redirect back to the same url after login

Question

I have the below code:

<?php
require_once('includes/dbcon.php');

//Start the session
session_start();

//Clear the error message
$error_msg = "";
$x="";
$role_booking = trim("booking");
$role_admin = trim("admin");
if(!isset($_SESSION['username']) && !isset($_SESSION['role']))
{
    if (isset($_POST['submit']))
    {
        //Connect to database

        $dbc = mysqli_connect(SRKBS_SERVER, SRKBS_USER, SRKBS_PWD, SRKBS_DB) or die('error connecting to db : ' . mysqli_connect_error());
        $user_username = mysqli_real_escape_string($dbc, trim($_POST['txtUserName']));
        $user_password = mysqli_real_escape_string($dbc, trim($_POST['txtPassword']));
        $user_role = mysqli_real_escape_string($dbc, trim($_POST['domain']));


        if(!empty($user_username) && !empty($user_password) && !empty($user_role))
        {
            $query = "Select username, password, role from users where username = '$user_username' and password = SHA('$user_password') and role = '$user_role'";

            $data = mysqli_query($dbc, $query);

            if(mysqli_num_rows($data) == 1)
            {
                $row = mysqli_fetch_array($data);
                $_SESSION['username'] = $row['username'];
                $_SESSION['role'] = $row['role'];

                if($_SESSION['role'] == $role_booking)
                {
                    $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'Booking/';
                    header('Location: ' . $home_url);   
                }

                elseif($_SESSION['role'] == $role_admin)
                {
                    $home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . 'Admin/';
                    header('Location: ' . $home_url);
                }
                else
                {
                    $home_url = 'http://' . $_SERVER['HTTP_HOST'];
                    header('Location: ' . $home_url);
                }

            }
            else
            {
                $error_msg = "Invalid Credentials.";
                $x=1;
            }
            mysqli_close($dbc);
        }
        else
        {
            $error_msg = "Login Credentials cannot be empty!";
            $x=1;
        }
    }
}

?>

The above code is part of the home page login screen for an app. Whats happening is, post login I am being thrown back to the home page instead of being redirected based on role.

Please advice. Thanks in advance.

$_SERVER["HTTP_REFERER"] is not reliable : http://stackoverflow.com/questions/12369615/serverhttp-referer-missing. And you are assuming that the user came to the login page from the role-specific home page, which we know they did not, because they submitted the form the login page. — UberDoodles, May 12 '16 at 12:13
@Muhammad Shahzad: $_SESSION['role'] = $row['role']; I am assigning the value post verification of the login credentials. — Rajiv, May 12 '16 at 12:19
try using like this `$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/Booking';` and also check if the conditions for the role are working or not. — Rohit Kishore, May 12 '16 at 12:34
**Never store plain text passwords!** Please use PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html) to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). Make sure that you [don't escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. — Jay Blanchard, May 12 '16 at 12:35

Rajiv · Accepted Answer · 2016-05-14T10:28:16.320

0

It seems I have to add a .htaccess file to enable seo friendly sub folder access. I tried using the redirects using PHP. It does not work on my hosting provider.

edited May 14 '16 at 10:28

answered May 13 '16 at 04:40

Rajiv

675
9
21
35

score -1 · Answer 2 · answered May 13 '16 at 06:50

-1

u can use 2 method:

use header(location: ....); in php
use .htaccess redirect 301

but if you you want to create user friendly url, your url syntax such as www.mydomain.com/a/b/c and put it in .... in header location.

answered May 13 '16 at 06:50

Ali Hosseini

1

redirect back to the same url after login

2 Answers2