How do I redirect the user to the address they are visiting after logging in?

Asked

Viewed 588 times

0

How do I redirect the user to the page they were browsing after the user logged in? I’ve seen solutions using $_SERVER['HTTP_REFERER'];, but I think it’s not a good idea, could help me with some example of code ?

Grateful

  • It’s via ajax, modal or it comes off a page and goes to login.php? Do you want it to return to the source of the click? You can pass a variable to the redirect.

  • I am trying to do via PHP .... in the cases I am seeing the user eh directed to a specific page after login. What I need is for the user to continue on the page he was navendo after logging in. I still can not understand, because the header('Location:pagina.ext'); already specifies the page. If for example the user is not logged in, choose the product you want to buy, click the buy button and the site directs to the login/registration page. What I need is for it to return the purchase page that was before login was required.

  • "the site directs to the login/registration page. What I need is for it to return the purchase page that was before login was required." Good in my view has a confusion there, if you want to allow him to choose products without logging in, the login can be done at the end, now that the choice parameters must go together after the login there is another 500...

3 answers

2

Implement URL storage in your process. Example:

  • While the user browses through public states without needing Sign-in, intercept the current URL and store it in session or local Storage.
  • User navigates to a state that requires login. Redirect/treat.
  • When the user returns, get the URL you previously stored and redirect to the corresponding state.
  • to do this URL storage there is another option to: $_SERVER['HTTP_REFERER']; ?

  • @Felipelimadiniz HTTP_REFERER is a server variable. The suggestion is to implement client-side.

1

With the $_SERVER['HTTP_REFERER'], you will get the referrer which was defined by the sent header, this is unreliable, but may reasonably believe in it for that purpose. You can also use a parameter in the URL to indicate which page is next.


One method used in both cases is to use the ?pagina=, for example Twitter, Instagram, Facebook:

twitter.com/login?redirect_after_login=%2FInkeliz

instagram.com/accounts/login/?next=%2FInkeliz

facebook.com/login/?next=https%3A%2F%2Fwww.facebook.com%2FInkeliz

This indicates that after login it will go where the parameter indicates.


That way you can have a buttock, <div class="fazerLogin">LOGIN</div> and use it to always add the parameter, for example:

$('.fazerLogin').attr('href',
  'https://exemplo.com/login?next=' + encodeURIComponent($(location).attr('href'))
);
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>

<a class="fazerLogin" href="https://exemplo.com/login">LOGIN</a>    

Place your mouse to "LOGIN" to see the new URL path.

So in PHP do the following:

  1. Get the parameter next.

  2. Check the next is valid, matches your domain.

  3. Redirect the user.


For example:

// Define um URL padrão se não houver um válido
function linkEncaminhar($nomeParametro){

    $url = 'https://exemplo.com/perfil';

     if(isLinkValido($nomeParametro) === true){
        $url = urldecode($_GET[$nomeParametro]);
     }

    return $url;

}

// Verifica se o URL é válido
function isLinkValido($nomeParametro){

    $meuDominio = 'https://exemplo.com/';

    return isset($_GET[$nomeParametro]) &&
           is_string($_GET[$nomeParametro]) &&
           substr( urldecode($_GET[$nomeParametro]) , 0, strlen($meuDominio)) === $meuDominio;

}

Thus:

$urlRedicionar = linkEncaminhar('next');

header('Location: ' . $urlRedicionar);

That way if the https://exemplo.com/login?next=https%3A%2F%2Fexemplo.com%2Fsobre-nos is accessed after the login will go to https://exemplo.com/sobre-nos.


/!\ CARING:

If there is a link of type https://exemplo.com/configuracao?excluir_conta=true without any kind of CSRF-Token, a person can make a https://exemplo.com/login?next=https://exemplo.com/configuracao?excluir_conta=true, then after the person connects and will be redirected to such URL, which will delete the account, in this hypothetical situation!

There is such a problem on a state site "very famous"...

0

Can use header('location:pagina.ext');

  • Thanks for the help! Have some example code ?

  • Poxa champion, the example usually comes from an initial code of the AP, in the link of the duplicate has...

  • The header only contains the resource’s URI. Parameters such as querystrings and states (#ancora) are ignored.

  • I didn’t understand man... Actually I understood, but what is the relationship with my answer ?

Browser other questions tagged

You are not signed in. Login or sign up in order to post.