Forums

Unfortunately no one can be told what FluxBB is - you have to see it for yourself.

You are not logged in.

#1 2016-11-01 20:14:05

abdellah
Member
From: Morocco
Registered: 2010-10-19
Posts: 32

Redirect after authentication

Hello,

I joined the login form on my php pages, I would like us to be redirected to the current page.

I tried with

<input type="hidden" name="redirect_url" value="<?php echo $_SERVER['HTTP_REFERER']; ?>" />

I am redirected to forum/index.php

the only solution I found is to change this line(98) in login.php

// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
		$redirect_url = validate_redirect($_POST['redirect_url'], $_SERVER['HTTP_REFERER']);

by adding $_SERVER['HTTP_REFERER']

// Try to determine if the data in redirect_url is valid (if not, we redirect to index.php after login)
		$redirect_url = validate_redirect($_POST['redirect_url'], $_SERVER['HTTP_REFERER']);

Excuse my English.

Last edited by abdellah (2016-11-02 10:03:47)

Offline

#2 2016-11-11 14:12:29

seven
Member
From: Torino, Italy
Registered: 2010-08-19
Posts: 314
Website

Re: Redirect after authentication

Hi Abdellah, your English is ok smile

FluxBB believes that the "redirect_url" passed from the previous login form is invalid, so it's redirecting you to index.php.

You need to set a "redirect_url" (hidden?) parameter in the form that's being sent to login.php. Something like this:

<form>
<input type="hidden" name="redirect_url" value="<?php echo $_SERVER['HTTP_REFERER'];?>">
...

gamezoo.org - serious gaming services for serious gamers.

Offline

#3 2016-11-14 10:47:28

chris98
Member
From: England, United Kingdom
Registered: 2013-05-31
Posts: 1,292
Website

Re: Redirect after authentication

<?php echo $_SERVER['HTTP_REFERER'];?>

should be

<?php echo pun_htmlspecialchars($_SERVER['HTTP_REFERER']);?>

to avoid any potential XSS attacks on the form.

Depending on what this page is (could you post an example or the URL?) you will still get redirected to index.php because it's always checking if the redirect url is valid.

Offline

Board footer

Powered by FluxBB