What I've done :
1. Allow the user to login
2. Use the login.php page as its own 'form action'
3. Let the login form decide when to redirect the user to the 'destination'
page.
4. force the destination page (welcome.php) to do additional authentication
checking by comparing the users input to some other piece of information
(session variable, cookie, database info, etc...)
Pseudo code for login page
<? php
if $user_input = something || $more_user_info=somethingelse {
header ('Location: http://www.mysite.com/welcome.php');
}
?>
<HTML>
what ever the login page looks like
</html>
Pseudo code for welcome.php:
<? php
if $user_input != something || $more_user_info!=somethingelse {
header ('Location: http://www.mysite.com/login.php');
}
?>
<HTML>
what ever the welcome page looks like
</html>
-----Original Message-----
From: huge junk mail <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, November 06, 2002 9:03 AM
Subject: Re: [PHP] session vs. header
>
>I think I have to re-explain the problem completely. I want to use this
script in a login form. Once, someone is authenticated, then I register
variables for indentifying him/her through session. After I register those
variables I want to redirect him/her to a page, which required authenticated
users (and it's done by registering variables through session). Due to this,
I decide to use header: location. Futhermore, I use IE 5.5, Apache 1.3.26,
PHP 4.2.1 [, MySQL 3.23.51] which running on Windows ME. Here is the script
(register globals is off, due to security and default setting in php.ini).
>
><?php
>$user = $_POST['user'];
>$user = $_POST['password'];
>if (authenticate($user))
>{
> session_start();
> $_SESSION['user'] = $user;
> $_SESSION['password'] = $password;
> header('Location: http://www.mysite.com/member.php');
> exit();
>}
>else
>{
> header('Location: http://www.mysite.com/login.php');
> exit();
>}
>?>
>
>When I try this code with an authenticated user, it seemed browser don't
redirect to the page I specify above. The progress bar looked like searching
something then it led to an error. I don't know why this could happen.
>
>Am I missing something?
>
>Thank you.
>
> huge junk mail <[EMAIL PROTECTED]> wrote:Can someone tell me why I
can't have
>
>$_SESSION['foo'] = 'content of foo';
>
>following by
>
>header('Location: http://www.mysite.com');
>
>Someone from www.php.net told me that it can confuse
>browser (http://bugs.php.net/19991). But, still I
>can't the idea why it can happen. Does register
>session means sending a 'header: location' too?
>
>Thanks.
>
>=====
>Regards,
>
>mahara
>
>__________________________________________________
>Do you Yahoo!?
>Y! Web Hosting - Let the expert host your web site
>http://webhosting.yahoo.com/
>
>--
>PHP General Mailing List (http://www.php.net/)
>To unsubscribe, visit: http://www.php.net/unsub.php
>
>
>Regards,
>
>mahara
>
>
>---------------------------------
>Do you Yahoo!?
>HotJobs - Search new jobs daily now
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
