Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Login redirect to referrer URL
Login redirect to referrer URL
  • El Forum
    Guest
  •  
#1
09-18-2009, 01:02 PM

[eluser]copernicus[/eluser]
I have a login page that acts normally when you login, you go to the user page. There are different views in the user page and say I email a link to a specific view to a user. The URL would be like

http://mysite.com/user/view/5

Now if the user clicks that and is logged in, they will go to that view. But if the user isn't logged in, they will be kicked back to the login page but after they log in they go to the base user page, not the specified view.

What logic would I need to put in my login controller in order for it to act normally, but if the user is trying to access a certain view via an emailed URL, it will take them there after they successfully login?
  • El Forum
    Guest
  •  
#2
09-18-2009, 01:24 PM

[eluser]copernicus[/eluser]
redirect($_SERVER['HTTP_REFERER']);

Seems to work, any security concerns that I am unaware of?
  • El Forum
    Guest
  •  
#3
09-18-2009, 01:24 PM

[eluser]bretticus[/eluser]
You need to store the file they intended to get to in their session. I posted an example of a rough and quick authentication lib several days back that I put together. It uses this method. Take a look. It should point you in the right direction at least.
  • El Forum
    Guest
  •  
#4
09-18-2009, 01:27 PM

[eluser]bretticus[/eluser]
[quote author="copernicus" date="1253319887"]redirect($_SERVER['HTTP_REFERER']);

Seems to work, any security concerns that I am unaware of?[/quote]
That is basically what I'm doing.

As for security, you only call that redirect on a succssful login. If you are using session cookies you can encrypt them in config.php to prevent tampering. Still can't see an obvious security concern.
  • El Forum
    Guest
  •  
#5
09-18-2009, 04:41 PM

[eluser]renownedmedia[/eluser]
I do a redirect($this->agent->referrer()) in one of my apps for the login part, but I think there is security implications, if someone XSS's the referrer page to be the account_delete controller, etc. Perhaps run a regex on it so that it doesn't contain anything bad?
  • El Forum
    Guest
  •  
#6
09-19-2009, 05:16 AM

[eluser]Unknown[/eluser]
I use a piece of code which stores the current url and referrer in their session, and then takes them back to where they came from upon login and other stuff.

Although of course you'll have to check for bad controllers in the referrer url like Thomas said..
  • El Forum
    Guest
  •  
#7
09-30-2009, 09:36 AM

[eluser]Unknown[/eluser]
[quote author="rickih" date="1253376983"]I use a piece of code which stores the current url and referrer in their session, and then takes them back to where they came from upon login and other stuff.

Although of course you'll have to check for bad controllers in the referrer url like Thomas said..[/quote]

Using sessions is great. But what if the user has multiple tabs open? Let me give you an example:

Step 1. User loads page 1 requiring auth access. I store page 1 url in session and show him the login box.
Step 2. Meanwhile the user loads page 2 in another tab of the browser. Now the referring url changes to that of page 2.
Step 3. At this juncture if user successfully logs-on in the original tab (page 1) he will be redirected to page 2 !!

Any solution to this? Because this situation could be quite common.
  • El Forum
    Guest
  •  
#8
01-07-2010, 12:51 PM

[eluser]doccer[/eluser]
I have successfully used the following code to by pass the whole HTTP_REFERRER issues. --This only works within the session. I have sessions and url autoloading.

First create two hooks. One with a post_controller_constructor setting and one with a
post_controller setting.

Code:
$hook['post_controller_constructor'] = array(
                                'class'    => 'Site_hook',
                                'function' => 'Settings',
                                'filename' => 'Site_hook.php',
                                'filepath' => 'hooks',
                                'params'   => array()
                                );

$hook['post_controller'] = array(
                                'class'    => 'Site_hook',
                                'function' => 'Referrer',
                                'filename' => 'Site_hook.php',
                                'filepath' => 'hooks',
                                'params'   => array()
                                );

Next create the function for these hooks:
Code:
<?php

class Site_hook  
{
    var $CI;
    
    function Site_hook()
    {
        $this->CI =& get_instance();
    }
    
    function Settings()
    {
        // Set for first time referrer.. Used only if when user first lands on site
        if(!$this->CI->session->userdata("referrer")) $this->CI->session->set_userdata("referrer", current_url());
    }
    
    function Referrer()
    {
        // Referrer storage. Test for ajax and other non referrer calls
        if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !isset($this->CI->referrer))
        {
            $this->CI->session->set_userdata("referrer", current_url());
        }
    }

}

?>

Next in your controller functions use the following to get the last page.
Code:
$this->session->userdata('referrer');

Or use the following to redirect to the last page.
Code:
redirect($this->session->userdata('referrer'));

If you dont want some function to record its referrer (like a embedded flash call to a controller) user the following in the function
Code:
// Remove call from referrer tracking
        $this->referrer = false;

Ajax calls are automatically stripped from the referrer session var (if your javscript lib supports this variable: $_SERVER['HTTP_X_REQUESTED_WITH']).

This works really well when you want to redirect from a login form to the same page and your functions are separate, etc. Also this works if you are using SSL. SSL was not giving me a HTTP_REFERRER for my server.

The only problem with this solution is going back and forth between admin and front end of your application. If you have created a CMS of sorts youll need:
Code:
if($this->CI->uri->segment(1) == 'admin' && (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !isset($this->CI->adminReferrer)))
        {
            $this->CI->session->set_userdata("adminReferrer", current_url());
        }
or what ever it takes to check for your admin area. Other wise if you go back and for between the admin and the front end of your site, you end up referring to the front end when you make a change and save, from the admin area.

Hope it works for others.
  • El Forum
    Guest
  •  
#9
12-22-2010, 12:38 AM

[eluser]Unknown[/eluser]
[quote author="doccer" date="1262911894"]I have successfully used the following code to by pass the whole HTTP_REFERRER issues. --This only works within the session. I have sessions and url autoloading.

First create two hooks. One with a post_controller_constructor setting and one with a
post_controller setting.

Code:
$hook['post_controller_constructor'] = array(
                                'class'    => 'Site_hook',
                                'function' => 'Settings',
                                'filename' => 'Site_hook.php',
                                'filepath' => 'hooks',
                                'params'   => array()
                                );

$hook['post_controller'] = array(
                                'class'    => 'Site_hook',
                                'function' => 'Referrer',
                                'filename' => 'Site_hook.php',
                                'filepath' => 'hooks',
                                'params'   => array()
                                );

Next create the function for these hooks:
Code:
<?php

class Site_hook  
{
    var $CI;
    
    function Site_hook()
    {
        $this->CI =& get_instance();
    }
    
    function Settings()
    {
        // Set for first time referrer.. Used only if when user first lands on site
        if(!$this->CI->session->userdata("referrer")) $this->CI->session->set_userdata("referrer", current_url());
    }
    
    function Referrer()
    {
        // Referrer storage. Test for ajax and other non referrer calls
        if(!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !isset($this->CI->referrer))
        {
            $this->CI->session->set_userdata("referrer", current_url());
        }
    }

}

?>

Next in your controller functions use the following to get the last page.
Code:
$this->session->userdata('referrer');

Or use the following to redirect to the last page.
Code:
redirect($this->session->userdata('referrer'));

If you dont want some function to record its referrer (like a embedded flash call to a controller) user the following in the function
Code:
// Remove call from referrer tracking
        $this->referrer = false;

Ajax calls are automatically stripped from the referrer session var (if your javscript lib supports this variable: $_SERVER['HTTP_X_REQUESTED_WITH']).

This works really well when you want to redirect from a login form to the same page and your functions are separate, etc. Also this works if you are using SSL. SSL was not giving me a HTTP_REFERRER for my server.

The only problem with this solution is going back and forth between admin and front end of your application. If you have created a CMS of sorts youll need:
Code:
if($this->CI->uri->segment(1) == 'admin' && (!isset($_SERVER['HTTP_X_REQUESTED_WITH']) && !isset($this->CI->adminReferrer)))
        {
            $this->CI->session->set_userdata("adminReferrer", current_url());
        }
or what ever it takes to check for your admin area. Other wise if you go back and for between the admin and the front end of your site, you end up referring to the front end when you make a change and save, from the admin area.

Hope it works for others.[/quote]

/////////////////////////////////////////////////////
$current_url=$this->session->userdata('current_url');
$this->session->unset_userdata('current_url');

can any person explain about this




Theme © iAndrew 2016 - Forum software by © MyBB