View Full Version : session protecting webpages

01-11-2008, 11:58 AM

I am working on my website, where a few pages for the member's area are protected by user login via sessions.

i.e.if the user tries to access a particular member's page without logging in, the user should be forwarded to the login page where the user has to enter the username/password. This members2.php. The form on members2.php has a form which sends the username/password to a login check script login-exec.php

This is working fine, however, once after being forwarded to the logging in page, and after entering the right credentials, the user is forwarded to only a page called membersloggedin.php.

What I want to be able to do is make login-exec.php remember which page the user earlier clicked to forward him/her to the page that he clicked once the authentication is verified.

How can this be done ?

//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result)>0) {
//Login Successful

header("location: membersloggedin.php");

}else {
//Login failed
header("location: members2.php");

How the can the header be changed on this page to remember the page the user clicked on the member's area and take him/her to the page that he/she clicked and not to membersloggedin.php everytime after a successful login.

Any suggestions would be helpful.


01-11-2008, 12:04 PM
You could buffer the script filename and arguments in a session variable (it sounds to me like you need to write a state-machine).

01-11-2008, 12:28 PM
I am pretty new to PHP, so, I dont follow you here. WHat exactly needs to be done ?


01-11-2008, 01:02 PM

Let's say that the script you're starting with is mypage.php. So within mypage.php, you would have somewhere, something like:

$_SESSION["remembered-page"] = $_SERVER[HTTP_REFERER]; //Note that you can work this out server-side too - more robust that way.
$_SESSION["remembered-args"] = $_POST; //Or however you are passing the args to the page - this is just an example.

Then, once the member has sucessfully logged in, you would have something like:

header("location:".$_SESSION["remembered-page"]); //Remember that you'll need to make use of $_SESSION["remembered-args"] when you-revisit the remembered page.

Clearly there's a a lot more to it than that, but that is the general conceptual principle. :)

I mentioned the state-machine is because it is relevant to the concept:

a state machine is a model of behavior composed of a finite number of states, transitions between those states, and actions.

-- from wikipedia: http://en.wikipedia.org/wiki/Finite_state_machine

01-12-2008, 04:04 AM
Its really not that complicated. You store the page you want to go back to in a session variable before you redirect to the login page. You should also store the post variables in the session too. Then when they login, redirect to the page you stored. And when you get back to the page, copy the the post variables you stored in the session into the post superglobal.