要求用户在输入新密码后更改密码

Question

I have PHP project where users can login and request new password if they forget. I also have init.php where it directs the user to change password page after logging in with new password.

The code in INIT.PHP to redirect the user is as follows:

$current_file = explode('/', $_SERVER['SCRIPT_NAME']);
$current_file = end($current_file);

if (logged_in() === true) {

    if (user_active($user_data['username']) === false) {
        session_destroy();
        header('Location: index.php');
        exit();
    }

    if ($current_file !== 'user.php?p=change_password' && $user_data['password_recover'] == 1) {
        header('Location: user.php?p=change_password&force');
        exit();
    }

}

$current_file is giving me user.php only and this is not enough of course. I have also tried $_SERVER['REQUEST_URI'] which gives me /user.php?p=change_password which is fine. But still does not work. I get errors saying The page isn't redirecting properly

So to sum up. I need to redirect the user to user.php?p=change_password&force if they have requested a new password.

Thanks in advance

Answer 1

You might be stuck in a redirect loop. Here's what I think happens:

1. You manage to redirect the user to user.php?p=change_password&force
2. Once you're on this page, the if statement containing $current_file !== 'user.php?p=change_password' is still true
3. Hence, you're trying to redirect the user to the same page that s/he is already on, causing a redirection error

Answer 2

$current_url = explode('/', $_SERVER['REQUEST_URI']);
$current_url = end($current_url);

if (logged_in() === true) {

    if (user_active($user_data['username']) === false) {
        session_destroy();
        header('Location: index.php');
        exit();
    }

    if ($current_url !== 'user.php?p=change_password' && $user_data['password_recover'] == 1) {
        header('Location: user.php?p=change_password');
        exit();
    }

}

This solution worked