Login page redirection with variables

Discussion in 'Tutorials' started by espfutbol98, Jun 25, 2009.

  1. espfutbol98

    espfutbol98 New Member

    This tutorial will show how to protect a page by redirecting to a login page with a return url and if logging out, will show the username that you logged in with. The return url function is standard in ASP.Net but it took me a while to find it in php. This tutorial will not actually show the logging, just redirection and echoing the name in the login page.

    1. First on the protected page, include a securing script. An example is:
    PHP:
    <?php
    session_start
    (); 
    if ((isset(
    $_SESSION['uname']) && 
          
    $_SESSION['uname'] != "") || 
        (isset(
    $_SESSION['upass']) && 
          
    $_SESSION['upass'] != "")) {
      
    //If there is a username and a password that is not null, do nothing.
    } else {
      
    $redirect base64_encode($_SERVER['PHP_SELF']); //encodes the location of the page
      
    header("Location: login.php?redirect=$redirect");
      die();
    }
    $redirect base64_encode($_SERVER['PHP_SELF']);
    $name base64_encode($_SESSION['uname']); //used later in logging out
    ?>

    2. In the login.php page, you add something like this:

    PHP:
    <?php
      
    if (isset($_GET['redirect'])) {
        
    $redirect $_GET['redirect'];
      } else {
        
    $redirect base64_encode("index.php"); //If there is no redirect, set it to the homepage
      
    }
    //Your login script
    //If login true:
    header ("Location: "base64_decode($_POST['redirect'] ." "));
    ?>
    3. On any link to logout.php:
    PHP:
    <?php
    //make sure a securing script like in step 1 is included
    echo "logout.php?redirect='. $redirect .'&name='. $name .'";
    ?>
    4. On logout.php:
    PHP:
    <?php
    session_start
    (); 
    unset(
    $_SESSION['uname']);
    unset(
    $_SESSION['upass']);
    //Gets rid of sessions
    if (isset($_GET['redirect'])) {
        
    $redirect $_GET['redirect'];
      } else {
        
    $redirect base64_encode("index.php");
      }
    //If logout.php does not have a "redirect=" in the url, it makes one with the location to index.php.
    if (isset($_GET['name'])) {
        
    $name $_GET['name'];
        } else {
        
    $name base64_encode("");
        }
    //$name is the username in the session that will be echoed in the login form
    header("Location: login?redirect=$redirect&name=$name");
    ?> 
    5. Go back to login.php and insert this php code in the value of the unsename <input>. It should look somthing like this:
    PHP:
    Username: <input type="text" value="<?php 
    if (isset($_GET['name'])) { 
    $name base64_decode($_GET['name']); //this decodes the "name" from the url
    echo "$name";

    else { echo 
    ""//if it's not set, don't echo anything
    ?>
    " />
    If there are any questions, please ask me. I don't really know how well I explained it. Also, if there are any suggestions or mistakes, please inform me. I had a really huge script and just taking this little part out is a little difficult. What is shown above has not been tested alone but does work properly in my site.
    Enjoy.
  2. nirajkum

    nirajkum New Member

    well thanks for the tutorial really a nice and clean script

Share This Page