Announcement

**Fou-Lu** · Aug 25, 2011, 09:29 AM

Capture returntopath in any page you want to be returnable. Otherwise, have them unset.

**doubledee** · Aug 25, 2011, 12:54 PM

Originally posted by Fou-Lu View Post

Capture returntopath in any page you want to be returnable. Otherwise, have them unset.

Not sure I follow.

It seems to me what I need to do is capture the page a user is on, store it somewhere (e.g. Database, Cookie, Session) and then pass that to "log_in2.php" and then have that script return the user back to said page.

From everything I've researched, using HTTP_REFERER is a *bad* idea...

If you are on "some_page.php" and click on the "Log-In" hyperlink in my page header, how can I take a snap-shot of where you are at as you click on the link??

Debbie

**Fou-Lu** · Aug 25, 2011, 02:03 PM

How did you do it on the articles page? Its the same thing.

**doubledee** · Aug 25, 2011, 02:37 PM

Originally posted by Fou-Lu View Post

How did you do it on the articles page? Its the same thing.

Well one problem is that to do things the way I did it with...

Article ---> Log-In ---> Article

is that I'd have to put...

Code:

$_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];

..on every page on my website.

The more logically approach is "Don't call us, we'll call you."

Either...

1.) When a user clicks on the "Log-In" link on any given page, I then capture wherever they are at and send it to the "log_in.php" script, or

2.) When a user lands on "log_in.php", that page somehow looks to see where the user came from, athough everything I have read says that HTTP_REFERE is insecure and a poor choice.

----

I want my Log-In to work like Amazon.com where you click on a link and are taken to a dedicated Log-In page. (I may change that design later, but for now I want Logging-In to be a focused activity.)

I am also confused how all of this will work if 50% of my pages have "pretty URL's" and rely n my mod_write to convert them to URL's with Query Strings and then the other 50% of my pages are just "index.php", "contact_us.php", "upcoming_events.php"

Sorry for being so confused, but this is harder to conceptualize and implement than you'd think for a newbie?!

Debbie

**Fou-Lu** · Aug 25, 2011, 03:04 PM

So you're wanting these to become magically populated?
HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.

**doubledee** · Aug 25, 2011, 03:22 PM

Originally posted by Fou-Lu View Post

So you're wanting these to become magically populated?
HTTP_REFERER isn't any more insecure than anything else provided by a user; it's just irrelevant. There is no guarantee of this being provided to you in any way shape or form, and is why we typically use sessions to determine where a client last accessed.
The useful options I see are to create a global file used for all session handling which you can use to determine which pages to establish a return to path on; use a database to completely control sessions and determine if the last page is returnable; convert to an OO system that uses interceptors to establish last relevant location and send back when necessary.
'Pretty urls' are irrelevant. If a SID is not passed via a cookie, then you'll need to figure out a way to pass it through your urls, but aside from that none of the referring information is required to come from a querystring. What PHP will require is a querystring.

Not expecting anything "magically", but unsure of how to pass or capture the "returnToPath".

Maybe I should just add this to the top of every file in my website that has the Log-In Header...

Code:

$_SESSION['returnToPage'] = $_SERVER['SCRIPT_NAME'];

...and then if they click on the Log-In link I will have captured where they were at.

I dunno, that just doesn't seem very sophisticated and requires I remember to add the code to the right pages.

Seems like there would be a better approach?!

Debbie

**Fou-Lu** · Aug 25, 2011, 03:33 PM

That won't work either. If a user moves from a page to another page that does not capture their location, and then logs in it will end up at the previous article instead of at the index. A simple global script will do this:

PHP Code:


<?php

session_start();

$aReturnable = array('article.php', 'anotherscript.php'); // Or draw these from a datastore.

// Or you can create an array of not returnable and invert the in_array check.



$sPath = basename($_SERVER['SCRIPT_NAME']);

if (in_array($sPath, $aReturnable))

{

    $_SESSION['returnToPath'] = $_SERVER['SCRIPT_NAME'] . (isset($_SERVER['QUERY_STRING']) ? '?' . $_SERVER['QUERY_STRING'] : '');

}

else if (isset($_SESSION['returnToPath']))

{

    unset($_SESSION['returnToPath']);

}

You can do a lot more to verify that url as valid to a previous page, but I'm not going to bother on this.

Announcement

Need help with Log-In page and routing

Need help with Log-In page and routing

Comment

Comment

Comment

Comment

Comment

Comment

Comment