Where do you use the command header()?
I have the following code at handlers/handle_login.php. The user has gone to the site from index.php which is the starting place.
if(!$logged_in){
header("Location: index.php");
die("You are not logged_in");
}
If if-clause is true, I get a 404 error, since the header puts me to to handlers/index.php, instead of index.php.
While I agree with nilamo and earl, I hope I can give a bigger picture:
Using relative paths can have very strange effects depending on where the browser
'thinks' it is in your site hierarchy. For example, assume the site has an index file '/index.php' but is configured to accept module and action in the URI path. You may very well have a url that looks like:
http://www.yoursite.com/forms/contact/
From this situation, returning a header like:
header("Location: index.php");
may very well cause the browser to try to request
http://www.yoursite.com/forms/contact/index.php
which is obviously not what you want. For this reason, it's generally better to use '/index.php' as recommended above, or even better use the fully qualified URL when possible.
Hope this helps.
Set the location to the complete URL of the index.php, not just the filename. According to php.net, this is the right way to do it, don't use relative paths. Here is an example:
if(!$logged_in){
header("Location: http://exampledomain.com/index.php");
die("You are not logged_in");
}
Try using '/':
if(!$logged_in){
header("Location: /index.php");
die("You are not logged_in");
}
Without a slash, it is assumed that you're referring to something in the current directory. By sticking that slash at the front, you're explicitly referring to the file at the root of the site. Since the page is 'index.php', you could just as easily use "header('Location: /')".
Related
So, I made a simple PHP login, but when I tried to redirect like this:
$path = $_SERVER["DOCUMENT_ROOT"];
header("Location: $path/admin/index.php");
it seemed like it did nothing, but after I refreshed the page I was logged in.
After I changed my code to this:
header("Location: ../admin/index.php");
it works.
Could someone please explain this to me?
Ps. sorry for my bad english
The header is sent to the browser, so it is not an internal server maneuver. And with it not being an internal redirect, you don't deal with internal paths. When you use DOCUMENT_ROOT you will get the internal server path to the directory where your files are located.
If you want to reference the root of the site as a URL, just use /.
header("Location: /admin/index.php");
header("Location: /"); # go to homepage, for example
Your .. worked because you probably were on a subdirectory, and .. was translated to the parent directory which is where admin is.
$_SERVER["DOCUMENT_ROOT"];
returns path like /var/www/html/yourfolder/, but you have to redirect to website.com/yourfolder/ or localhost/yourfolder/.
hence that won't work.
Have you tried printing the value of $path?
the value of $path is relative to the actual file location
e.g. $path = '/c/inetpub/sites/example/main/'
You probably wanted something like '/c/inetpub/sites/example/' or '/c/inetpub/sites/example/main/..'
I have the following code in my index.php page:
<?php include("/includes/widgets.php") ?>
And in my widgets.php page:
<?php
header("Location: /");
?>
What I want to achieve with this is to redirect it if the user visits it, but allow it for including.
But I get the following error:
The webpage has a redirect loop
How can I fix/prevent the redirect loop, but still redirect the user and not the server.
Place the widgets.php file in a folder not accessible to HTTP clients. I.e on apache webserver, either put it above your document root (into it's parent) or use .htaccess file to block users from it.
e.g.
deny from all
I think I know what you need :)
Change code index file to next
define("IS_INDEX", true);
include("/includes/widgets.php"
Change code for widgets.php to next
if (!defined("IS_INDEX")) {
header("Location: /");
exit();
}
The issue is you are redirecting back to the same page, which then redirect again, and again, and again.
An easy fix would be to wrap the redirect in an if, and only redirect if they aren't already on the index page; but this is just patching what looks like an architectural problem.
Something like:
if (ltrim($_SERVER['REQUEST_URI'], '/') != 'index.php')
header('Location: index.php');
One way is to check if __FILE__, which is the file loaded, regardless of included or not matches up with the file requested which is in $_SERVER['REQUEST_URI'] (or $_SERVER['PHP_SELF']).
I use this on our development site in a page that is usually included to get the output as debugging.
if(basename($_SERVER['PHP_SELF'])===basename(__FILE__)){
//do some debugging
}
Typically you wouldn't use basename, but this is on a non-public facing development site and the file has a pretty unique name so I'm not worried about the file being included with another file with the same name or anything.
One possible way is to add a parameter to the redirection, e.g.
if (!$_REQUEST['redirect'])
header("Location: /ìndex.php?redirect=1");
That way redirection can happen only once.
Another way is to stop redirection if the user already is on the /. I´d suggest to combine both.
This is a simple question which makes it painfully obvious that I need to take a php class...
I have as the first part of a an if / else statement that reads:
if (is_user_logged_in()){
//echo "user is signed in<P>";
header("Location: user-homepage.php");
so if the user is logged in and clicks a link that directs to /register.php, they should instead be redirected to the user-homepage.php.
What happens is they are directed instead directed to /register.php/user-homepage.php
My code is adding /user-homepage.php to the address instead of replacing /register.php with /user-homepage.php
What have I done wrong?
Use an absolute path rather than a relative one:
header("Location: /user-homepage.php");
Try:
header("Location: http://your_domain.com/user-homepage.php");
The PHP manual says to use Absolute URLs.
You have used a relative file path. Try adding a forward slash to make it relative to the domain root.
header("Location: /user-homepage.php");
As given in section 14.30 of RFC 2616, "HTTP 1.1", use an absolute URL in the Location header.
I'm using this code ...
<?php
if (isset($_POST['submitButton'])) {
mysql_query("UPDATE notes SET Note=('$_POST[note]')
WHERE UserID='19'");
mysql_close($con);
header('Location: editrem3.htm'); //clears POST
}
?>
How do I redirect the page after the user clicks on submit and the data has been posted?
First, make sure that you are entering into the if() condition by echo ing something inside the if() block.
If it's working correct, then make sure that you've sent NOTHING before the header() is executed. Because when you use header() in a PHP file, there MUST NOT be any other output statements before that. So, check for any HTML code or echos before it.
Then if you are sure that header() is being executed, and still it's not redirecting, make sure that the target file exists.
Extra: ALWAYS add exit() immediately after header() redirects. Else the code will continue executing and can reveal your sensitive data.
Using the relative path to the file is probably causing issues. Try it using the full path (also probably outside the if{} would make more sense).
PHP might be able to parse the relative path, but the w3 spec explicitly states to use absolute URIs
edit: To elaborate, handing a relative path off to a browser for redirect is playing with fire. The browser might think it knows where it is in your site's hierarchy, but it might be actually in a different spot.
Also, if you're not getting a 404 page or something similar, then the relative path might not be your issue, but it might help you later on down the road
use meta redirects, something like
<meta http-equiv="refresh" content="0; url=http://example.com/">
but you could do something like
<meta http-equiv="refresh" content="0; url=index.php">
works fine with me
I've done tons of redirects using PHP's header function. This one has stumped me.
On my dashboard controller, I check whether or not the $_SESSION['loggedin'] is set. If it's not set, I want to send the user back to the main page. However, I keep getting the "too many redirects" error, even though I only have it set once. Can anyone help me out? Thanks for the help in advance!
Here's my code -
function index() {
if(!isset($_SESSION['loggedin'])) {
header("Location: ./");
} else {
die("The user is logged in.");
}
}
./ means "here", so yes, you're redirecting in a circle. You probably mean /, the root.
The Location header field should really contain a complete, absolute URL though. So you should redirect to http://example.com/. Relative URLs just happen to be (incorrectly) accepted by some browsers.
This is because you just refresh the page. It means the user isn't redirected to different URL, he stays where he were.
You're using wrong path for Location header. ./ is equal to . which is a relative path and means current path. Certainly, you want to use / which is absolute path, ie. it's related to domain's root.
I would use absolute paths it will reduce possible errors.
You might need to use global to access the session variables in your case.