一种常见的方法是通过$ _GET变量将用户当前页面传递给Login表单。
例如:如果您正在阅读文章,并且您想要发表评论。注释的URL是comment.php?articleid = 17。当comment.php加载时,它注意到你没有登录。它想发送到login.php,就像你以前所示。但是,我们将更改您的脚本,以便也告诉登录页面记住您在哪里:
header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
// Note: $_SERVER['REQUEST_URI'] is your current page
这应该发送用户到:login.php?location = comment.php?articleid = 17。 login.php现在应该检查是否填充$ _GET [‘location’]。如果它被填充,然后发送用户到这个位置(在这种情况下,comment.php?articleid = 17)。例如:
// login.php
echo '';
// Will show something like this:
//
// login-check.php
session_start();
// our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.
$redirect = NULL;
if($_POST['location'] != '') {
$redirect = $_POST['location'];
}
if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {
$url = 'login.php?p=1';
// if we have a redirect URL, pass it back to login.php so we don't forget it
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location: " . $url);
exit();
}
elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {
$url = 'login.php?p=2';
if(isset($redirect)) {
$url .= '&location=' . urlencode($redirect);
}
header("Location:" . $url);
exit();
}
elseif(isset($_SESSION['id_login'])) {
// if login is successful and there is a redirect address, send the user directly there
if($redirect)) {
header("Location:". $redirect);
} else {
header("Location:login.php?p=3");
}
exit();
}
。
在发送用户之前,应该对$ _GET [‘location’]运行一些验证。例如,如果我告诉使用您的网站的人点击此链接:login.php?location = http://malice.com/evilpage.php …然后他们将被发送到外部URL,将尝试做坏事。
始终确保在以$ _GET参数传递URL时使用urlencode。这会对特殊的网址字符(例如?,&和%)进行编码,以便它们不会破坏您的网址(例如:login.php?location = comment.php?id = 17< - this has two?并将无法正常工作)