');
	}
	
	else {}
	
?>

(the reason I'm using the full server path for the file locations is because this code is in a file that I'm including on the restricted pages that are in directories of various depths)

[Deep13]

use like this..

Code:

$ref = $_SERVER['HTTP_REFERER'];

if( !$userdata['session_logged_in'] ) 
   { 
   redirect($ref); 
   }

hope this helps..

Deep

[Easywebdev]

the phpbb login page checks for a $_GET['redirect'] so just use

Code:

if( !$userdata['session_logged_in'] )
{
redirect('/login.php?redirect=path_to_the_file_you_want_them_redirected_to');
}

the path you place after ?redirect= will then be placed in the login form as a hidden variable and the user redirected when the login succeeds. (better to use an absolute path if you are calling login.php from different directories)

Regards, Eamonn.

[scollett]

When I add the code I posted in my first post, I get this error on the pages:

Code:

Warning: Cannot modify header information - headers already sent by (output started at /usr/www/users/thesea/TheSea_Org/reef_aquarium/coral_farming/aquaculture.php:2) in /usr/www/users/thesea/TheSea_Org/aquarium_forum/includes/sessions.php on line 188

Any ideas why? It doesn't make sense to me why it would do that.

[Deep13]

It shows that error if you try to print anything before passing the header..

check this..

Quote:

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

It's given in PHP Manual...

Regards
Deep

[rivux]

Its got to be at the very top of the page, the first thing sent has to be the session info before any page content is sent. When page content is sent, it sends the header information first, so if you try to set any header information after you've set body content it pukes.

[scollett]

Hmm...I did have it at the very top, that's why I was so confused by the error.

However...it's possible I had only a blank line before it. I didn't know just a blank line at the top could cause the error....

picky picky, they are! ;)

Thanks a bunch!

Also....with regard to the redirect...

I think I need to use a combination of what Deep13 and Easywebdev said. That being that I want to *catch* the page that the folks were trying to get (so I'd need to use the 'HTTP_REFERER' that Deep13 mentioned), but I want to initially redirect them to the login and THEN (after logging in) they'd be redirected to the page they wanted initially. (so Easywebdev's login.php?redirect=path_to_the_file suggestion)

Now, to do this, would this be correct?

Code:

$ref = $_SERVER['HTTP_REFERER']; 

if( !$userdata['session_logged_in'] ) 
   { 
   redirect('/login.php?redirect=$ref'); 
   }

[Deep13]

should work i suppose...

Regards
Deep

[scollett]

AH! I'm SOOO close!

Okay, I used this code:

Code:

$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
$ref = $_SERVER['HTTP_REFERER']; 

if( !$userdata['session_logged_in'] )
   {
   redirect('/login.php?redirect='.$ref.'');
	}
	
else {}

Now, when I tried it out I could see the referring page in the url. I tried to access a restricted page while not logged in and it took me to the login page and the url in the menu bar looked like:
http://www.thesea.org/aquarium_forum...f_aquarium.php

So, it grabbed the right page like I wanted. However, after I logged in I was still on the phpbb login page but it had become a "page cannot be found".

Any ideas?

[Easywebdev]

You are getting page not found because the phpbb login expects the file to be in $phpbb_root_path . 'redirect'

Stop using $_SERVER['HTTP_REFERER']; as that includes the server path to the file and phpbb will not be able to use that path in its redirect function.

Just do what I told you above.

If your page is called mypage.php then all you need is

Code:

if( !$userdata['session_logged_in'] )
{
   redirect('/login.php?redirect=mypage.php');
}
else
{
 
}

Just change the redirect value to the page name and when the user logs in they will be redirected back to that page and $userdata['session_logged_in'] will be true and they will continue to your else statement.

Regards, Eamonn.

[scollett]

I understand that, and I would do that if I knew what page they were trying to view. This code is included on hundreds of pages. I don't know which one they were trying to view.

I guess I could put it on each page manually, but the point of doing it as an include was to prevent me from having to do that much work. LOL Like I said...it's hundreds of pages.

It sounds like, though, that I'll either have to do it manually or just not redirect them.

[Easywebdev]

Ah, sorry my mistake. I thought you knew the referring page name.

Ok, try this. in /includes/functions.php add this

Code:

function referrer_redirect($url)
{
	if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
	{
		message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
	}

	
	$url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));

	// Redirect via an HTML form for PITA webservers
	if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')))
	{
		header('Refresh: 0; URL=' . $url);
		echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="refresh" content="0; url=' . $url . '"><title>Redirect</title></head><body><div align="center">If your browser does not support meta redirection please click HERE to be redirected</div></body></html>';
		exit;
	}

	// Behave as per HTTP/1.1 spec for others
	header('Location: ' . $url);
	exit;
}

Now in login.php find this section of code (may vary, this is from 2.0.10)

Code:

if( $session_id )
{
	$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
	redirect(append_sid($url, true));
}

and change it to this

Code:

if( $session_id )
{
	$url = ( !empty($HTTP_POST_VARS['redirect']) ) ? str_replace('&', '&', htmlspecialchars($HTTP_POST_VARS['redirect'])) : "index.$phpEx";
	
	if (isset($_GET['ref_redirect'])
	{
		referrer_redirect(append_sid($url, true));
	}
	else
	{
		redirect(append_sid($url, true));
	}
}

now change your own code to this

Code:

$ref = $_SERVER['HTTP_REFERER'];

if( !$userdata['session_logged_in'] )
   {
     redirect('/login.php?redirect='.$ref.'&ref_redirect=TRUE');
   }

Dont forget to backup your originals :).