so I made a simple user log in website, and I want to set a cookie so that when they come back to the website, it will take them to the members area and not the main page, kind of like a "remember me" function that redirects users to a members area if a cookie is set.
Problem I am facing: The php code right before the html code does not redirect to the member.php page even though the cookie is set!
Note: I'm just using parts of the code, and not the entire code/ other files to simplify the question.
here's my code:
main.php (this is the main page, and also where the log-in form is, but log in form is not shown)
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<?php
//Checks if there is a login cookie
if(isset($_COOKIE["blablabla"])) //if cookie is set
{
header("Location: www.website.com/member.php"); //redirect to member.php
}
else
{
//otherwise, redirect to nocookiefound.php
header("Location: www.website.com/nocookiefound.php");
}
?>
<html>
<body>
<?php
echo "Welcome " . $_COOKIE["blablabla"] . "!<br />";
//I ran a echo test to see if cookie is still there, and it is.
?>
</body>
</html>
So my question is, can my redirect work the way it is?
I must be doing something wrong because it's not redirecting to member.php even though the cookie echos the correct value.
So, if i was originally in the members.php page after I logged in, then go back to main.php, it SHOULD redirect me to members.php, but it doesn't, it just stays at main.php. Anyone know what's going on? I would appreciate all the help I can get. Thanks
The PHP code should be the first thing on the page, as you're sending a redirect "Header". Move it to before the Doctype declaration.
As well as what #Dogbert says, your redirection is invalid. Try:
header("Location: http://www.website.com/member.php");
In addition to the other answers, put an exit(); after the header lines. It's possible to write a script that ignores headers, hence running the other code inadvertently.
People often use headers to protect admin areas without realising that.
Related
I have a page named "booking.inc.php" inside a folder marked "Private". Here is the PHP code I wrote to prevent someone accessing the page by typing in the URL unless they click a button with the attribute "submit" and the name "book"...
<?php
if (isset($_POST['book'])) {
echo "It works!";
}
else {
header("location: ../index.php");
}
The HTML page is named "booking.php" and is not in the Private folder.
<!DOCTYPE html>
<html>
<head>
<?php require "header.php" ?>
<title>My Website</title>
</head>
<body>
<form action="private/booking.inc.php" method="post">
<input type="text">
<input type="text">
<button type="submit" name="book">Submit</button>
</form>
</body>
</html>
When I enter in some text into the form and click "submit", I just get a white page and nothing else. No echo statement that says, "It works!" Also, when I type in the path into the browser to get to booking.inc.php, I also just get a blank white page instead of being directed to index.php.
What am I doing wrong?
is this what you're looking for ? if someone try to access "booking.inc.php" directly the code will redirect them to another location.Use the code on the top of "booking.inc.php".
if(!isset($_SERVER['HTTP_REFERER'])){
// redirect them to another uri
header('location:../somefile.php');
exit;
}
"private" directory
The private directory you created is not private in any way. It is just a sub-directory. Therefor I recommend not choosing this name.
single template
You have all the options but you might consider not creating a new file at all. If you choose so you could just send the action to the same file and handle the request accordingly depending on if it's a GET of POST request. This would semantically handle the booking template. It could even allow you to render the page again, if some information was wrong and refill the form with the previously set values handling the error with grace.
redirect
I'm not 100% on this matter, but the redirect might be fine; just that it does not work on your setup. As far as I know you might not receive any headers when using localhost.
If you put a echo "You got blocked"; in there instead of the header it should work. There are other ways of redirection, but you should be fine on a dedicated web server.
security
If you think this check will somehow secure your form submission, you're wrong. This check is not sufficient if the form is supposed to be secure.
As the name of the file is booking.inc.php I assume it might handle some users actions leading to a sale and should therefor be secured! If that is what you're actually asking the techniques you should have a look for are listed in the prevention section of the CSRF Wikipedia article.
I want to redirect page (index.php) to new url (user.php) after logging in.
after I verify users data from my form I want to redirect user to new file called user.php
and I use for that:
header("Location: user.php");
after that page doesn't redirect but reload body content to content of user.php
so user is still on index.php and user.php doesn't work properly.
It's appears only on my new server.
I tested it on koding.io and it was ok.
I tried to use
ob_start();
and
ob_end_flush();
but it does not work
thank you for answers
Try this
header("Location: user.php");
exit;
Be sure that your PHP code does not output any response before this otherwise you will receive headers already sent message.
i got answer for my question!
problem was with jQuery mobile which I use here...
"In jQuery Mobile, form submissions are automatically handled using Ajax whenever possible..."
I had to add data-ajax="false" to my form:
<form data-ajax="false" action="php/login.php" method="post">
and this does the job!!!
Thank you for help!
I'm new at HTML/PHP and a doubt just came to my mind while developing a simple system to the company I work for.
After the user fill an HTML form and save it, I have a php page that saves the previous form information in my MySQL database. This PHP page displays a message if tha data has been saved correctly and after 5 seconds it redirects the user to my index.php. I used php header function to countdown the 5 seconds and redirect the user to index.php:
header("refresh:5,url= index.php"); /* Redirect browser */
That works perfectly on Google Chrome, but on IE it seems like it just understand the "refresh" part and completely ignore the "url" redirect, because it just refresh the current page, which gives me a few errors, of course.
My doubt is: php header function has compatibility problems with IE11 (or vice versa)? I know that I can use HTML to do the same thing, but is there a way to make the "url" from php header function works with IE11?
Thanks.
you can use it to refresh page
<meta http-equiv="refresh" content="30; ,URL=http://www.metatags.info/login">
please use like this as suggested below
echo '<meta http-equiv="refresh" content="30; ,URL=http://www.metatags.info/login">'
That's not how you redirect in PHP (it's actually how you redirect in HTML, which isn't the same thing). Try;
header("Location: index.php");
I have a site that displays two different versions of a navigation section depending on if a user is logged in or not.
<?php
if(isset($_SESSION['myusername'])){
echo 'Log Out';
}else{
echo 'Sign Up';
}
?>
The problem happens when a user is logged in and then closes the browser without logging out (and assuming they don't clear cache/cookies on browser exit).
When they open their browser later and come back to the site, the navigation displays as if they're not logged in. If they then click a link elsewhere on the site, i.e. My Account, the navigation then changes to show that they are logged in.
Any ideas what could be causing this? I'd like the navigation to show that they're logged in immediately upon coming back to the site.
First thing, check session_start() appears on your pages before any html, even the !DOCTYPE rule.
Now, on your index page add this:
<?php
session_start();
if(isset($_SESSION['username'])){
header("location: home.php"); // or whatever page you want your users to be redirected to...
}else {
?>
// here your html page should start
<html><head></head><body>
// all the DOM elements on your page
</body></html>
<?php
} // closing end of the else block started above
?>
Must be as below.
ob_start();
session_start();
//code to check session and other
ob_start() is for omitting header already sent error.
I wanted to popup an alert box. After that, the site would redirect to main page. But, it seems that it directly redirect to the mainpage without alerting anything.
if($registerquery)
{
?>
<script>alert('received!')</script>
<?php
}
header("Location: mainpage.php");
exit();
?>
I wanted to do this to ensure users that the process of submission ended successfully. How can i alert something before the page redirect to mainpage and more importantly what causes this? I think the page should not have redirected before the alert box.(Before these codes, site registers what users submitted but not relevant i guess.)Thanks
You just can't do this. PHP is server-side, JS is client-side. Using a location header is server-side, so the browser never gets the JS.
Instead, try something more like:
if( $registerquery)
echo "<script>alert('received!'); location.href='mainpage.php';</script>";
and remove the header bit altogether.