This is a little script that supposed to redirect if someone came from a different page, but it's does not work.
It keeps redirecting to the form page.
Here's the code
<?php
define('FORM', 'form.html');
$referer = $_SERVER['HTTP_REFERER'];
// this keeps redirecting even when I came by submiting the form to this page
if ( $referer != FORM ) {
header('Location: ' .FORM);
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Testing 123</title>
</head>
<body>
<?php
$name = $_GET['name'];
$surname = $_GET['surname'];
echo 'hello'. $name. 'nice to see you here mr' .$surname;
?>
</body>
</html>
You could test if the user came from the "form page" by checking if a certain $_POST variable has been sent. For example you could try something like
if(isset($_POST['somehiddenvalue']) && $_POST['somehiddenvalue'] == $hiddenVal) {
// ok.
} else {
// redirect
}
The user will still be able to manipulate the Post variables, keep this in mind.
I suppose what is causing you trouble, is that you don't exit the script after calling header():
header('Location: ' . FORM);
exit;
Anyway you should consider checking for the required parameters, instead of relying on $_SERVER['HTTP_REFERER'], as sending the referrer-info may be disabled in the user's browser.
isset($_GET['name']) : $name = $_GET['name'] ? $name = null;
isset($_GET['surname']) : $surname = $_GET['surname'] ? $surname = null;
if (empty($name) || empty($surname)) {
header('Location: ' . FORM);
exit;
}
Additionally you should escape $_GET['name'] and $_GET['surname'] before outputting it!
Related
I just trying to get a value from the row, but it's not happening and I only get a notice which says:
Notice: Undefined index: sm_value in D:\xampp\htdocs_header.php on line 16
<?php
require "./conf/db.php"; // Additional data
session_start();
if (isset($_SESSION["UserID"])) {
}
else {
header('Location: login.php?=redirect');
}
// If user click to logout
if (isset($_GET["account"]) && $_GET['account'] == "logout") {
unset($_SESSION["UserID"]);
session_destroy();
header("Location: index.php"); // Redirect him/her to index.php
exit();
}
$name = mysqli_escape_string($mysqli, $_POST['sm_value']);
$GetTitle = $mysqli->query("select * from sm_options where sm_value='$name'");
$row = $GetTitle->fetch_array(MYSQLI_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $row['sm_name'];?></title>
....
Maybe something is wrong with the syntax? Or the method? How do I get the value?
The database looks like this:
I appreciate any kind of help :)
This happens when your form is not submitted yet.
So you need to add a condition before your statement, something like this:
if(!empty($_POST) and array_key_exists("sm_value", $_POST)) {
$name = mysqli_escape_string($mysqli, $_POST['sm_value']);
$GetTitle = $mysqli->query("select * from sm_options where sm_value='$name'");
$row = $GetTitle->fetch_array(MYSQLI_ASSOC);
// Every statement and HTML which is required under it when the value is not empty
}
else {
// An error message, when you say the details are not available.
}
I've fully functional website works fine on my site on my localhost wamp server but i upload the same file into the server on 1&1 the redirect does not work. the code is below
<?php require_once('../model/class.user.php'); ?>
<?php require_once('../model/class.person.php'); ?>
<?php require_once('../model/class.session.php'); ?>
<?php require_once('../model/class.loginrecord.php'); ?>
<?php require_once('../controller/general_functions.php'); ?>
<?php require_once('../controller/utility_functions.php'); ?>
<!DOCTYPE html>
<html lang="en">
<head>
if(isset($_POST['checkUser'])){
$usrnme = htmlspecialchars($_POST['un']);
$paswrd = htmlspecialchars($_POST['pwd']);
if(!empty($usrnme) && !empty($paswrd)){
//verify user credentials
$foundUser = User::verify(array($usrnme, $paswrd));
if($foundUser){ //if user found in DB
//$errors[] = "Username : found<br />";
$UID = $foundUser->id;
$userRole = $foundUser->role;
$userPersonID = $foundUser->person_id;//user_person_id has stored the reference to person's table
$ip = getenv('HTTP_CLIENT_IP')?:
getenv('HTTP_X_FORWARDED_FOR')?:
getenv('HTTP_X_FORWARDED')?:
getenv('HTTP_FORWARDED_FOR')?:
getenv('HTTP_FORWARDED')?:
getenv('REMOTE_ADDR')?: "UNKNOWN";
LoginRecord::save(array(null, $foundUser->id, getCurrentDateTime(), $ip));
$findPerson = Person::findByID($userPersonID);//find the user based on the
$userFN = Person::fullName($findPerson);//find the full name of the person
$session->setValues(md5('loginStatus'), encrypt('true'));
$session->setValues(md5('userID'), encrypt($UID));
$session->setValues(md5('userFullName'), encrypt($userFN));
if($userRole == ROLE_ADCMIN)
{
$session->setValues(md5('role'), encrypt(ROLE_ADCMIN));
redirectTO('admin/dashboard.php');
}
elseif ($userRole == ROLE_AGENT)
{
$session->setValues(md5('role'), encrypt(ROLE_AGENT));
redirectTO('agent/index.php');
}
elseif ($userRole == ROLE_OTHER)
{
redirectTO('superuser/index.php');
}
} else {
$errors[] = "Sorry Username/Password not valid <br />";
}//end if($foundUser)
} else {
$errors[] = "Text fields are empty.";
}
}
the function that redirect the page is below:
function redirectTO($url = null){
if($url != null){
header("Location:{$url}");
exit();
}
}
I've everything i could but it just does not work show blank page... can you please help me get out of this mess... do you have any idea?
Regards
use <?php ob_start(); ?> at the very start of the page and use <?php ob_end_flush(); ?> at the very end of the page.
It looks as though you are trying to redirect AFTER you have already outputted data. Headers must be sent before any output is sent to the browser.
Your HTML here:
<!DOCTYPE html>
<html lang="en">
<head>
is being outputted before your redirectTo function is called.
Also, you are missing an opening PHP tag after your HTML.
May be use only $url .. don't set $url=null
function redirectTO($url){
if($url != null){
header("Location:{$url}");
exit();
}
}
let me know if it works ..
I have this code here and I noticed when I changed the value to something else. I have to refresh the page not once but twice in order to see the new value.
Is this related to HTTP headers and super globals? or something why do I have to refresh twice to see the new value why is not one refresh? I've tried reading similar questions on other threads but still not clear on this manner as far why? and what's doing. Can someone give me a clear explanation, thank you.
<?php
$name = "test";
$value = "hello";
$expire = time() + (60*60*24*7);
setcookie($name, $value, $expire);
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>PHP</title>
</head>
<body>
<?php
$test = isset($_COOKIE["test"]) ? $_COOKIE["test"] : "";
echo $test;
?>
</body>
so If I change the value to say 500 then I have to refresh twice to see the new value on the page.
The answer is here https://stackoverflow.com/a/17085896/2243372 .
Try to refresh your page programmatically. Example:
<?php
if (isset($_COOKIE['test'])) {
echo 'COOKIE = ', $_COOKIE['test'];
} else {
setcookie('test', 'my-cookie-value', strtotime('+1 day'));
if ( ! isset($_GET['setcookie'])) {
header('Refresh: 0; url=?setcookie=done');
} else {
echo 'Your browser does not accept cookies!';
}
}
I'm trying to write a php script that checks the language(which is defined by the language function in $language) for a value and if user requests any address, www.example.com/foo/bar/data.php?=foobar it will redirect him by http refresh or redirect or header location(not preferable) to subdomain.example.com/$1 ($1 as in the same original requested address).
something like this but without the header location:
<?php if ($language == "en") { header ("Location: http://"$language".example.com/"$1""); } ?>
this does not work, also I get an error in the log "header already sent by another file" which is another script I got running and cannot change the code.
So, what I need is a script that reads the variable and according to its value it will redirect the user to the appropriate subdomain.
Hi you can echo a javascript code that contains redirection. Try this one.
<?php
if($language === "en"){
echo "<script type='text/javascript'> document.location = 'http://' . $language . '.example.com/' . $1; </script>";
}
?>
This code works most for me compared to header('Location: etc...').
<?php
// Language detection code
// ...
if ('en' === $language)
{
header('Location: http://' . $language . '.example.com' . $_SERVER['REQUEST_URI']);
exit();
}
If you really can't change the code from the other file, you'll need to make an html redirection instead.
<?php
// Language detection code
// ...
if ('en' === $language)
{
$url = 'http://' . $language . '.example.com' . $_SERVER['REQUEST_URI'];
echo <<<EOF
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Refresh" content="0; url={$url}" />
</head>
<body></body>
</html>
EOF;
exit();
}
I am creating a social network website where each user has his own profile, but there is a problem when I log in, the profile page does not appear. I used cookies and sessions I did lot of research about the problem but without any success, so I think that the problem is in the cookies. I do not know how to fix it; if anyone can help me, I will appreciate that.
profile.php
<?php
ob_start();
require_once('for members/scripts/global.php');
if($logged == 1){
echo("you need to be loged in to view profiles");
exit();
}
if(isset($_GET['id'])){
$id=$_GET['id'];
$id= preg_replace("#[^0-9]#","",$id);
}else{
$id=$_SESSION['id'];
}
//collect member information
$query = mysql_query("SELECT * FROM members WHERE id='$id'LIMIT 1") or die("could not collect user information ");
$count_mem = mysql_num_rows($query);
if($count_mem == 0){
echo("the user does not exit");
exit();
}
while($row = mysql_fetch_array($query)){
$username = $row['username'];
$fname = $row['firstname'];
$lname = $row['lastname'];
$profile_id= $row['id'];
if($session_id == $profile_id){
$owner = true;
}else{
$owner = false;
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title><?php print("$fname"); ?> <?php print("$lname"); ?>'s profile</title>
<link href="style/stylesheet.css" type="text/css"/>
</head>
<body>
<div class="container center">
<h1><?php print("$username"); ?></h1>
<?php
if($owner == true ){
header("Location: profile.php");
?>
<!--
edit profile<br />
account settings<br />
-->
<?php
}else{
header("Location: index.php");
?>
<!--
private message<br />
add as friend<br />
-->
<?php
}
?>
</div>
</body>
</html>
<?php flush(); ?>
If you need other related code, let me know. Thank you.
There are quite a few things wrong with the code that you have displayed. For starters, Do not use mysql_ functions. From the PHP manual
This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used.
Secondly, your header redirects are imbedded in your HTML, which is bad practice and you've only been saved by ob_start(). With that though, you have a conditional that will either redirect to 'profile.php' or 'index.php', be lucky you get redirected to 'index.php', otherwise you'd have a forever self-redirecting page.
I can't see if/where you ever set the variable $session_id, but from what can be seen, it's null and will never == $profile_id, so $owner will always be false.
With that, you have a while loop while fetching one row...remove it, no need for it.
Now for some of the logic in your code. If you have to be the profile owner in order to view it, check that immediately after your query, and if not the owner, header("Location: index.php"); die; and don't have an else, anything following it means that it's the profile owner viewing the page.
Also, you need to make sure session_start(); is at the top of the page if you plan on using the session variables. You have ob_start(); up there, but at the end you call flush(). Read up on ob_start() and call the proper flush function for the buffer you started.