views:

351

answers:

8

I’m using the following code to redirect the user if he/she logged in correctly (see comments in code). But I’m getting an error. What am I doing wrong?

<?php
   require 'inc/header.php';
   require 'inc/config.php';
   require 'inc/functions.php';
?>

<?

$login = $_POST['login'];

if($login==1)
{

    $username = mysql_escape_string(trim($_POST['username']));
    $passwd = mysql_escape_string(trim($_POST['passwd']));
            $QUERY = "
                SELECT
                    *
                FROM
                    login
                WHERE
                    username = '$username' and password='$passwd'

            ";

            $result = send_query($QUERY);

            $num_rows = mysql_num_rows($result);
            $flag=0;
            if($num_rows == 0)
            {
                //show_error('Invalid username');
                $flag=1;
            }
            else
            {

               //this is correct login so i am trying to forward but i am geting  error
                //here

               header('Location: admin_home.php');
               exit;

            }

}

?>

<div class="left">
      <div class="left_articles">

       <h2>ADMIN LOGIN</h2>
                 <p class="description"><?if($flag== 1 ) echo "invalid login" ; ?> </p>
                <p><form action="admin.php" method="POST">

                    <table border="0">

                        <tbody>
                            <tr>
                                <td>Username</td>
                                <td><input type="text" name="username" value="" /></td>
                            </tr>
                            <tr>
                                <td>Password</td>
                                <td><input type="password" name="passwd" value="" /></td>
                            </tr>
                            <tr>
                                <td></td>
                                <td><input type="submit" value="Login" /></td>
                            </tr>
                            <tr>
                                <td></td>
                                <td></td>
                            </tr>
                        </tbody>
                    </table>
                    <input type="hidden" name="login" value="1" />
                </form>
                </p>
      </div>

            <B> AFTER LOGING INTO ADMIN PANEL YOU CAN DO FOLLOWING THINGS <B>
      <p align="center">
                <ul>
                    <li>Add new Jobtype</li>
                    <li>Add new Questions</li>
                    <li>Modify Selection Cretiria</li>
                </ul>    
            </p>
     </div>

     <div id="right">
      <div class="boxtop"></div>
      <div class="box">
       <p><img src="images/image.gif" alt="Image" title="Image" class="image" /><b>Akshay ipsum dolor sit amet</b><br />consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis.<br /></p>
       <div class="buttons"><p><a href="#" class="bluebtn">Read</a> <a href="#" class="greenbtn">Mark</a></p></div>
      </div>

      <div class="boxtop"></div>
      <div class="box">
       <p><img src="images/image.gif" alt="Image" title="Image" class="image" /><b>Pako dolor sit amet</b><br />consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis.<br /></p>
       <div class="buttons"><p><a href="#" class="bluebtn">Read</a> <a href="#" class="greenbtn">Mark</a></p></div>
      </div>
     </div>    
<?  require 'inc/footer.php'  ?>
+1  A: 

This should do:

<?php
header('Location: page.php');
?>

See the header function. For more complicated redirect URLs, you might want to look at the http_redirect function.

You need to make sure you output the headers before outputting any regular content, or it won't work. You can check with headers_sent if necessary.

Content after outputting the HTTP header is allowed, but it won't be shown to the user under most circumstances. Usually it makes sense to just do an exit; right after the header statement.

Thorarin
You should add die() or exit to the end to make sure script stops and outputs headers.
usoban
Not necessarily. A redirect page is allowed to have content. Usually it won't make sense to waste time outputting content though :)
Thorarin
i am geting this error Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\inc\header.php:7) in C:\xampp\htdocs\Selection\admin.php on line 39 –
You should do the redirect before you start outputting the rest of your page. Whatever is on that mentioned line, you'll have to change things so it won't get run at all, or at least *after* you set the `Location` header.
Thorarin
+6  A: 

You'll want to issue a HTTP Header to redirect the client:

if ($redirect == true) {
  //redirect
  header("Location: http://www.mysite.com/noauth.php"); 

  //And exit
  exit;
}

See PHP Manual on Headers. You need to exercise some care when using headers: they have to be sent before any other output to the client. This includes any rogue white space you might have at the top of your php scripts, which will throw an error if you try and issue a new header.

iAn
I wouldn't use an absolute URL. It would be a pain if you were ever to change domain names. If you want to redirect to a single domain for SEO purposes, you should do a 301 redirect (permanent).
Thorarin
i am geting this errorWarning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\inc\header.php:7) in C:\xampp\htdocs\Selection\admin.php on line 39
That means that your site has already outputted something, you can only use header() when your site hasn't outputted anything. Make sure there is nothing send to the browser (including whitespace) before you use the header() function.
Pim Jager
i have pasted my entire code of that page. Plz correct it by eding by post and add a commment her
i got it. I was including header.php that was print something before i was valdating my loging details
Absolute URIs are required by the specification. It’s only the tolerance of the browsers that relative URIs are also accepted.
Gumbo
+1 For using an absolute URI.
Gumbo
+1  A: 

If you haven't already printed any headers you could use header to redirect as below:

<?php

    header("Location: B.php");

?>
Swanny
i am geting this error Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\inc\header.php:7) in C:\xampp\htdocs\Selection\admin.php on line 39 –
Make sure there is no blank space at the end of your header.php file. If that is an HTML header then you'll have to move all your code above that.
mrinject
+1  A: 

Use Header('Location: filename.php'); and you will be redirected to the filename.php.

mkamthan
A: 

The header("location: b.php";) is the way to go, on the comment by Thorarin, there should be no more output after the header command, other than either a die; or an exit();. Having content that should not be acted upon may be visible to search engine spiders that do not act upon the header("location"); command and they may follow links on the page that you don't want followed.

Also it wasnt mentioned, but if redirect is to a page that can only be accessed by a person that has logged in, you should be setting a session or use some other method so that you can be sure the person entering b.php actually is a verified / logged in user.

Bill H

Bill H
A: 

header() technically expects a full url (i.e. http://example.com), but that's not the problem here.

headers must be sent before anything else is printed on the page (even whitespace)—take a look at line 5: that's one carriage return, that will cause your header()-call to fail

knittl
A: 

This is a SQL injection attack waiting to happen...

Colin
A: 

< ? php
require 'inc/header.php';
require 'inc/config.php';
require 'inc/functions.php';
? >
<-- what about this newline character?
< ?