RE: [PHP] Sessions and Query String Variable Handling

Sat, 27 Apr 2002 14:29:09 -0700 

$page = $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"] .
$_SERVER["QUERY_STRING"];
 
That will recreate the URL that the user clicked on. Save that to a
variable before you check for a session. Once you start a session or
verify that one exists, use header() to send them back to that page. 
 
---John Holmes.
 
-----Original Message-----
From: Dennis Moore [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, April 27, 2002 2:37 PM
To: [EMAIL PROTECTED]
Subject: [PHP] Sessions and Query String Variable Handling
 
Env:  Apache 1.3.x/php4.0.6/mysql3.23.x
 
Scenario:  I have built a system that uses PHP sessions for user access.
Within the system I send user notifications via email.   Within the
email are links to certain pages with variables.  For example.
 
http://mysite.com/view_page.htm?id=6
 
My system checks to see if the session is valid.  Since the user is
coming from an email.  There is no session.  So the user is prompted for
the user and password.  They enter and click submit.  The authentication
passes the user to right page, but losses the variables in the query
string.  Thus causing errors.
 
Here is the authentication code...
#### set session settings from login form
if (!session_is_registered("valid_user") && $session_login=="proc") {
 if ($userid && $password) {
    // if the user has just tried to log in
 
    $db_conn = mysql_connect("localhost");
    mysql_select_db("$dbname", $db_conn);
    $query = "select * from auth_users "
           ."where auth_username='$userid' "
           ." and auth_password='$password' ";
    $result = mysql_query($query, $db_conn);
    if (mysql_num_rows($result) >0 ) {
      // if they are in the database register the user id
      $valid_user = $userid;
      $valid_group=mysql_result($result,0,"auth_group");
   $valid_perms=mysql_result($result,0,"auth_perms");
   $valid_auth_id=mysql_result($result,0,"auth_id");
      session_register("valid_user");
   session_register("valid_group");
   session_register("valid_perms");
   session_register("valid_auth_id");
    } else {
   $invalid_login= "Invalid login:  Could not log you in...
   <!--ERROR: $dbname <P> $query-->";
  }
 }
}
 
Any Ideas on how to pass the query string variables through the
authentication process?

Reply via email to