登录PHP后如何重定向回

Question

Sometime we get link from a site, when we click the invitation link, it just send us to the index page for login(as we are not logged in in that site), when the login finishes, the site just redirect us to the link on which we clicked.

How this can be achieved in php?

Answer 1

Let's say the "destination page" as called " a.php " ; here's a possible way of doing what you're describing :

• You first call a.php from your browser
  • a.php detects you are not logged in
  • it redirects you to index.php , with a parameter in the URL telling index.php you should be redirected to a.php when logged-in
  • the redirection is done using the header function, with a Location header that points to something like http://yoursite.com/index.php?destination=a.php
• On index.php , you deal with the logging-in mecanism
  • ie a form, with a hidden field, in which the $_GET['destination'] is stored (properly escaped, of course)
  • That form posts to either index.php (ie itself) or another page ; doesn't quite matter.
• When the logging-in form is posted :
  • you check the credentials
  • if login+password are OK :
    • if there is a destination field in the form's data, you redirect the user to the corresponding page
    • else, you redirect the user to a default page.
    • Of course, it might be interesting to check the content of the destination field, to make sure you are only accepting redirection to a "valid" page (the definition of "valid" can change -- but can at least mean "a page on your site")

Answer 2

You might also want to try...

start_session();
$_SESSION[destination] = strip_tags($_GET[destination]);

..as opposed to calling the variable as a hidden field. Then do your check-downs from there on the POST (what check functions you need) eg

if ($_SESSION[destination] !='' || empty($_SESSION[destination]) && !is_numeric($_SESSION[destination])){

header('Location:'.$_SESSION[destination]);

}