I am making use of sessions on all the pages of my site, it is the same for all at the beginning of the body:
<?php
session_start();
if (!isset($_SESSION["usuario"])){
header("Location:login.php");
}
?>
I have these pages:
login.php
validation.php
index.php
page2.php
If the user enters directly to page2.php without registering, he is automatically sent to the login.php page, once the user enters his credentials, he goes through validation.php which sends him to index.php
Herein lies my problem: How do I get validation.php to not send me to index.php but to the current page from which the login was requested (page2.php for example)?
I already know that in my validator I have header("location:index.php");to send me to that page after login.
I've tried using the HTTP_REFERER on my location like this header("location:$_SERVER['HTTP_REFERER']");, but to no avail, also from what I've read it's not highly recommended.
How can I implement it correctly?
This is my validation.php
<html lang="es" dir="ltr">
<head>
<meta charset="utf-8">
<title>Validando la sesión</title>
</head>
<body>
<?php
try {
$base=new PDO("mysql:host=localhost; dbname=login", "root", "");
$base->setAttribute (PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql="SELECT * FROM TABLENAME WHERE USUARIOS= :login AND PASSWORD= :password";
$resultado=$base->prepare($sql);
$login=htmlentities (addslashes($_POST["login"]));
$password=htmlentities (addslashes($_POST["password"]));
$resultado->bindValue(":login", $login);
$resultado->bindValue(":password", $password);
$resultado->execute();
$numero_registro=$resultado->rowCount();
if($numero_registro!=0) {
session_start ();
$_SESSION["usuario"]=$_POST["login"];
header("location:index.php");
} else {
header("location:login.php");
}
} catch (\Exception $e) {
die ("Error: " . $e->getMessage());
}
?>
</body>
</html>PS: I am testing locally with Wamp I use MySQL for the users database
EDITED
I add login.php
<html>
<body class="align">
<div class="grid">
<div id="login">
<h2><img src="images/banner-wh.png" alt="Banner" style="max-width: 100%; width: auto;"></h2>
<form action="validation.php" method="POST">
<fieldset>
<p><label for="email">Usuario</label></p>
<p><input type="text" name="login" id="email"></p>
<p><label for="password">Contraseña</label></p>
<p><input type="password" name="password" id="password"></p>
<br><br>
<p><input class="with-arrow" type="submit" name="Enviar" value="Ingresar"> <i class="icon-arrow-right"></i> </p>
<br>
<h1 style="font-size: 12px;color: #444;">¿Olvidó su contraseña?</h1>
<h1 style="font-size: 10px;color: #555;">Escríbanos a <a href="mailto:[email protected]?subject=Restablecer%20Contraseña%20-%20">[email protected]</a><h1>
</fieldset>
</form>
</div> <!-- end login -->
</div>
</body>
</html>
Try to do the following:
1) In your login.php create the following hidden inside the form: if a referer comes use it, otherwise leave the url value empty
2) in your validation.php add the following:
An alternative to HTTP_REFERER is to use $_SERVER['REQUEST_URI'] (which returns the URL you are running but relative to the root of your domain) and use a session variable to store it, something like this:
and after logging in return to the page with
Cheers!,