Lets say I have a website abc.com/redirect.php which has an anchor tag which links blank to xyz.com/landing.php.
I want to check if the xyz.com/landing.php is opened only through abc.com/redirect.php .
Get parameters are not allowed as someone may copy it on their website. HTTP referer header is not reliable and is not working in this case.
You can use cookie or session.
Example via cookie
<?php
// redirect.php
if(isset($_COOKIE['visited'])) {
header('Location: xyz.com/landing.php');
}
setcookie('visited', '1');
?>
Example via sesion:
<?php
// redirect.php
session_start();
if(isset($_SESSION['visited'])) {
header('Location: xyz.com/landing.php');
}
$_SESSION['visited'] = 1;
?>
For checking referrer on xyz.com/landing.php you can use global $_SERVER variable. For example:
<?php
// landing.php
if($_SERVER['HTTP_REFERER'] == "http://example.com/redirect.php") {
// do something
}
?>
Script:
https://example.com/docs/index.php
In index.php, I have the following code:
header('Location: page2.php');
However, instead of opening page2.php, the following URL is opened:
https://example.com/docs/index.php/page2.php
If I put an absolute URL, everything works.
Why is this happening?
Is there any workaround so that I don't have to use an absolute URL?
<?php
/* Redirect to a different page in the current directory that was requested */
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/$extra");
exit;
?>
http://php.net/manual/en/function.header.php
The following header function is not working. I ma trying to go to login if the user is not logged in -
<?PHP
if (logged_in() === false) {
header('Location: login.php');
}
?>
However if I do -
<?PHP
if (logged_in() === false) {
echo"No user is logged in";
}
?>
It does echo it and I can see that it says no user is logged in
It is basically just checking if there is a user logged in
function logged_in() {
return (isset($_SESSION['user_id'])) ? true : false;
}
Try to put exit() or die() after the header like
if (logged_in() === false) {
header('Location: login.php');
exit(); //or die();
}
But makesure that your login.php should be in the same folder
Make sure that there is no output(white-space also) in your code.
you can use ob_start() and ob_end_flush() to clear out-put.
<?php ob_start();
// code
ob_end_flush(); ?>
You probably need to include the fully qualified domain and path to the new url. There is a note on the official documentation for the header function indicating as such.
Note:
HTTP/1.1 requires an absolute URI as argument to » Location: including
the scheme, hostname and absolute path, but some clients accept
relative URIs. You can usually use $_SERVER['HTTP_HOST'],
$_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a
relative one yourself:
This note also contains the following code sample.
<?php
/* Redirect to a different page in the current directory that was requested */
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'login.php';
header("Location: http://$host$uri/$extra");
exit;
?>
I'm currently working on a mobile site with authentication using PHP sessions with a database.
I have a login page with a form that goes to server_login.php on submit. The php file then creates some session data (store in $_SESSION), and redirects the user back to the index page:
header("location:../../index.php");
The new web page (index.php) loads correctly; however, when the header redirects the page, the URL at the address bar is not changed; it stays at *http://localhost/php/server/server_login.php* instead of http://localhost/index.php and thus all my other resources that makes use of relative pathing could not be loaded. It's as if the web page still thinks that it resides at /php/server instead of /.
Strangely, my other use of header("location: ...") at logout.php works and redirects the page successfully with a URL change.
I've made sure that there are no outputs in my *server_login.php* before the header redirect (above it are just mysql calls to check) and I've used ob_start() and ob_end_flush() too.
Are there any methods of forcing the URL on the address bar to change (and thus hopefully fix the relative path problem)? Or am I doing something wrong?
P/S: I am using jQuery Mobile.
EDIT: Here's my code for the redirection that doesn't change the URL:
// some other stuff not shown
$sql = "SELECT * FROM $user_table WHERE email = '$myemail' AND password = '$mypassword'";
$login_result = mysql_query($sql, $connection);
$count = mysql_num_rows($login_result);
if ($count == 1) {
// Successfully verified login information
session_start();
if (!isset($_SESSION['is_logged_in'])) {
$_SESSION['is_logged_in'] = 1;
}
if (!isset($_SESSION['email'])) {
$_SESSION['email'] = $myemail;
}
if (!isset($_SESSION['password'])) {
$_SESSION['password'] = $mypassword;
}
// Register user's name and ID
if ((!isset($_SESSION['name'])) && (!isset($_SESSION['user_id']))) {
$row = mysql_fetch_assoc($login_result);
$_SESSION['name'] = $row['name'];
$_SESSION['user_id'] = $row['user_id'];
}
header("Location: http://localhost:8080/meet2eat/index.php");
} else {
// Not logged in. Redirect back to login page
header("Location: http://localhost:8080/meet2eat/php/login.php?err=1");
}
Try changing:
header("Location : blabla")
^
|
(whitespace)
To
header("Location: blabla")
Well, if the server sends a correct redirection header, the browser redirects and therefore "changes the url". It might be a browser issue, then.
I don't know if it has anything to do with it, but you should not send a relative url in the location header ("HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. ", http://php.net/manual/en/function.header.php), and "location" must be capitalized, like:
header('Location: http://myhost.com/mypage.php');
In your form element add data-ajax="false". I had the same problem using jquery mobile.
Do not use any white space. I had the same issue. Then I removed white space like:
header("location:index.php"); or header('location:index.php');
Then it worked.
you may want to put a break; after your location:
header("HTTP/1.1 301 Moved Permanently");
header('Location: '. $YourArrayName["YourURL"] );
break;
I had the same problem with posting a form. What I did was that turning off the data-ajax.
Are you sure the page you are redirecting too doesn't have a redirection within that if no session data is found? That could be your problem
Also yes always add whitespace like #Peter O suggested.
I got a solution for you, Why dont you rather use Explode if your url is something like
Url-> website.com/test/blog.php
$StringExplo=explode("/",$_SERVER['REQUEST_URI']);
$HeadTo=$StringExplo[0]."/Index.php";
Header("Location: ".$HeadTo);
Just change home to your liking
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/home';
header('Location: ' . $home_url);
// Register user's name and ID
if ((!isset($_SESSION['name'])) && (!isset($_SESSION['user_id']))) {
$row = mysql_fetch_assoc($login_result);
$_SESSION['name'] = $row['name'];
$_SESSION['user_id'] = $row['user_id'];
}
header("Location: http://localhost:8080/meet2eat/index.php");
change to
// Register user's name and ID
if ((!isset($_SESSION['name'])) && (!isset($_SESSION['user_id']))) {
$row = mysql_fetch_assoc($login_result);
$_SESSION['name'] = $row['name'];
$_SESSION['user_id'] = $row['user_id'];
header("Location: http://localhost:8080/meet2eat/index.php");
}
As "cfphpflex" suggested you can add break; after setting the header. You can also echo something, such as echo 'test';.
Add exit at the end of header then it will work
header("location:index.php"); or header('location:index.php'); exit;
You are suppose to use it like header(Location:../index.php) if it in another folder
use
header("Location: index.php"); //this work in my site
read more on header() at php documentation.
why all of this location url?
http://localhost:8080/meet2eat/index.php
you can just use
index.php
if the php files are in the same folder and this is better because if you want to host the files
or change the port you will have no problem reaching this URL.
hi i just dont understand why my code is not working. i am using yahoo server for my site.
This is my logout code.(which is successfully run on localhost) but when i upload this code online then its not work. plz help
<?php
//logout code
include("../Config.php");
if (!isset ($_SESSION['username']))
{
header( 'HTTP/1.1 301 Moved Permanently' );
header('Location: ../index.php');
if (!headers_sent())
{
header('Location: http://www.mysite.com/index.php');
exit;
}
}
else
{
$_SESSION = array();
session_destroy();
session_unset();
header( 'HTTP/1.1 301 Moved Permanently' );
header('Location: ../index.php');
if (!headers_sent())
{
header('Location: http://www.mysite.com/index.php');
exit;
}
}
?>
the config.php file includes session code (like start session)
You need to use the full URI in the header, and I recommend to use exit() right after the location header. There is no need for the 301 header for a simple log out.
And don't use the closing tag in php. If it is working on your system, it looks, there is some output (maybe just an empty line) in at least one of your php files (before the starting php tag, or after the closing php tag), and it seems that output buffering is enabled in your PHP, which work around this error, but disabled on the production server.
Try this:
<?php
// for debugging purposes only, don't use on production server (just for debugging)
error_reporting(E_ALL);
ini_set('display_errors', 1);
//logout code
include("../Config.php");
if (isset($_SESSION['username']))
session_destroy();
header('Location: http://www.mysite.com/index.php');
exit;
echo '<script type="text/javascript">
function delayer(){
window.location = "../index.php"
}
setTimeout("delayer()", 1000);
</script>';
You could put this instead of header
This will work
<script type="text/javascript">
window.location="http://www.newlocation.com";
</script>