So, I consolidated various php login files from here into one file.
to consolidate it to one file, I append the url, and do different things based off of what is appended.
This works locally but not on my remote server.
Anyway...
At the top of my 'consolidated' file I have
session_start();
This is the only time I have a session_start(). The rest of my post.php code looks like this:
if(isset($_GET['app1'])){
...do stuff
header("location:post.php?app2");
exit();
}
if(isset($_GET['app2'])){
...do other stuff
header("location:post.php?app3");
exit();
}
Locally, if I start at post.php?app1, it will go to post.php?app2 and work fine, but on the remote server it just gets stuck (no redirect). Does anyone know why?
maybe these happen because there was a code that provide an output before trying to redirect.
try add buffer function in your 'consolidated'file.
ob_start();
session_start();
Related
Using PHP 7.1, MySQL, HTML5 Using localhost at present, I wanted to set-up a redirect from each webpage if the user is not logged in, to return to the login page login.php.
So I added the following include header.php to all of my PHP files
<!-- header.php
on all webpages, checks if user logged in, redirects to login.php if NOT
https://stackoverflow.com/questions/29202153/how-to-redirect-users-to-login-page-if-they-havent-logged-in
-->
<?php
session_start();
if(empty($_SESSION["username"])){ /* IF NO USERNAME REGISTERED TO THE SESSION VARIABLE */
header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
}
?>
I am now getting the error
localhost redirected you too many times.
Having cleared all my cookies as recommended and rebooted my system, and I have removed the call to header.php from about 40 php files, it is still a problem.
I should say that it worked 100% until I edited my approximately 40th PHP file to add
<?php require('header.php'); ?>
Then the error was displayed in the chrome browser as follows.
This page isn’t working
localhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS
I can add the header.php to less files in the future i.e. by adding to a higher level php file.
how do I fix the error so I can continue to develop and
what change do I make to the code to prevent the error in the future.
I assume the system is now in an infinite loop, which needs to be cleared
I am desperate for a quick solution so any help would be much appreciated, I will continue looking for a solution in the meantime.
Many Thanks in advance, Colin
The code after header('Location: login.php') is still being executed unless you know what you are doing always exit() after a Location header as this is much more secure.
Also, you can change the require to avoid a double include (that would cause this problem)
<?php require_once('header.php'); ?>
However this more of a patch than a code logic fix.
A better solution would be to do something like the following:
#header.php
if(!defined('TO_LOGIN')){
define('TO_LOGIN', true);
header("Location: login.php");
exit();
} else {
trigger_error('Another request to "login.php". debug: <pre>' . print_r(debug_backtrace(), true) . '</pre>');
}
Because if a client does not have cookies enabled, this would never cause the code to loop.
I have solved the problem, my file header.php (used to check if user logged in and call login.php if NOT logged in) was calling login.php
header.php
called login.php
called header-loginregister.php
called header.php
so it was creating an infinite loop, I need to be careful where I place the include header.php call to avoid this mistake in the future.
So indirectly login.php was calling itself via header-loginregister.php and header.php
Thanks for all the comments on how to improve the code which I will implement.
Say I have two html files called html1 and html2. html1 contains an embedded swf file.
Now what I want is that the user can not go to html2 directly via url. He has to click it through the link in the swf in html1. Is there a way to achieve this?
If not possible in html, is it possible with php?
Thanks
EDIT:
After answer from John, I went ahead and tried his advice, but I can never access the file2.php, even if I have been to file1.php before. It keeps redirecting me back to file1.php, even when it should not.
My code from file1.php
//file1.php
<?php
session_start();
$_SESSION['enableAccessTill']=strtotime("+5 minutes");
?>
Here is file2.php
//file2.php
<?php
session_start();
if(!isset($_SESSION['enableAccessTil'])||$_SESSION['enableAccessTil']<time())
{
header("Location: indexFLA.php");
exit;
}
?>
what am I possibly doing wrong?
found it, it was due to a misspelling - "enableAccessTil" and "enableAccessTill"
professional solution:
create protected directory and make .htaccess file in directory and copy all embedded and partial files into directory.
this directory not accessible whit get url.
but you can include file whit php include and require method.
.htaccess content:
deny from all
This wont be possible in just plain html.
An easy way to do this is php is by setting a session variable in file 1, and test in file 2 it the users has been to file 1.
file1:
<?php
session_start();
$_SESSION['enableAccessTill'] = strtotime("+5 minutes"); //set the time here till when the user has access
[...]
file2
<?php
session_start();
if(!isset( $_SESSION['enableAccessTill'] ) || $_SESSION['enableAccessTill'] < time() ){ //If time is expired
header("Location: file1.php"); //redirect user to the first file
exit;
}
[...] //continue your script here.
Things with referrer check do usually fail (some browsers/firewalls blocking that variable).
Based on the options you described, it would sound most reasonable to make the html2 a php script and check that the referrer is the html1 file. The script should display the normal html1 content if that is the case, or an error message otherwise.
A sneaky user could still get around this if they knew what was going on, but it should be fine for the majority of your audience.
Possible with php.
At index.php you must write
<?php
define('START', true);
include 'file.php';
At file.php need write
<?php defined('START) or die('Direct access!!'); ?>
<embed> your swf file embed
This way you will prevent direct access
You could do it with PHP by using session variables. Start the session in html1. Check for the session in html2. If it exists, display html2. If it does not, don't display html2. In either case, destroy the session in html2.
well is posible with html you has two options one is cookies and the other is local storage in html5
localStorage.hasClick = true;
alert(localStorage.hasClick);
http://www.html5rocks.com/en/features/storage
but obviously the straightforward solution is php / c# / ruby / etc...
//when I said html i refer to use only client side html/javascript
I've never seen this before, and am not even really sure I can explain it properly, but I desperately need a solution.
My website uses header and footer files. When you access the files directly from the browser, they work fine. But when I access them through another file using the "include" function, the queries on the files do not work.
In my case, the header and footer files need to establish whether or not the viewer is logged in. And the files work just fine on their own. If I access the files directly through the browser (by address: website/html/header.php), the queries function and the results are correct.
If I go to my index.php page, which uses: include("$webpath/html/header.php"); the queries in the header.php file do not return the correct data.
I've just recently transferred the website to a new webhost. The files were working just fine on the previous webhost, so I'm assuming it's a setting or something in the webhost? Althought I don't see anything relating to that in my control panel, and the webhost swears that it should function properly.
Any ideas? I would greatly appreciate any input.
You could always do:
<?php
function loadContent($file){
if(!file_exists($file)){die($file.' not found.');}
ob_start();
require($file);
$return = ob_get_contents();
ob_end_clean();
return $return;
}
echo loadContent("$webpath/html/header.php");
?>
After the php script is over, how do I go to another html page?
Why would you want to do that? When the page is over (which I understand as the script ended execution), it is usually sent to the client and then it can be viewed by the user. So, basically, what you are trying to do is to redirect the user after the script stopped executing.
If so, you have two solutions available:
Do not output anything, and after your script stopped executing, use the header() PHP function:
header('Location: http://example.com/some/url');
where you should replace the example URL with your own.
If you are outputting the HTML page and sending it gradually to the user, you can just put JavaScript redirection script at the end of the page (so after everything has been sent):
<script>
window.location = 'http://example.com/some/url';
</script>
Does any of these solutions work for you?
header('Location: /page.html');
Make sure you don't output anything else, then simply
header('Location: http://www.example.com/');
I have been working on a website and had the following code...
<html>
<?php
session_start();
//if not logged redirect
if(!$_SESSION['logged']){
header("location:restricted.php");
}
else
//else continue and display the rest of the page
{
//html page content here
?>
...obviously what this does is check if session variable 'logged' is set and if not the user will be redirected to restricted.php, otherwise the rest of the code (this page)will be diaplayed.
This was on a server working fine, but I have just gone with an alternative host (and obviously server) and if the session is not set, the user simply has a blank white page (which is titled with this page, not restricted.php).
Does anybody have any idea why this is happening?
Thanks very, very much in advance...
You cannot output anything to browser before calling session_start() - it must come before all output, otherwise an error will be throw - Headers already sent
Correct way:
<?php
session_start();
//if not logged redirect
if(!$_SESSION['logged']){
header("location:restricted.php");
}
else
//else continue and display the rest of the page
{
//html page content here
?>
<html>
It could not have worked in the first place, though!
The problem is, that you send output before you start the session, by having the "" output before starting the session.
You should set the php-block in front of everything (which also makes the else-branch obsolete, because you get redirected before content is displayed.
So the code is then:
<?php
session_start();
if(!$_SESSION['logged']){
header("location:restricted.php");
}
?>
<html>
<!-- This is only visible if you're logged in! -->
Maybe you can compare the Session variable with NULL may be it will be more clear.
And don't forget to put your session_start(); before anything else on your page.
Thanks every1 it worked...i know it sounds a bit wierd, but on the old server it did actually work with the HTML before the session_start(). I did it on dreamweaver and it had all the usual rubbish dreamweaver puts in:
...and if a moved this BELOW the session start it was a blank page, now its the other way round, it does let me put it below and works fine...wierd i know.
Thanks again for all the replies :)
Since your site is not configured to display error messages in the browser itself, you need to check PHP's error_log to learn exactly what the error is.
Many shared hosts provide a method for viewing error logs, or at least showing you where they're located from with your hosting account panel. If you have ssh access you can find the path to this file with:
$ php -i | grep error_log
Alternatively you can create a PHP file on your server with the following:
<?php
phpinfo();
and then load that file in your browser and look for the error_log configuration setting.
With the path to your error_log, if you have ssh access to your account you can enter
tail -f /path/to/your/error_log
While the above command is running, load the webpage showing the blank page. Your terminal will dump the contents of the error_log as it's updated. If you don't have ssh access, it's possible your host provides a method for viewing errors generated by PHP for your site.
Only then will you have the information you need to fix whatever is causing the blank page.