Redirecting to previous page after login? PHP

A common way to do this is to pass the user's current page to the Login form via a $_GET variable.

For example: if you are reading an Article, and you want to leave a comment. The URL for comments is comment.php?articleid=17. While comment.php is loading, it notices that you are not logged in. It wants to send you to login.php, like you showed earlier. However, we're going to change your script so that is also tells the login page to remember where you are:

header("Location:login.php?location=" . urlencode($_SERVER['REQUEST_URI']));// Note: $_SERVER['REQUEST_URI'] is your current page

This should send the user to: login.php?location=comment.php%3Farticleid%3D17. login.php should now check to see if $_GET['location'] is populated. If it is populated, then send the user to this location (in this case, comment.php?articleid=17). For example:

//  login.phpecho '<input type="hidden" name="location" value="';if(isset($_GET['location'])) {    echo htmlspecialchars($_GET['location']);}echo '" />';//  Will show something like this://  <input type="hidden" name="location" value="comment.php?articleid=17" />

//  login-check.phpsession_start();//  our url is now stored as $_POST['location'] (posted from login.php). If it's blank, let's ignore it. Otherwise, let's do something with it.$redirect = NULL;if($_POST['location'] != '') {    $redirect = $_POST['location'];}if((empty($username) OR empty($password) AND !isset($_SESSION['id_login']))) {    $url = 'login.php?p=1';    // if we have a redirect URL, pass it back to login.php so we don't forget it    if(isset($redirect)) {        $url .= '&location=' . urlencode($redirect);    }   header("Location: " . $url);   exit();}elseif (!user_exists($username,$password) AND !isset($_SESSION['id_login'])) {    $url = 'login.php?p=2';    if(isset($redirect)) {        $url .= '&location=' . urlencode($redirect);    }   header("Location:" . $url);   exit();}elseif(isset($_SESSION['id_login'])) {    // if login is successful and there is a redirect address, send the user directly there    if($redirect) {        header("Location:". $redirect);    } else {        header("Location:login.php?p=3");    }    exit();}

Gotchas

You should run some validation against $_GET['location'] before sending the user there. For example, if I tell people who use your site to click on this link: login.php?location=http%3A%2F%2Fmalice.com%2Fevilpage.php... then they will be sent to a foreign URL that will try to do something bad.

Always make sure to use urlencode when passing URLs as $_GET parameters. This encodes special URL characters (such as ?, &, and %) so that they don't break your url (e.g.: login.php?location=comment.php?id=17 <- this has two ?'s and will not work correctly)

When user gets to the login page use this to see where is come from

$_SERVER['HTTP_REFERER']

Then set this value into the session, and when he is authenticated use url from the session to redirect him back. But you should do some checking before, if the url is your site. Maybe he come from another site directly to login :)

You can save a page using php, like this:

$_SESSION['current_page'] = $_SERVER['REQUEST_URI']

And return to the page with:

header("Location: ". $_SESSION['current_page'])