0

Okay, What I have here is a simple php login session. Sometimes session destroy even I don't destroy the session. In my Index.php, there's a link for editing record. My problem is, if session destroy and I click edit, the page open's in modal or fancybox and shows login.php and after I login it's goes to index.html. What I need to do is instead of going into index.html, I need to redirect to edit.php with GET value to continue the edit process. Any help?

Index.php

<a class="fancybox" href="edit.php?pn='.$row["id"].'"><img src="images/edit.png"></a>

Edit.php

<?php 
session_start();
include('connect.php');
$tbl_name="login_admin";
if(! isset($_SESSION['id'])){
header('location:login.php');
exit;
}
$id = $_SESSION['id'];
$sql = $mysqli->query("SELECT * FROM $tbl_name WHERE username='$id'");
$accounts   = $sql->fetch_assoc();

$term= $mysqli->real_escape_string($_GET["pn"]);
?>

Login.php

<?php
require_once('connect2.php');

session_start();
$username = $_POST['username'];
$password = $_POST['password'];
$submit = $_POST['submit'];

if($username && $password){
$sql = sprintf("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");
$result = @mysql_query($sql);
$accounts = @mysql_fetch_array($result);
}
if($accounts){
$_SESSION['id'] = $accounts['username'];
header("location:index.html");
exit;
}elseif($submit){
$msg = 'Invalid Username or Password';
}
?>
Improve this question
1
  • This is not possible because when you login it always redirect to home page. And not to edit page or the page at which you last session was destroyed. Commented Sep 2, 2014 at 5:26

1 Answer 1

Reset to default
0

Unfortunately you can't continue the edit process, but you can redirect user to edit page after login.

There are more ways how to to it, I will show one of them.

  1. before redirecting user to login script, save his original URL to session (another way would be to pass it to login.php as GET parameter - don't forget validation in that way):

Edit.php:

<?php 
session_start();
include('connect.php');
$tbl_name="login_admin";
if(! isset($_SESSION['id'])){
    $_SESSION['original_url']=$_SERVER['REQUEST_URI']
    header('location:login.php');
    exit;
}
// rest of the code.....
  1. Then redirect user to that page instead of default index.html page

Login.php:

<?php
require_once('connect2.php');

session_start();
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$submit = $_POST['submit'];

// Security note: see I've sanitized $username and $password with mysql_real_escape_string() to avoid SQL injection
if($username && $password){
    $sql = sprintf("SELECT * FROM $tbl_name WHERE username='$username' AND password='$password'");
    $result = mysql_query($sql);
    $accounts = mysql_fetch_array($result);
}

// when account was found store identity to session
if($accounts){
    $_SESSION['id'] = $accounts['username'];

    if (isset($_SESSION['original_url']) {
        // if user came from internal url, redirect to it and remove it from session
        $originalUrl = $_SESSION['original_url'];
        unset($_SESSION['original_url']);
        header("location:".$originalUrl);
        exit;
    } else {
        // redirect user to default page after login
        header("location:index.html");
        exit;
    }

} elseif($submit){
    // login form was sent, but user with given password not found
    $msg = 'Invalid Username or Password';
}
?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.