登录后无法重定向回到上一页

时间:2022-10-20 10:08:54

I need to redirect the user to the page they came from once they've successfully done one of two things: 1) Entering their Invitation Code, or 2) Logged in.

一旦他们成功完成以下两件事之一,我需要将用户重定向到他们来自的页面:1)输入他们的邀请码,或2)登录。

I am trying to apply the answer posted here, but after spending several hours unsuccessfully trying to get it to work I realized it was time to ask for help.

我正在尝试应用此处发布的答案,但在花了几个小时试图让它工作失败后,我意识到是时候寻求帮助了。

In order to pare down the code, I have only included the snippets relating to Option 1 (Invitation Code). Additionally, in an effort to first get it working with a simpler version (and to more closely replicate the example given), I have temporarily removed the iframes from these pages.

为了减少代码,我只包含了与选项1(邀请代码)相关的代码段。此外,为了首先使用更简单的版本(并且更密切地复制给定的示例),我暂时从这些页面中删除了iframe。

Code Adding

auth_invite_launch.php

//CODE #1
header("Location:sign_in.php?location=".urlencode($_SERVER['REQUEST_URI']));
$redirect = NULL;
if ($_POST['location'] != '') {
    $redirect = $_POST['location'];
}

sign_in.php

//CODE #2
echo '<input type="hidden" name="location" value="';
if (isset($_GET['location'])) {
    echo htmlspecialchars($_GET['location']);
}
echo '" />';

invite_code - exec.php (sign_in.php is submitted here)

invite_code - exec.php(sign_in.php在这里提交)

//CODE #3
if ($redirect)) {
    header("Location:".$redirect);
}

Pre-existing Code

createaccount.php

require_once('config/auth_invite_launch.php'); // session_start & checks if authorized
is_user_auth(); // Checks if authorized
is_user_logged(); // Checks if logged in 
get_logged_user_id();
if (is_user_logged() == TRUE) {
    $logged_in = true;
    $user_id = $_SESSION['SESS_USER_ID'];
}

auth_invite_launch.php

function is_user_auth(){
  // Checks if logged in to Member Account or has valid Invite Code
  if (isset($_SESSION['SESS_USER_ID']) || isset($_SESSION['TEMP_INVITE_ID'])){
      return true; 
  }
  //Replaced by CODE #1
  header("location: sign_in.php"); // Redirects if not authorized user
}
// Checks if logged in to member account 
function is_user_logged(){
 if ( isset($_SESSION['SESS_USER_ID']) ){
      return true; 
   }
      return false;
}
// Retrieves ID if logged in to member account, NULL otherwise
function get_logged_user_id(){
   if ( is_user_logged() === TRUE ){
      return $_SESSION['SESS_USER_ID'];
   }
       return null;
}

invite_code - exec.php(sign_in.php is submitted here)

invite_code - exec.php(sign_in.php在这里提交)

// PRECEDED BY statement to fetch matching invite codes from db
if ($stmt - > rowCount() == 1) {
    $invite = $stmt - > fetch();
    $_SESSION['TEMP_INVITE_ID'] = $invite['idinvite_codes'];
    $_SESSION['TEMP_INVITE_CODE'] = $invite['invitation_code'];
    $invite_code = "true";
    //CODE #3 Added here
} else {
    $invite_code = "false";
    header("location: index.php");
    exit();
}

1 个解决方案

#1

Your last question in the comments is rather broad: how to trace the execution path in a form-redirect cycle? I'll give it a go.

您在评论中的最后一个问题是相当广泛的:如何在表单重定向循环中跟踪执行路径?我会试一试。

Let's assume your authorised-only scripts have a login detection device, so that if the user is not logged in, it will redirect to the login system:

假设您的授权脚本具有登录检测设备,因此如果用户未登录,它将重定向到登录系统:

if (!isLoggedin())
{
    header('Location: /login.php?location=' . urlencode(getCurrentUrl()));
    exit();
}

So in your login form, you will want a POST action, with a hidden field for the redirect location (it looks like you have this in sign_in.php):

因此,在您的登录表单中,您将需要一个POST操作,其中包含重定向位置的隐藏字段(看起来您在sign_in.php中有此操作):

<?php
// Handle post
if ($_POST)
{
    if (loginCorrect())
    {
        // Redirect to the redirect location
        // cleanUrl() should ensure the user input pertains to a
        // local script name, so it cannot be used as a spammer's
        // redirection device
        header('Location: ' . cleanUrl($_POST['redirect']));
        exit();
    }
}
?>
<form method="post">
    <!-- hidden field containing redirect location -->
    <!-- username/password fields -->
</form>

Then you would expect for the URL to get to the redirect location. That's four pages (one repeated):

然后,您希望URL到达重定向位置。这是四页(一个重复):

  • Make a request to a authorised-only page

    • 向授权页面发出请求

  • Redirect to login page if not signed in

    • 如果未登录,则重定向到登录页面

  • Post either to self or login page handler

    • 发布到自我或登录页面处理程序

  • Redirect to originally requested page, assuming credentials are correct

    • 假设凭据正确,重定向到最初请求的页面

Each of these can be debugged. Purists will say you should use xDebug and a debugger (controlled from within your IDE) but echo and exit are fine. Just add them at the top of the four pages above, and see if the redirect location (or other variables) are correct:

其中每个都可以调试。纯粹主义者会说你应该使用xDebug和一个调试器(在你的IDE中控制),但echo和exit都可以。只需将它们添加到上面四个页面的顶部,然后查看重定向位置(或其他变量)是否正确:

echo 1;
exit();

Sometimes I will add a few of these to see how control works within a single page. Version control is nearly essential here, since it is important to be able to remove them easily - you obviously don't want to deploy code containing debugging statements.

有时我会添加其中一些来查看控件在单个页面中的工作原理。版本控制在这里几乎是必不可少的,因为能够轻松删除它们很重要 - 您显然不希望部署包含调试语句的代码。

It's worth using View Source on your login form page too, to ensure the hidden field is correctly populated.

在您的登录表单页面上也可以使用View Source,以确保正确填充隐藏字段。

#1

Your last question in the comments is rather broad: how to trace the execution path in a form-redirect cycle? I'll give it a go.

您在评论中的最后一个问题是相当广泛的:如何在表单重定向循环中跟踪执行路径?我会试一试。

Let's assume your authorised-only scripts have a login detection device, so that if the user is not logged in, it will redirect to the login system:

假设您的授权脚本具有登录检测设备,因此如果用户未登录,它将重定向到登录系统:

if (!isLoggedin())
{
    header('Location: /login.php?location=' . urlencode(getCurrentUrl()));
    exit();
}

So in your login form, you will want a POST action, with a hidden field for the redirect location (it looks like you have this in sign_in.php):

因此,在您的登录表单中,您将需要一个POST操作,其中包含重定向位置的隐藏字段(看起来您在sign_in.php中有此操作):

<?php
// Handle post
if ($_POST)
{
    if (loginCorrect())
    {
        // Redirect to the redirect location
        // cleanUrl() should ensure the user input pertains to a
        // local script name, so it cannot be used as a spammer's
        // redirection device
        header('Location: ' . cleanUrl($_POST['redirect']));
        exit();
    }
}
?>
<form method="post">
    <!-- hidden field containing redirect location -->
    <!-- username/password fields -->
</form>

Then you would expect for the URL to get to the redirect location. That's four pages (one repeated):

然后,您希望URL到达重定向位置。这是四页(一个重复):

  • Make a request to a authorised-only page

    • 向授权页面发出请求

  • Redirect to login page if not signed in

    • 如果未登录,则重定向到登录页面

  • Post either to self or login page handler

    • 发布到自我或登录页面处理程序

  • Redirect to originally requested page, assuming credentials are correct

    • 假设凭据正确,重定向到最初请求的页面

Each of these can be debugged. Purists will say you should use xDebug and a debugger (controlled from within your IDE) but echo and exit are fine. Just add them at the top of the four pages above, and see if the redirect location (or other variables) are correct:

其中每个都可以调试。纯粹主义者会说你应该使用xDebug和一个调试器(在你的IDE中控制),但echo和exit都可以。只需将它们添加到上面四个页面的顶部,然后查看重定向位置(或其他变量)是否正确:

echo 1;
exit();

Sometimes I will add a few of these to see how control works within a single page. Version control is nearly essential here, since it is important to be able to remove them easily - you obviously don't want to deploy code containing debugging statements.

有时我会添加其中一些来查看控件在单个页面中的工作原理。版本控制在这里几乎是必不可少的,因为能够轻松删除它们很重要 - 您显然不希望部署包含调试语句的代码。

It's worth using View Source on your login form page too, to ensure the hidden field is correctly populated.

在您的登录表单页面上也可以使用View Source,以确保正确填充隐藏字段。

标签:

相关文章