So, I made a simple PHP login, but when I tried to redirect like this:
$path = $_SERVER["DOCUMENT_ROOT"];
header("Location: $path/admin/index.php");
it seemed like it did nothing, but after I refreshed the page I was logged in.
After I changed my code to this:
header("Location: ../admin/index.php");
it works.
Could someone please explain this to me?
Ps. sorry for my bad english
The header is sent to the browser, so it is not an internal server maneuver. And with it not being an internal redirect, you don't deal with internal paths. When you use DOCUMENT_ROOT you will get the internal server path to the directory where your files are located.
If you want to reference the root of the site as a URL, just use /.
header("Location: /admin/index.php");
header("Location: /"); # go to homepage, for example
Your .. worked because you probably were on a subdirectory, and .. was translated to the parent directory which is where admin is.
$_SERVER["DOCUMENT_ROOT"];
returns path like /var/www/html/yourfolder/, but you have to redirect to website.com/yourfolder/ or localhost/yourfolder/.
hence that won't work.
Have you tried printing the value of $path?
the value of $path is relative to the actual file location
e.g. $path = '/c/inetpub/sites/example/main/'
You probably wanted something like '/c/inetpub/sites/example/' or '/c/inetpub/sites/example/main/..'
Related
I am doing a project with XAMPP from my university in which they ask me to use the header function to perform redirects and a file structure to follow. But I'm having some problems.
I have the following file structure:
backend/validateSession.php
backend/show.php
index.php
login.html
So, validateSession.php has this inside:
session_start();
if(!isset($_SESSION["DNI"])){
$path = "./login.html";
header("location: ".$path);
}
And both index.php and show.php have to include validateSession.php
index.php:
include_once "./backend/validateSession.php";
show.php:
include_once "./validateSession.php";
When entering index.php, validateSession.php correctly redirects me to login.html
But if I enter from show.php, I have an error because the path is ./login.html instead of ../login.html
So my question is: How could I solve this problem if index.php and show.php need different paths so that header can redirect me correctly? Thanks in advance.
EDIT: header should redirect me to localhost/prog/TP/login.html, but
if i use this path in the header, it probably won't work if someone else tries to access it from their own XAMPP.
The path for an HTTP redirect is relative to the domain, not to the filesystem (since the browser knows nothing about that). In this case, you should just be able to use
$path = "/login.html";
header("location: ".$path);
Note the lack of . at the start of path. domain.com/index.php, domain.com/backend/show.php (and any others) will all redirect to domain.com/login.html
I have the following folder structure
/main/site/
the redirect script is in the following dir
/main/site/backend/
header('Location: ../register.php');
returns to /main/register.php/ when it should go to /main/site/register.php
It seems all ok in the code , since ../ should go back one dir,
someone know what is wrong?
It does not matter where your script resides - every Location instruction applies to what the outside looks like. If the script is requested thru https://www.example.com/main/site/backend/filename.php then it must redirect to ../../register.php or even better /main/register.php.
Try changing to this
header('Location: ./../register.php');
./ Forces PHP to look only in current directory
See this post
I came across an issue where an absolute path set in header location wouldn't work but pointing to the file itself did. This only affected a few customers. One of them was nice enough to try connecting through a VPN which made the header location work.
Didn't work:
header('Location: http://www.example.com' . $_SERVER['PHP_SELF']);
Works:
header('Location: ' . $_SERVER['PHP_SELF']);
Can anyone shine some light on this?
Thanks
Your affected customers are not able to resolve the http://www.example.com (or whatever it actually is) URL for some reason. You can verify this by having them just try and visit the http://www.example.com by manually typing it in the browser location bar. That should fail too.
This can happen you have a site that is available under a number of domains, or directly by the IP address. Even www / non-www versions can make this happen. They hit the site at one domain or IP address that works for them, and then you try and redirect them to a URL they can not resolve. This explains why redirecting to just the path works, but an absolute URL doesn't.
If they can reach http://www.example.com in the browser, but not by redirect, ask them to blow out the browser cache.
Also always exit the script afterwards because otherwise in my experience in certain circumstances code that comes after the redirect might still be executed. So a good example would look like this:
header("location:http://www.example.com/path/to/myfile.php");
exit;
Often you would use a server variable for this case:
$url = $_SERVER["HTTP_HOST"]."/path/to/myfile.php";
header("location:".$url);
exit;
Cheers!
Link answer: https://tousu.in/qa/?qa=1091514/
I have the following code in my index.php page:
<?php include("/includes/widgets.php") ?>
And in my widgets.php page:
<?php
header("Location: /");
?>
What I want to achieve with this is to redirect it if the user visits it, but allow it for including.
But I get the following error:
The webpage has a redirect loop
How can I fix/prevent the redirect loop, but still redirect the user and not the server.
Place the widgets.php file in a folder not accessible to HTTP clients. I.e on apache webserver, either put it above your document root (into it's parent) or use .htaccess file to block users from it.
e.g.
deny from all
I think I know what you need :)
Change code index file to next
define("IS_INDEX", true);
include("/includes/widgets.php"
Change code for widgets.php to next
if (!defined("IS_INDEX")) {
header("Location: /");
exit();
}
The issue is you are redirecting back to the same page, which then redirect again, and again, and again.
An easy fix would be to wrap the redirect in an if, and only redirect if they aren't already on the index page; but this is just patching what looks like an architectural problem.
Something like:
if (ltrim($_SERVER['REQUEST_URI'], '/') != 'index.php')
header('Location: index.php');
One way is to check if __FILE__, which is the file loaded, regardless of included or not matches up with the file requested which is in $_SERVER['REQUEST_URI'] (or $_SERVER['PHP_SELF']).
I use this on our development site in a page that is usually included to get the output as debugging.
if(basename($_SERVER['PHP_SELF'])===basename(__FILE__)){
//do some debugging
}
Typically you wouldn't use basename, but this is on a non-public facing development site and the file has a pretty unique name so I'm not worried about the file being included with another file with the same name or anything.
One possible way is to add a parameter to the redirection, e.g.
if (!$_REQUEST['redirect'])
header("Location: /ìndex.php?redirect=1");
That way redirection can happen only once.
Another way is to stop redirection if the user already is on the /. I´d suggest to combine both.
Where do you use the command header()?
I have the following code at handlers/handle_login.php. The user has gone to the site from index.php which is the starting place.
if(!$logged_in){
header("Location: index.php");
die("You are not logged_in");
}
If if-clause is true, I get a 404 error, since the header puts me to to handlers/index.php, instead of index.php.
While I agree with nilamo and earl, I hope I can give a bigger picture:
Using relative paths can have very strange effects depending on where the browser
'thinks' it is in your site hierarchy. For example, assume the site has an index file '/index.php' but is configured to accept module and action in the URI path. You may very well have a url that looks like:
http://www.yoursite.com/forms/contact/
From this situation, returning a header like:
header("Location: index.php");
may very well cause the browser to try to request
http://www.yoursite.com/forms/contact/index.php
which is obviously not what you want. For this reason, it's generally better to use '/index.php' as recommended above, or even better use the fully qualified URL when possible.
Hope this helps.
Set the location to the complete URL of the index.php, not just the filename. According to php.net, this is the right way to do it, don't use relative paths. Here is an example:
if(!$logged_in){
header("Location: http://exampledomain.com/index.php");
die("You are not logged_in");
}
Try using '/':
if(!$logged_in){
header("Location: /index.php");
die("You are not logged_in");
}
Without a slash, it is assumed that you're referring to something in the current directory. By sticking that slash at the front, you're explicitly referring to the file at the root of the site. Since the page is 'index.php', you could just as easily use "header('Location: /')".