登录后重定向到上一页?PHP [英] Redirecting to previous page after login? PHP

问题描述

我一直在寻找解决方案，但无论我尝试什么，似乎都无法解决.

I've been searching for a solution but it's seem I can't get it right, no matter what I try.

成功登录后，用户应该被重定向到他来自的页面，假设他正在浏览一个帖子并想登录以便他可以发表评论，所以他应该被重定向到他正在浏览的帖子.所以这就是我所拥有的:

After successful login, the user should be redirected to the page he came from, let's say he's been browsing a post and wants to log in so he can leave a comment, so he should be redirected to the post he was browsing. So here is what I have:

login.php 显示登录表单:

<form method="post" action="login-check.php">
... //input for username and password
</form>

login-check.php检查是否输入了用户名和密码，用户是否存在，或者他是否已经登录，并发送一个p参数登录.php:

The login-check.php checks if the username and pass are entered, does the user exist, or if he's already logged in, and a p parameter is sent to login.php:

<?php
session_start();
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
   header("Location:login.php?p=1");
   exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
   header("Location:login.php?p=2");
   exit();
}
elseif(isset($_SESSION['id_login'])) {
   header("Location:login.php?p=3");
   exit();
}
?>

然后将参数p发送回login.php并显示相应的消息:

then parameter p is sent back to login.php and displays the according message:

<?php
if(isset($_GET['p'])) {
  $p = $_GET["p"];

  if($p=="1")
    echo "<p class="red">You didn't fill the form.</p><br></br>";
  if($p=="2")
    echo "<p class="red">User exists.</p><br></br>";
  if($p=="3")
    header("Location: index.php");
}
?>

但是，登录成功后不要去index.php，而是应该去用户之前访问过的页面.我已经尝试了不同的方法，但是它根本不起作用或者它返回到 login.php.它不需要非常安全，因为我正在为学校项目做这件事.
另外，我认为自己很菜，所以请耐心等待 :D

BUT, instead of going to index.php after successful login, it should go to the page the user has previously been. I've tried in different ways but ether it doesn't work at all or it returns to login.php. It doesn't need to be super safe, because I'm doing this for a school project.
ALSO, I consider myself pretty novice, so please have patience :D

推荐答案

执行此操作的常用方法是通过 $_GET 变量将用户的当前页面传递到登录表单.

A common way to do this is to pass the user's current page to the Login form via a $_GET variable.

例如:如果您正在阅读一篇文章，并且想发表评论.评论的 URL 是 comment.php?articleid=17.在加载 comment.php 时，它注意到您没有登录.它想将您发送到 login.php，就像您之前展示的那样.但是，我们将更改您的脚本，以便它也告诉登录页面记住您的位置:

For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we're going to change your script so that is also tells the login page to remember where you are:

header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
// Note: $_SERVER['REQUEST_URI'] is your current page

这应该将用户发送到:login.php?location=comment.php%3Farticleid%3D17.login.php 现在应该检查是否填充了 $_GET['location'].如果已填充，则将用户发送到此位置(在本例中为 comment.php?articleid=17).例如:

This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:

//  login.php
echo '<input type="hidden" name="location" value="';
if(isset($_GET['location'])) {
    echo htmlspecialchars($_GET['location']);
}
echo '" />';
//  Will show something like this:
//  <input type="hidden" name="location" value="comment.php?articleid=17" />

 

//  login-check.php
session_start();

//  our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
    $redirect = $_POST['location'];
}

if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
    $url = 'login.php?p=1';
    // if we have a redirect URL, pass it back to login.php so we don't forget it
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location: " . $url);
   exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
    $url = 'login.php?p=2';
    if(isset($redirect)) {
        $url .= '&location=' . urlencode($redirect);
    }
   header("Location:" . $url);
   exit();
}
elseif(isset($_SESSION['id_login'])) {
    // if login is successful and there is a redirect address, send the user directly there
    if($redirect) {
        header("Location:". $redirect);
    } else {
        header("Location:login.php?p=3");
    }
    exit();
}

问题

在将用户发送到那里之前，您应该针对 $_GET['location'] 运行一些验证.例如，如果我告诉使用您网站的人点击此链接:login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... 那么他们将发送到会尝试做坏事的外来 URL.

You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... then they will be sent to a foreign URL that will try to do something bad.

在将 URL 作为 $_GET 参数传递时，请始终确保使用 urlencode.这会编码特殊的 URL 字符(例如 ?、& 和 %)，以便它们不会破坏您的 url(例如:login.php?location=comment.php?id=17 <- 这有两个 ? 并且不能正常工作)

Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don't break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?'s and will not work correctly)

这篇关于登录后重定向到上一页?PHP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！