The scenario:- I am redirecting the user to the previous page after the successful login. login.php has a form which takes username and password and POSTs to the login_check.php. login_check.php checks for authentication of the user and if passed it redirects the user to the default page unless the user has a choice(i.e: if he visited to some other page,say people's.php and that people's.php finds that he is not logged in and redirects him to login page so that he can get back after successful login). I am also storing the visited URL in a hidden field in the form in login.php :-
echo '<input type="hidden" name="location" value="';
if(isset($_GET['location']))
{
echo htmlspecialchars($_GET['location']);
}
echo '"/>';
In login_check.php, after authentication check I check whether there is a user choice otherwise redirects him to default page:-
//REDIRECT USER TO PREVIOUS PAGE IF ANY
if(isset($_POST['location']))
{
header("location:".$_POST['location']);
exit;
}
My question:- If I write the URI people's.php in the browser it prompts me to log in accordingly and redirects me after login.If I try something like people&lsquo;s.php I get page not found message.(As Encoded URL using htmlspecialchars() is stored in the hidden field as shown in the code above). So,where does the decoding of the URL take place and why does it not work the other way(i.e:people&lsquo;s.php)?