redirect to requested page after login using PHP function

Question

i have a function that echo $_SESSION value in login page and store $_SERVER['REQUEST_URI'] as $_SESSION value on other page and it works fine.

But i need to call redirect_after_login function in all product page so i just added line after redirect_after_login

So my function.php file will look link this

<?php

session_start();
$key = '';

function redirect_after_login($value) {
if (!empty($value)) {
    echo $_SESSION['url'];
  } else {
      echo $_SESSION['url'] = $_SERVER['REQUEST_URI'];
  }
}

$activate_finction = $key == true ? 'Yes' : '';
$url = redirect_after_login($activate_finction);

And in login.php i added

$key .= 'login';//calling redirect function with value so it should send session value


if (isset($_POST['submit'])) {
        // login function skipped it....
            header('location:' . $url);
            exit;
        } else {
            $error[] = 'Wrong username or password or your account has not been activated.';
        }
    }

Since $key .= 'login'; has value

$activate_finction = $key == true ? 'Yes' : '';
$url = redirect_after_login($activate_finction);

Function is now called with ==true so i should receive stored value but still i get requested_url

My problem is in all page i get $_SESSION['url'] = $_SERVER['REQUEST_URI']; this value.

How do i get session value login.php and in all product pages function should store requested_url as session value.

Answer 1

I refactor the code, so here you are a complete example:

function.php:

<?php
    session_start();

    if (isset($_SERVER['HTTP_REFERER']) && basename($_SERVER['HTTP_REFERER']) != basename($_SERVER['PHP_SELF'])) {
        $_SESSION['url'] = $_SERVER['HTTP_REFERER'];
    }

    function redirect_after_login() {
        header('Location:' . $_SESSION['url']);
    }
?>

product.php:

<?php
    include "function.php";
?>
<html>
    <head></head>
    <body>
        This is <?php echo $_SERVER['PHP_SELF']; ?> file.<br><br>
        <input type="button" name="login" value="Login" onclick="location.href='login.php'">
    </body>
</html>

login.php

<?php
    include "function.php";

    if(isset($_POST['submit'])){
        if($_POST['username'] == 1 && $_POST['password'] == 1){
            //success
            $_SESSION['logged'] = 1;
            redirect_after_login();
        }else{
            //error
            $_SESSION['logged'] = 0;
            $error = 'Wrong username or password';
        }
    }else{
        unset($error);
    }
?>
<html>
    <head></head>
    <body>
        This is <?php echo $_SERVER['PHP_SELF']; ?> file.<br><br>
        <form method="post" action="login.php">
            User: <input type="text" name="username"><br>
            Pass: <input type="password" name="password"><br>
            <input type="submit" name="submit" value="Login">
        </form>
        <?php
            if(isset($error)) echo "ERROR:" .$error;
        ?>
    </body>
</html>

Some short explanations:

• to test the redirect logic, you can load product.php?id=258 initially;
• $_SESSION['url'] is keeping HTTP_REFERER - the page you are coming from;
• login.php is calling redirect_after_login() function on successful login (currently with user:1/pass:1, just for the example)
• on successful login, there is an addition SESSION variable logged which you can use further (like to hide LOGIN button onto product.php page)
• on bad login, there is an error displayed, but you the user stays on login screen.
• $_SESSION['url'] is overwritten every time when you are visiting a different page and only then. This prevents losing HTTP_REFERER in case of bad login (when you have an actual refresh and HTTP_REFERER becomes the page itself)

Hope this helps.