tags:

views:

351

answers:

8
+2  Q: 

What’s wrong with my HTTP redirect?

I’m using the following code to redirect the user if he/she logged in correctly (see comments in code). But I’m getting an error. What am I doing wrong?

<?php
   require 'inc/header.php';
   require 'inc/config.php';
   require 'inc/functions.php';
?>

<?

$login = $_POST['login'];

if($login==1)
{

    $username = mysql_escape_string(trim($_POST['username']));
    $passwd = mysql_escape_string(trim($_POST['passwd']));
            $QUERY = "
                SELECT
                    *
                FROM
                    login
                WHERE
                    username = '$username' and password='$passwd'

            ";

            $result = send_query($QUERY);

            $num_rows = mysql_num_rows($result);
            $flag=0;
            if($num_rows == 0)
            {
                //show_error('Invalid username');
                $flag=1;
            }
            else
            {

               //this is correct login so i am trying to forward but i am geting  error
                //here

               header('Location: admin_home.php');
               exit;

            }

}

?>

<div class="left">
      <div class="left_articles">

       <h2>ADMIN LOGIN</h2>
                 <p class="description"><?if($flag== 1 ) echo "invalid login" ; ?> </p>
                <p><form action="admin.php" method="POST">

                    <table border="0">

                        <tbody>
                            <tr>
                                <td>Username</td>
                                <td><input type="text" name="username" value="" /></td>
                            </tr>
                            <tr>
                                <td>Password</td>
                                <td><input type="password" name="passwd" value="" /></td>
                            </tr>
                            <tr>
                                <td></td>
                                <td><input type="submit" value="Login" /></td>
                            </tr>
                            <tr>
                                <td></td>
                                <td></td>
                            </tr>
                        </tbody>
                    </table>
                    <input type="hidden" name="login" value="1" />
                </form>
                </p>
      </div>

            <B> AFTER LOGING INTO ADMIN PANEL YOU CAN DO FOLLOWING THINGS <B>
      <p align="center">
                <ul>
                    <li>Add new Jobtype</li>
                    <li>Add new Questions</li>
                    <li>Modify Selection Cretiria</li>
                </ul>    
            </p>
     </div>

     <div id="right">
      <div class="boxtop"></div>
      <div class="box">
       <p><img src="images/image.gif" alt="Image" title="Image" class="image" /><b>Akshay ipsum dolor sit amet</b><br />consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis.<br /></p>
       <div class="buttons"><p><a href="#" class="bluebtn">Read</a> <a href="#" class="greenbtn">Mark</a></p></div>
      </div>

      <div class="boxtop"></div>
      <div class="box">
       <p><img src="images/image.gif" alt="Image" title="Image" class="image" /><b>Pako dolor sit amet</b><br />consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis.<br /></p>
       <div class="buttons"><p><a href="#" class="bluebtn">Read</a> <a href="#" class="greenbtn">Mark</a></p></div>
      </div>
     </div>    
<?  require 'inc/footer.php'  ?>
+1  A: 

This should do:

<?php
header('Location: page.php');
?>

See the header function. For more complicated redirect URLs, you might want to look at the http_redirect function.

You need to make sure you output the headers before outputting any regular content, or it won't work. You can check with headers_sent if necessary.

Content after outputting the HTTP header is allowed, but it won't be shown to the user under most circumstances. Usually it makes sense to just do an exit; right after the header statement.

Thorarin  2009-08-15 11:39:05
You should add die() or exit to the end to make sure script stops and outputs headers.
usoban  2009-08-15 11:41:03
Not necessarily. A redirect page is allowed to have content. Usually it won't make sense to waste time outputting content though :)
Thorarin  2009-08-15 11:43:00
i am geting this error Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\inc\header.php:7) in C:\xampp\htdocs\Selection\admin.php on line 39 –
 2009-08-15 12:07:37
You should do the redirect before you start outputting the rest of your page. Whatever is on that mentioned line, you'll have to change things so it won't get run at all, or at least *after* you set the `Location` header.
Thorarin  2009-08-15 17:40:40
+6  A: 

You'll want to issue a HTTP Header to redirect the client:

if ($redirect == true) {
  //redirect
  header("Location: http://www.mysite.com/noauth.php"); 

  //And exit
  exit;
}

See PHP Manual on Headers. You need to exercise some care when using headers: they have to be sent before any other output to the client. This includes any rogue white space you might have at the top of your php scripts, which will throw an error if you try and issue a new header.

iAn  2009-08-15 11:39:17
I wouldn't use an absolute URL. It would be a pain if you were ever to change domain names. If you want to redirect to a single domain for SEO purposes, you should do a 301 redirect (permanent).
Thorarin  2009-08-15 11:45:17
i am geting this errorWarning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\inc\header.php:7) in C:\xampp\htdocs\Selection\admin.php on line 39
 2009-08-15 11:55:45
That means that your site has already outputted something, you can only use header() when your site hasn't outputted anything. Make sure there is nothing send to the browser (including whitespace) before you use the header() function.
Pim Jager  2009-08-15 12:21:59
i have pasted my entire code of that page. Plz correct it by eding by post and add a commment her
 2009-08-15 12:37:17
i got it. I was including header.php that was print something before i was valdating my loging details
 2009-08-15 12:44:53
Absolute URIs are required by the specification. It’s only the tolerance of the browsers that relative URIs are also accepted.
Gumbo  2009-08-16 17:53:44
+1 For using an absolute URI.
Gumbo  2009-08-16 18:00:52
+1  A: 

If you haven't already printed any headers you could use header to redirect as below:

<?php

    header("Location: B.php");

?>
Swanny  2009-08-15 11:39:46
i am geting this error Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Selection\inc\header.php:7) in C:\xampp\htdocs\Selection\admin.php on line 39 –
 2009-08-15 12:34:41
Make sure there is no blank space at the end of your header.php file. If that is an HTML header then you'll have to move all your code above that.
mrinject  2009-08-15 20:52:13
+1  A: 

Use Header('Location: filename.php'); and you will be redirected to the filename.php.

mkamthan  2009-08-15 11:46:02
A: 

The header("location: b.php";) is the way to go, on the comment by Thorarin, there should be no more output after the header command, other than either a die; or an exit();. Having content that should not be acted upon may be visible to search engine spiders that do not act upon the header("location"); command and they may follow links on the page that you don't want followed.

Also it wasnt mentioned, but if redirect is to a page that can only be accessed by a person that has logged in, you should be setting a session or use some other method so that you can be sure the person entering b.php actually is a verified / logged in user.

Bill H

Bill H  2009-08-15 11:58:41
A: 

header() technically expects a full url (i.e. http://example.com), but that's not the problem here.

headers must be sent before anything else is printed on the page (even whitespace)—take a look at line 5: that's one carriage return, that will cause your header()-call to fail

knittl  2009-08-16 17:47:51
A: 

This is a SQL injection attack waiting to happen...

Colin  2009-08-28 10:01:23
A: 

< ? php
require 'inc/header.php';
require 'inc/config.php';
require 'inc/functions.php';
? >
<-- what about this newline character?
< ?

 2009-08-29 07:58:53

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases