Login page redirection with variables

espfutbol98

New Member
Messages
200
Reaction score
2
Points
0
This tutorial will show how to protect a page by redirecting to a login page with a return url and if logging out, will show the username that you logged in with. The return url function is standard in ASP.Net but it took me a while to find it in php. This tutorial will not actually show the logging, just redirection and echoing the name in the login page.

1. First on the protected page, include a securing script. An example is:
PHP:
<?php
session_start(); 
if ((isset($_SESSION['uname']) && 
      $_SESSION['uname'] != "") || 
    (isset($_SESSION['upass']) && 
      $_SESSION['upass'] != "")) {
  //If there is a username and a password that is not null, do nothing.
} else {
  $redirect = base64_encode($_SERVER['PHP_SELF']); //encodes the location of the page
  header("Location: login.php?redirect=$redirect");
  die();
}
$redirect = base64_encode($_SERVER['PHP_SELF']);
$name = base64_encode($_SESSION['uname']); //used later in logging out
?>

2. In the login.php page, you add something like this:

PHP:
<?php
  if (isset($_GET['redirect'])) {
    $redirect = $_GET['redirect'];
  } else {
    $redirect = base64_encode("index.php"); //If there is no redirect, set it to the homepage
  }
//Your login script
//If login true:
header ("Location: ". base64_decode($_POST['redirect'] ." "));
?>
3. On any link to logout.php:
PHP:
<?php
//make sure a securing script like in step 1 is included
echo "logout.php?redirect='. $redirect .'&name='. $name .'";
?>
4. On logout.php:
PHP:
<?php
session_start(); 
unset($_SESSION['uname']);
unset($_SESSION['upass']);
//Gets rid of sessions
if (isset($_GET['redirect'])) {
    $redirect = $_GET['redirect'];
  } else {
    $redirect = base64_encode("index.php");
  }
//If logout.php does not have a "redirect=" in the url, it makes one with the location to index.php.
if (isset($_GET['name'])) {
    $name = $_GET['name'];
    } else {
    $name = base64_encode("");
    }
//$name is the username in the session that will be echoed in the login form
header("Location: login?redirect=$redirect&name=$name");
?>
5. Go back to login.php and insert this php code in the value of the unsename <input>. It should look somthing like this:
PHP:
Username: <input type="text" value="<?php 
if (isset($_GET['name'])) { 
$name = base64_decode($_GET['name']); //this decodes the "name" from the url
echo "$name";
} 
else { echo ""; //if it's not set, don't echo anything
} ?>
" />
If there are any questions, please ask me. I don't really know how well I explained it. Also, if there are any suggestions or mistakes, please inform me. I had a really huge script and just taking this little part out is a little difficult. What is shown above has not been tested alone but does work properly in my site.
Enjoy.
 
Top