Okay, looks like I was stupid/lazy for including the pseudo code instead of
something closer to what I was using. Also, perhaps I'm being dense, but I
don't understand what Michael's response has to do with this situation. Can
he or someone else enlighten me? Here's a more accurate/detailed
description of what's going on, complete with the exact code (minus
sensitive info) that I'm using:
The chunk of code in question is a login handler. It's supposed to collect
two form fields named username and password from the Post method variables.
Then it's supposed to check the password against an encrypted version stored
in a database (I didn't include the database variables/code in the example
below). If it matches, it's supposed to redirect them to a page where they
can perform administrative functions. In the course of debugging it, I found
that the header("Location: ...") command worked perfectly until I called on
the $_POST or $HTTP_POST_VARS arrays (which seem to be synonymous). If I
removed the calls to the arrays, it worked fine. I looked through the
comments on the header function on www.php.net and through some of the
previous questions posted in the news group, and it seems like others have
experienced this problem as well. However, the most common situation noted
was that it broke as soon as they called a function. I guess I'm calling a
function implicitly when I ask for the $_POST variables. The most obvious
way I can see around this is simply to cause the client to redirect using
JavaScript. Of course, the downside to this is that the user may have
disabled scripting, but I'm working in a pretty closed environment, so I
think I can avoid that contingency. I'm using 4.1.2 as a cgi in a UNIX
environment w/ MySQL 3.22.x.
--Hunter Vaughn
<?php
$Host = "_______";
$User = "_______";
$Pass = "_______";
$dbName = "_______";
$username = $_POST[username];
$password = $_POST[password];
$Link = mysql_connect($Host, $User, $Pass) or die ("Could not connect to
the database.");
mysql_select_db($dbName);
if((ereg(".+@.+\..+", $username)) && (eregi("^[[:alnum:]]{8,16}$",
$password))) {
$Query = "SELECT email, memberID, pass FROM Login where
email='$username'";
$Result = mysql_query($Query);
$Row = @mysql_fetch_array($Result);
if((crypt($password, $Row[pass])) == $Row[pass]) {
session_start();
$email = $Row[0];
$memberID = $Row[1];
session_register('email');
session_register('memberID');
//header("Location: http://some.domain.com/PHP/update.php";);
This doesn't work...
print("<script language=\"JavaScript\">window.location =
\"http://some.domain.com/PHP/update.php\";;</script>");
exit;
}
else {
$message = urlencode("The username and password submitted do not
match those on file. Please try again.");
}
}
else {
$message = urlencode("Please enter your username and password to log
in.");
}
print("<script language=\"JavaScript\">window.location =
\"http://some.domain.com/HTML/letsboogie22.html\";;</script>");
exit;
?>
"Hunter Vaughn" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there any reason I can't just use a JavaScript redirect from a PHP
login
> handling script since I can't seem to get the header("Location: URL");
> function to work? Any security concerns or anything else? As far as I
can
> tell, all calls to header fail as soon as I attain variables based on a
POST
> submission. See example below.
>
> <?
> $username = $_POST[username];
> $password = $_POST[password];
>
> if(some username/password format verification) {
> query the database
> if($password matches pass in database) {
> session_start();
> $email = $Row[0];
> $memberID = $Row[1];
> session_register('email');
> session_register('memberID');
> //header("Location: URL"); This doesn't work.
> print("<script language=\"JavaScript\">window.location =
>
\"http://depts.washington.edu/bionano/HTML/letsboogie22.html\";;</script>");
> exit;
> }
> else {
> print("That didn't work...");
> }
> }
> else {
> print("Please enter your username & password.");
> }
> ?>
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
