Passing Variables from HTML to and through PHP

Hi, I have a html page that has several <a href='somepageurl'> tags. They call their respective php pages.

BUT! if the user is not logged on (no cookie), the user is immediately redirected to a logon page, where he is compared to the database, a session is started and a cookie is written, finally redirected (via Header Location: ) to index.php So, I need to determine which page he originally called to add the correct logic to get to the additional header location: redirects. How to pass a variable from a html page to the first php page to the second php page where sessions is started (which wipes out variables) and then to select the right final php page to go to?

So, it is supposed to go like this:

<a href 1,2,3,etc> THEN TO php page1,2,3,etc(check only cookie & session - nothing set) THEN REDIRECT TO logon page(session start & set cookie after validation) THEN REDIRECT TO php page 1,2,3,etc(check cookie & session again)

Of course the person MAY already have a valid cookie set, and that is validated in the php page, so the logon page may be skipped IF there is a valid session still current. Has anyone done something like this before? Iwould really appreciate your help. Thanks.

I have done this several times. What you could do with the redirect page is either take the HTTP_REFERRER (spelling?) and use that in your header redirect. Or you could make a variable in each page (I'm assuming your logic is as follows:

Code:

---

if ($loggedIn == FALSE) {
header('Location: login.php');
}

else {
//continue with page

---

If that is the case, you could make a variable for the redirect. For example:

Code:

---


if ($loggedIn == FALSE) {
header('Location: login.php?redirect='.$_SERVER["PHP_SELF"]);
}

else {
//continue with page

---

Hope this helps with the redirect.

Quote:

---

either take the HTTP_REFERRER (spelling?) and use that in your header redirect.

---

Your spelling is correct; however, the HTTP specification spells it incorrectly ("HTTP_REFERER") so we have to use this instead. This is a terrible idea, since the Referer header is stripped by many firewalls and proxies. People using these will be unable to log on.

Quote:

---

Or you could make a variable in each page

---

Sessions are the easiest way to accomplish this. See here for an example.

It's also possible to just send the URL as a get variable....
<a href="<?php echo 'next.php?lastpage='.urlencode($_SERVER['REQUEST_URI']); ?>">

Sessions could do this, though, sure.

Possible, but not nearly as pretty, and much harder to keep track of.

Well, not sure what you mean by keep track of. It's easy to find. With a sessions or cookies setup, it could get complex if there's a lot going on.

As for pretty, no, it isn't. But it's simple. If this is a one page thing, I see that as a good idea.... no need for setting up sessions for the whole thing.

Quote:

---

Well, not sure what you mean by keep track of. It's easy to find.

---

To pass a GET variable between pages without dropping it once is very difficult, especially if there are more than one possible route through the site. It becomes necessary to manually modify every link and form.

Quote:

---

With a sessions or cookies setup, it could get complex if there's a lot going on.

---

Not so. You store the value in $_SESSION, then retrieve it when it's necessary. Simple as that.

It depends on exactly what's happening with the pages. If you needed to keep track of the last three pages, you would have to move $page2 to $page3, etc, though with just refreshing, you'd need to account for not replacing those, etc.
And, you'd have to setup sessions in the first place.

But I'm not suggesting my solution as an alternative for sessions on the whole site, jus for, specificially, if you need ONE page to lead to the next, as would be available with the HTTP_REFERER variable.

Yes, using get would be a nightmare, such as if someone just typed in the address by hand. I'm only referring to one generation of links :)

Meanwhile, I've added to the top of the second page just after the session_start();

Code:

---

$uri="Location: ".basename($_GET["redirect"]);

---

and in the checking function

Code:

---

header('Location: index2.php?redirect='.$_SERVER["PHP_SELF"]);

---

and the redirect of

Code:

---

  header($uri);

---

Doesn't work, and I think the reason why is that the second page is recursive, (for rewriting/displaying the page again on form completion errors, etc) and the second entry does not have the URL appended

Code:

---

index2.php?redirect=/xxx/yy/zzz/program.php

---

as the first entry does. Haven't found a way around this yet.....because on the second entry, the $uri variable is null, but I think that the session is the same. BTW, this is php 5.x

I realize this is Friday of a US 3-day weekend, but I need to continue to resolve this. I've gotten this far with your advice. The first time the third page executes, it now starts correctly as,

Code:

---

http//www.domain.com/xxx/yy/zzz/index2.php?redirect=/xxx/yy/zzz/program.php

---

But I realize now the problem is that the second time (and others if the entries are incomplete) the recursive third page executes, it has a URL of just the page, and it doesn't contain the previous wanted and correct $_GET part, i.e., it is

Code:

---

http://www.domain.com/xxx/yy/zzz/index2.php

---

and not the needed

Code:

---

http//www.domain.com/xxx/yy/zzz/index2.php?redirect=/xxx/yy/zzz/program.php

---

Of course this page, index2.php contains the php code to generate its html code, and I think that there should be something there to control the URL, perhaps I need to change something in the $_SERVER or $HTTP_SERVER_VARS arrays, (like $_NEXT_URL=$_LAST_URL;) )or maybe add something to the html generator, which now starts with this function:

Code:

---

function _begin_html()
{
  ?>
  <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
  <html>
  <head>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
    <link rel="STYLESHEET" type="text/css" href="lib/style.css">
    <title>Data Access Authentication</title>
  </head>
  <body>
  <?
}

---

I figure that if the URL ALWAYS contains the redirect part, then the $_GET will always retrieve the target link and the header location statement will be correct. I just can't find the solution, so please, I need just a little bit more help. Thinking that I can do something like this:

Code:

---

$_SERVER['THER_RIGHT_VARIABLE']=$SERVER['SCRIPT_NAME'].'?'.$SERVER['QUERY_STRING']

---

I'm half way there now, but what is the right variable? Please let me know how to do this. Thanks

You're encountering the problems with keeping track of GET variables across pages I mentioned earlier. Use sessions instead.

Agreed. (how ironic, considering... heh.)

Yeah, GET is a one time, simple solution. If you need it to be stable and work for refreshing and such, do use sessions.

Please reread my last post. $_GET solves it only for the page entry the first time. On 'submit', the page reloads to process the form data without the redirect part of the URL, so the $_GET acts again, this time with null.....so I need to change the page reloaded $_SERVER or $HTTP_SERVER_VARS to include in the URL with the redirect part that I need to proceed back to page 2. The question is how to do this......

Look up on php.net

Servers require session_start(); at the beginning of each page to keep them going. That's about it. session_close(); (I think.. not looking at an example this second) will end if it you want to. EVERY page visited, IN ORDER, EACH HAVE a session_start(); One missing link will break the chain and lose the data.

After that... $_SESSION['food'] = 'chicken'; echo $_SESSION['food'];

From page to page for the whole session, that will be available.

Quote:

---

EVERY page visited, IN ORDER, EACH HAVE a session_start(); One missing link will break the chain and lose the data.

---

Only if cookies aren't being used, I believe. The PHP session mechanism uses cookies by default and only falls back to passing the SID by GET or POST if cookies aren't available.

Well, then it's a question of how long you can last without them being deleted... it's claimed to be closing the window or viewing another site, but that doesn't hold true.

In the end, it's worth just including it on every possible page you can (why not?) just in case they don't have cookies.

Ok, ok, ok, I'm total perplexed by what's happening. Page1 points to page2. Page2 determines that the person is not logged on and sends a URL for the loginpage with a redirect attached to it and goes to page3. Fine. Page3 (the loginpage) starts with sessions and apparently retrieves the redirect portion from the url and puts it into a sessions variable. great. or does it?

Then an isset determines that the form value 'submit' is not set, so it then throws the html. The user inputs the form info and hits submit. Well, there is no more php script at this point.

What happens next to process the input? If the input data is correct for a valid user etc, the page directs to index.php and not to the desired page indicated by the url redirect. HOWEVER, if I use the back button after logging in, I'm sent to the right page! so sessions must still be there, and the session redirect variable is correct.

This is why I thought that page3 was reloaded, but the second time without the redirect in the url, but now that doesn't make sense either, so what happens after the submit button is pressed if there are no more lines of code in page3 - i guess it goes back to the top and executes line by line.....but this doesn't explain going to index.php instead of the redirect.

What's happening and how do I fix it?

The only thing that I can envision is that the get in page three does not work until the page is reloaded by the browser back button, and the initial throm from page3 to index.php is because the sessions variable is null because the get didn't get the first time around.....maybe?

Hummmmm....what now?

Well, I've solved it a while ago, although I still don't know what $_SYSTEM variable controls the entry to the page3 the second or more times around. As far as I can tell, it ends up at index.php because it doesn't know where to go.....

What I did is this, and this is pretty much the basic stuff to complete this thread:

Inside page2 I changed the function redirect to add the info in the URL to be:

Code:

---

function _check_auth($cookie)
{
  $user = array();
  $r = array();
  $session = $cookie['SESSION'];
  $q = mysql_query(" SELECT user_id, user_name, user_level FROM sessions WHERE session = '".$session."' ")
    or die(mysql_error());
  if(mysql_num_rows($q) == 0)
    header('Location: login.php?redirect='.$_SERVER["PHP_SELF"]);
  else {
    $r = mysql_fetch_array($q);
    $user['user_id']    = $r['user_id'];
    $user['user_name']  = $r['user_name'];
    $user['user_level'] = $r['user_level'];
  }
  return $user;
}

---

And at the top of the page3 (login.php) where if GETs the redirect location:

Code:

---

session_start();
$var=basename($_GET["redirect"]);
if (strlen($var)>5) $_SESSION['uri']=$var;include_once("inc/auth.inc.php");
_already_logged($_COOKIE);
if(isset($_POST['submit']))
{
  blah;
  blah;
  blah;
}
  else
  {
          if($_POST['iagree'] == 0) login_page($errmsg = "You must accept User Agreement to proceed");
          else
          _set_cookie($user_data,fm($_POST['rem']),session_id(),fm($_POST['user']));
  }
}
else
  login_page($errmsg = " ");

---

also,

Code:

---

function _set_cookie($user_data, $rem, $session, $username)
{
  if($rem == 1) setcookie('SESSION', $session, time() + 186400);
  else setcookie('SESSION', $session);
  $user_id = $user_data['user_id'];
  $user_name = $user_data['user_name'];
  $user_level = $user_data['user_level'];
  $C = mysql_query(" SELECT * FROM sessions WHERE user_id = '$user_id' AND user_name = '$username' ");
  if(mysql_num_rows($C) == 0)
    $Q = mysql_query(" INSERT INTO sessions (session, user_id, user_name, user_level) VALUES ('$session','$user_id','$username','$user_level') ");
  else
    $Q = mysql_query(" UPDATE sessions SET session = '$session' WHERE user_id = '$user_id' AND user_name = '$username' ");
  header('Location: '.$_SESSION['uri']);
}

---

and

Code:

---

function login_page($amsg)
{
  _begin_html();
  _page_top();
  _disclaimer();
  _error_msg($amsg);
  _login_box();
}

---

The user enters his input, then execution loads page3 again (index.php), the session variables are still there and things proceed correctly the second time around. All is OK, except that I still don't know what $_SYSTEM variable is used for the page reentry, but I guess I don't need to know this.

I want to thank you guys for your help and persistence with me, it's very much appreciated.

I am trying to get the same goal as strangeplant - but am having a tough time getting my cookies read and the redirect to work. I don't really want to track WHO they are, only want to make sure they accepted the terms of service before proceeding.

So I have a
generic term page with legal stuff

the user clicks "I agree"

which tosses them to another page that says "Thanks" But the real purpose is to plant a session cookie. (real simple - setcookie ($cookie) )
then they click a "proceed" button and that takes them to the section that needs the legal disclaimer.
The problem is - I can get to the section without the redirect - or thank you - I can get there without the cookie.
Ideas? I have deleted the browser cookies and am placing it before any HTML or text.
<?php
if (!isset($_SESSION['name']))
return true;
else {
return false;
}

if (!emptygo_to =="http://beta.xxx.xxxxxxx.cccccc.yyyy..php")
?>
and yeas, I do feel like a dork.

<?php
function _check_auth($_COOKIE)
{ if(isset($_POST['submit']));

elseif
($_GET["http://beta.xxxxxxxxxxxxxxxxx.php"]);

else
die ("You must accept the disclaimer terms before proceeding.");
}
?>

Thanks! I did check into that check_auth routine thanks to strangeplant!