login redirect problem

marked

Hi all,

to start, using Apache2, MySQL 4, and PHP 4 on XP Pro box.

Problem is this:

page link to "Webpage Admin" points to admin.php.

This checks if the user is logged in like so (filename is screening.php):

session_start();
$SESSION["sourcepage"] = basename($SERVER['PHP_SELF']);
if(!isset($SESSION["authenticated"]) or $SESSION["authenticated"] != "yes"):
$SESSION['error'] = "no";
header("Location: [url]http://[/url]".$SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/enter.php");
endif;

so, the user is taken to enter.php, which is a simple name/password signin form.

User signs in with correct credentials, and test.php checks the MySQL DB for username/password. The test.php file then points the user at the original destination as specified above like so:

if($passcheck == $password and $usercheck == $username and $username!= ""):
$SESSION['authenticated'] = "yes";
$SESSION['error'] = "no";
$SESSION['user'] = "$username";
header("Location: [url]http://[/url]".$SERVER['HTTP_HOST'].dirname($SERVER['PHP_SELF'])."/".$SESSION["sourcepage"]);

(else statement cut out - it just returns to enter.php).

So, instead of taking me to admin.php like it should, it drops me into the index listing of the directory. Stranger still, after fiddling with the files for a while, changing spacing, saving and reloading, it will often start working correctly.

admin.php (and all further protected pages) contains include screening.php, so that it will check whether the user is logged in.

Any ideas? Can post full code as required.

TIA
Mark

olaf

Hallo,

here is something wrong:

 header("Location: [url]http://[/url]".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/".$_SESSION["sourcepage"]);

check what php_self is while using phpinfo() on your site.

and _blank doesn't work in a http-header

marked

Hi olaf,

Thanks for your reply. Much appreciated. However, I'm not actually using target _blank in my code - I think that was put in by the webpage formatting. I wasn't aware when I posted that I could use PHP specific text. My apologies for this.

As for PHP_SELF, I've checked it out, and it appears to be whatever page I'm on when I use the phpinfo(); command.

For example, if I use it on the enter.php page, PHP_SELF is defined as:

SERVER["PHP_SELF"] /Hereditary Barbarians/site/enter.php

where Hereditary Barbarians is the directory under htdocs on my Apache server, and site is the subdirectory holding all the html and PHP pages. Once again, if required, I can post further code.

Thanks for looking at this.

Mark

Shrike

<a href ... > is an HTML tag, header("Location: ... "); is an HTTP header call. The two do not go together 🙂

marked

Hi Shrike,

Thanks for the reply. However, as I tried to say to olaf, I didn't use <a href=...> in my PHP code. That was inserted by the webpage when I posted the code (it converted the http:// part to a web address by enclosing it in <a href></a> tags).

The PHP I have used (if I can get this right - dopey newbie and all....) is this for the screening.php file:

session_start();

$_SESSION["sourcepage"] = basename($_SERVER['PHP_SELF']);

if(!isset($_SESSION["authenticated"]) or $_SESSION["authenticated"] != "yes"):
	$_SESSION['error'] = "no";
	header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/enter.php");

endif;

and further down in my message I used this code relating to test.php

if($passcheck == $password and $usercheck == $username and $username!= ""):
	$_SESSION['authenticated'] = "yes";
	$_SESSION['error'] = "no";
	$_SESSION['user'] = "$username";
	header("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/".$_SESSION["sourcepage"]);

I have not used <a href> in my PHP code.

Thanks
Mark

olaf

Look you have multiple addresses in header, one is enough.