Page 1 of 1

redirect problem

Posted: Fri Apr 09, 2010 10:33 am
by russia5
I have a form that adds a name to MySQL I have it working on another site, but when I transferred it, it gave me a redirect that I cannot account for.

The file path to the problem file is http://mysite.com/Project Software/admin/add_agency.php

The form redirects to public_html/mysite.com/Software

I assume Software is the Software that is in /Software Projects/ But I don't know how it is coming up with this.

I have think possibly it is coming from the forth line down: header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);

Below is the Coding

Code: Select all

<?php
session_start();
if (!isset($_SESSION['user_name'])) {
        header("Location: Login.php?url=" . $_SERVER['PHP_SELF']);
}


$_SESSION['ADMIN_TYPE']="Agency";

require_once("../includes/config.php");
require_once("../includes/connection.php");
require_once("../includes/data.php");
require_once("../includes/utils.php");
require_once("../libs/smarty.php");



if($_POST["btnAdd"]<>"")
{
    $agency = $_POST["agency_name"];

    if($agency<>"")
    {
        $insertQuery = "INSERT INTO users set agency_name = '$agency'";
        //echo mysql_error(). "  ". $insertQuery;

        if ($result = mysql_query($insertQuery))
        {
            // It worked, give confirmation
            $message = '<font color=red><b>New agency added successfully.<br><br></b></font>';
        }else{
            // It hasn't worked so stop. Better error handling code would be good here!
            $message = "<font color=red><b>Sorry, there was an error adding the agency name.<br><br></b></font>";
        }
    }else{
       $message = "<font color=red><b>Sorry, required agency name.<br><br></b></font>";
    }
}


if($_POST["btnEdit"]<>"")
{
    $aid    = $_POST["agency_id"];
    $agency = $_POST["agency_name"];

    if($agency<>"")
    {
        $editQuery = "update users set agency_name = '$agency' where id=$aid";
        //echo mysql_error(). "  ". $insertQuery;

        if ($result = mysql_query($editQuery))
        {
            // It worked, give confirmation
            $message = '<font color=red><b>Agency name update successfully.<br><br></b></font>';
        }else{
            // It hasn't worked so stop. Better error handling code would be good here!
            $message = "<font color=red><b>Sorry, there was an error to modify agency name.<br><br></b></font>";
        }
    }else{
       $message = "<font color=red><b>Sorry, required agency name.<br><br></b></font>";
    }
}


if($_POST["btnDel"]<>"")
{
    $aid    = $_POST["agency_id"];
    $agency = $_POST["agency_name"];

    $delQuery1 = "delete from users where id=$aid";
    $delQuery2 = "delete from users where agency='$agency'";
    $delQuery3 = "delete from subdomain_approval where agency='$agency'";
    $delQuery4 = "delete from subdomain_hold where agency='$agency'";
    $delQuery5 = "delete from subdomain_submission where agency='$agency'";

    if($result1 = mysql_query($delQuery1))
    {
        $delMessageAgency = "<font color=red size=1><b>1. Agency name '".$_POST["agency_name"]."' deleted successfully.<br></b></font>";
        $delMessageAdmin = "<font color=red size=1><b>2. Admin for '".$_POST["agency_name"]."' agency deleted successfully.<br></b></font>";
    }else{
        $delMessageAgency = "<font color=red size=1><b>1. Sorry, there was an error to delete agency.<br></b></font>";
        $delMessageAdmin = "<font color=red size=1><b>2. Sorry, there was an error to delete admin for this agency.<br></b></font>";
    }
    /* if($result2 = mysql_query($delQuery2))
    {
        echo "<font color=red size=1><b>2. Admin for '".$_POST["agency_name"]."' agency deleted successfully.<br></b></font>";
    }else{
        echo "<font color=red size=1><b>2. Sorry, there was an error to delete admin for this agency.<br></b></font>";
    } */
    if($result3 = mysql_query($delQuery3))
    {
        $delMessage3 = "<font color=red size=1><b>3. Approval Table Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
    }else{
        $delMessage3 = "<font color=red size=1><b>3. Sorry, there was an error to delete Approval for this agency.<br></b></font>";
    }
    if($result4 = mysql_query($delQuery4))
    {
        $delMessage4 = "<font color=red size=1><b>4. Hold Table Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
    }else{
        $delMessage4 = "<font color=red size=1><b>4. Sorry, there was an error to delete Hold/Edit for this agency.<br></b></font>";
    }
    if($result5 = mysql_query($delQuery5))
    {
        $delMessage5 = "<font color=red size=1><b>5. Submission Data for '".$_POST["agency_name"]."' Agency deleted successfully.<br></b></font>";
    }else{
        $delMessage5 = "<font color=red size=1><b>5. Sorry, there was an error to delete Submission for this agency.<br></b></font>";
    }
    
}

//$query0 = "select * from users order by agency_name";
//$result0 = mysql_fetch_assoc(mysql_query($query0));

// 12.13.7; wiseobject <- hide super user
$query0 = "select * from users where role != 'super_admin' order by agency_name";
$result0 = mysql_query($query0);
while($row0=mysql_fetch_array($result0)){
	$dispAdmin[]=$row0;
}

$smarty = new RuSmarty;
$smarty->assign("btnAdd",$_POST["btnAdd"]);
$smarty->assign("btnEdit",$_POST["btnEdit"]);
$smarty->assign("btnDel",$_POST["btnDel"]);
$smarty->assign("action",$_SERVER['PHP_SELF']);
$smarty->assign("aid",$_POST["agency_id"]);
$smarty->assign("agency",$_POST["agency_name"]);
$smarty->assign("message",$message);
$smarty->assign("delMessageAgency",$delMessageAgency);
$smarty->assign("delMessageAdmin",$delMessageAdmin);
$smarty->assign("delMessage3",$delMessage3);
$smarty->assign("delMessage4",$delMessage4);
$smarty->assign("delMessage5",$delMessage5);
$smarty->assign("result0",$dispAdmin);
$smarty->assign("admin_role",$_SESSION['admin_role']);

$smarty->display('admin/add_agency.tpl');
?>

Below is the template html

Code: Select all


{if $admin_role ne "super_admin"}

{literal}

<script type="text/javascript" language="JavaScript">

        alert("You are not authorized to perform this operation.\nPlease contact the super-admin for requesting authorization.");

        location.href = 'Profile_Admin.php';

</script>

{/literal}

{/if}

<html>

<head>

<title>APEX New Agency</title>

<link rel="stylesheet" type="text/css" href="stylesheet.css">

</head>

<body>

<h1>APEX Admin Console</h1>

<h2>Add New Agency</h2>



<div class="ContentsBox" id="Contents" style="width: 400">

  {$message}

  <h3>Enter New Agency</h3>

  <table class="Input">

    <form name=AddAgency action={$action} method=post>

      <tr>

        <td>Agency Name:</td>

        <td><input type=text size=20 maxlength=20 name=agency_name></td>

        <td align=right><input type=submit value=Add name=btnAdd></td>

      </tr>

    </form>

  </table>

  <br>

  <br>



{if $btnDel ne ""}

 {$delMessageAgency}</br>

 {$delMessageAdmin}

{/if}





  <h3>List of Agencies</h3>

  <table class="Input">

{section name=dispRecords loop=$result0}





    <tr>

      <td>{$smarty.section.dispRecords.rownum}</td>

      <form name=AddAgency action={$action} method=post>

        <td><input type=hidden name=agency_id value="{$result0[dispRecords].id}">

          <input type=text size=20 maxlength=20 name=agency_name value="{$result0[dispRecords].agency_name}"></td>

        <td align=right><input type=submit value=Edit name=btnEdit></td>

        <td align=right><input type=submit value=Del name=btnDel onClick="return confirm('Are you sure to delete agency name?')"></td>

        <td align=right><input type=button value="Add New Admin" onClick="javascript: location.href='add_admin.php?ag={$result0[dispRecords].agency_name}';"></td>

      </form>

    </tr>



{sectionelse}

    echo "<tr><th colspan=5>No agency found in list.</th></tr>";

{/section}



  </table>

</div>

</body>




Re: redirect problem

Posted: Fri Apr 09, 2010 3:23 pm
by requinix
Really should have proofread your post before posting.
russia5 wrote:The file path to the problem file is http://mysite.com/Project Software/admin/add_agency.php
russia5 wrote:I assume Software is the Software that is in /Software Projects/
Had I realized the path was /Software Projects/admin/add_agency.php I could have replied a fair bit sooner.

Always use quotes around HTML attributes. When you go back and fix all of them in your script you should find your problem is no longer.

Re: redirect problem

Posted: Fri Apr 09, 2010 3:32 pm
by AbraCadaver
Well, your file is in a sub directory/ies, so Login.php is relative and is assumed to be in that directory so add a / to send it to the root (or wherever it is). Also, the space in the URL is not valid so you need to encode it. You should add an exit as well:

Code: Select all

header("Location: /Login.php?url=" . urlencode($_SERVER['PHP_SELF']));
exit;
It would be better to use the full URL as that is what is required by the Location header. You can specify it as below, or better build it from the other $_SERVER vars:

Code: Select all

header("Location: http://www.example.com/Login.php?url=" . urlencode($_SERVER['PHP_SELF']));
exit;
You may have similar problems in the javascript as well but I didn't look through it all.

Re: redirect problem

Posted: Fri Apr 09, 2010 3:46 pm
by minorDemocritus
Kinda offtopic, but you should be made aware of this:

Code: Select all

$agency = $_POST["agency_name"];
// SNIP
$insertQuery = "INSERT INTO users set agency_name = '$agency'";
HOLY SQL INJECTION POSSIBILITIES, BATMAN!

There's a few more further down, too.