redirect problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
russia5
Forum Newbie
Posts: 12
Joined: Sun May 22, 2005 8:07 pm
Location: California
Contact:

redirect problem

Post by russia5 »

I have a form that adds a name to MySQL I have it working on another site, but when I transferred it, it gave me a redirect that I cannot account for.

The file path to the problem file is http://mysite.com/Project Software/admin/add_agency.php

The form redirects to public_html/mysite.com/Software

I assume Software is the Software that is in /Software Projects/ But I don't know how it is coming up with this.

I have think possibly it is coming from the forth line down: header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);

Below is the Coding

Code: Select all

<?php
session_start();
if (!isset($_SESSION['user_name'])) {
        header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);
}


$_SESSION['ADMIN_TYPE']="Agency";

require_once("../includes/config.php");
require_once("../includes/connection.php");
require_once("../includes/data.php");
require_once("../includes/utils.php");
require_once("../libs/smarty.php");



if($_POST["btnAdd"]<>"")
{
    $agency = $_POST["agency_name"];

    if($agency<>"")
    {
        $insertQuery = "INSERT INTO users set agency_name = '$agency'";
        //echo mysql_error(). "  ". $insertQuery;

        if ($result = mysql_query($insertQuery))
        {
            // It worked, give confirmation
            $message = '<font color=red><b>New agency added successfully.<br><br></b></font>';
        }else{
            // It hasn't worked so stop. Better error handling code would be good here!
            $message = "<font color=red><b>Sorry, there was an error adding the agency name.<br><br></b></font>";
        }
    }else{
       $message = "<font color=red><b>Sorry, required agency name.<br><br></b></font>";
    }
}


if($_POST["btnEdit"]<>"")
{
    $aid    = $_POST["agency_id"];
    $agency = $_POST["agency_name"];

    if($agency<>"")
    {
        $editQuery = "update users set agency_name = '$agency' where id=$aid";
        //echo mysql_error(). "  ". $insertQuery;

        if ($result = mysql_query($editQuery))
        {
            // It worked, give confirmation
            $message = '<font color=red><b>Agency name update successfully.<br><br></b></font>';
        }else{
            // It hasn't worked so stop. Better error handling code would be good here!
            $message = "<font color=red><b>Sorry, there was an error to modify agency name.<br><br></b></font>";
        }
    }else{
       $message = "<font color=red><b>Sorry, required agency name.<br><br></b></font>";
    }
}


if($_POST["btnDel"]<>"")
{
    $aid    = $_POST["agency_id"];
    $agency = $_POST["agency_name"];

    $delQuery1 = "delete from users where id=$aid";
    $delQuery2 = "delete from users where agency='$agency'";
    $delQuery3 = "delete from subdomain_approval where agency='$agency'";
    $delQuery4 = "delete from subdomain_hold where agency='$agency'";
    $delQuery5 = "delete from subdomain_submission where agency='$agency'";

    if($result1 = mysql_query($delQuery1))
    {
        $delMessageAgency = "<font color=red size=1><b>1. Agency name '".$_POST["agency_name"]."' deleted successfully.<br></b></font>";
        $delMessageAdmin = "<font color=red size=1><b>2. Admin for '".$_POST["agency_name"]."' agency deleted successfully.<br></b></font>";
    }else{
        $delMessageAgency = "<font color=red size=1><b>1. Sorry, there was an error to delete agency.<br></b></font>";
        $delMessageAdmin = "<font color=red size=1><b>2. Sorry, there was an error to delete admin for this agency.<br></b></font>";
    }
    /* if($result2 = mysql_query($delQuery2))
    {
        echo "<font color=red size=1><b>2. Admin for '".$_POST["agency_name"]."' agency deleted successfully.<br></b></font>";
    }else{
        echo "<font color=red size=1><b>2. Sorry, there was an error to delete admin for this agency.<br></b></font>";
    } */
    if($result3 = mysql_query($delQuery3))
    {
        $delMessage3 = "<font color=red size=1><b>3. Approval Table Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
    }else{
        $delMessage3 = "<font color=red size=1><b>3. Sorry, there was an error to delete Approval for this agency.<br></b></font>";
    }
    if($result4 = mysql_query($delQuery4))
    {
        $delMessage4 = "<font color=red size=1><b>4. Hold Table Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
    }else{
        $delMessage4 = "<font color=red size=1><b>4. Sorry, there was an error to delete Hold/Edit for this agency.<br></b></font>";
    }
    if($result5 = mysql_query($delQuery5))
    {
        $delMessage5 = "<font color=red size=1><b>5. Submission Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
    }else{
        $delMessage5 = "<font color=red size=1><b>5. Sorry, there was an error to delete Submission for this agency.<br></b></font>";
    }
    
}

//$query0 = "select * from users order by agency_name";
//$result0 = mysql_fetch_assoc(mysql_query($query0));

// 12.13.7; wiseobject <- hide super user
$query0 = "select * from users where role != 'super_admin' order by agency_name";
$result0 = mysql_query($query0);
while($row0=mysql_fetch_array($result0)){
	$dispAdmin[]=$row0;
}

$smarty = new RuSmarty;
$smarty->assign("btnAdd",$_POST["btnAdd"]);
$smarty->assign("btnEdit",$_POST["btnEdit"]);
$smarty->assign("btnDel",$_POST["btnDel"]);
$smarty->assign("action",$_SERVER['PHP_SELF']);
$smarty->assign("aid",$_POST["agency_id"]);
$smarty->assign("agency",$_POST["agency_name"]);
$smarty->assign("message",$message);
$smarty->assign("delMessageAgency",$delMessageAgency);
$smarty->assign("delMessageAdmin",$delMessageAdmin);
$smarty->assign("delMessage3",$delMessage3);
$smarty->assign("delMessage4",$delMessage4);
$smarty->assign("delMessage5",$delMessage5);
$smarty->assign("result0",$dispAdmin);
$smarty->assign("admin_role",$_SESSION['admin_role']);

$smarty->display('admin/add_agency.tpl');
?>

Below is the template html

Code: Select all


{if $admin_role ne "super_admin"}

{literal}

<script type="text/javascript" language="JavaScript">

        alert("You are not authorized to perform this operation.\nPlease contact the super-admin for requesting authorization.");

        location.href = 'Profile_Admin.php';

</script>

{/literal}

{/if}

<html>

<head>

<title>APEX New Agency</title>

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body>

<h1>APEX Admin Console</h1>

<h2>Add New Agency</h2>



<div class="ContentsBox" id="Contents" style="width: 400">

  {$message}

  <h3>Enter New Agency</h3>

  <table class="Input">

    <form name=AddAgency action={$action} method=post>

      <tr>

        <td>Agency Name:</td>

        <td><input type=text size=20 maxlength=20 name=agency_name></td>

        <td align=right><input type=submit value=Add name=btnAdd></td>

      </tr>

    </form>

  </table>

  <br>

  <br>



{if $btnDel ne ""}

 {$delMessageAgency}</br>

 {$delMessageAdmin}

{/if}





  <h3>List of Agencies</h3>

  <table class="Input">

{section name=dispRecords loop=$result0}





    <tr>

      <td>{$smarty.section.dispRecords.rownum}</td>

      <form name=AddAgency action={$action} method=post>

        <td><input type=hidden name=agency_id value="{$result0[dispRecords].id}">

          <input type=text size=20 maxlength=20 name=agency_name value="{$result0[dispRecords].agency_name}"></td>

        <td align=right><input type=submit value=Edit name=btnEdit></td>

        <td align=right><input type=submit value=Del name=btnDel onClick="return confirm('Are you sure to delete agency name?')"></td>

        <td align=right><input type=button value="Add New Admin" onClick="javascript: location.href='add_admin.php?ag={$result0[dispRecords].agency_name}';"></td>

      </form>

    </tr>



{sectionelse}

    echo "<tr><th colspan=5>No agency found in list.</th></tr>";

{/section}



  </table>

</div>

</body>



User avatar
requinix
Spammer :|
Posts: 6617
Joined: Wed Oct 15, 2008 2:35 am
Location: WA, USA

Re: redirect problem

Post by requinix »

Really should have proofread your post before posting.
russia5 wrote:The file path to the problem file is http://mysite.com/Project Software/admin/add_agency.php
russia5 wrote:I assume Software is the Software that is in /Software Projects/
Had I realized the path was /Software Projects/admin/add_agency.php I could have replied a fair bit sooner.

Always use quotes around HTML attributes. When you go back and fix all of them in your script you should find your problem is no longer.
User avatar
AbraCadaver
DevNet Master
Posts: 2572
Joined: Mon Feb 24, 2003 10:12 am
Location: The Republic of Texas
Contact:

Re: redirect problem

Post by AbraCadaver »

Well, your file is in a sub directory/ies, so Login.php is relative and is assumed to be in that directory so add a / to send it to the root (or wherever it is). Also, the space in the URL is not valid so you need to encode it. You should add an exit as well:

Code: Select all

header("Location: /Login.php?url=" . urlencode($_SERVER['PHP_SELF']));
exit;
It would be better to use the full URL as that is what is required by the Location header. You can specify it as below, or better build it from the other $_SERVER vars:

Code: Select all

header("Location: http://www.example.com/Login.php?url=" . urlencode($_SERVER['PHP_SELF']));
exit;
You may have similar problems in the javascript as well but I didn't look through it all.
mysql_function(): WARNING: This extension is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQLextension should be used. See also MySQL: choosing an API guide and related FAQ for more information.
minorDemocritus
Forum Commoner
Posts: 96
Joined: Thu Apr 01, 2010 7:28 pm
Location: Chicagoland, IL, USA

Re: redirect problem

Post by minorDemocritus »

Kinda offtopic, but you should be made aware of this:

Code: Select all

$agency = $_POST["agency_name"];
// SNIP
$insertQuery = "INSERT INTO users set agency_name = '$agency'";
HOLY SQL INJECTION POSSIBILITIES, BATMAN!

There's a few more further down, too.
Post Reply