Page 1 of 2

header() redirection

Posted: Thu Sep 26, 2002 7:31 pm
by mydimension
i am using Apache/1.3.26 (Win32) PHP/4.2.3 and i am trying to execute the following:

Code: Select all

header("Location: $redirectUrl");
with $redirectUrl being a completely valid URI. my problem is that when I send this to IE 6 sp1 the browser does not redirect. any thoughts?

Posted: Thu Sep 26, 2002 9:35 pm
by mydimension
this also does not work in Mozilla 1.1b. its looking like i have a bigger problem than browser compatability.

Posted: Fri Sep 27, 2002 1:23 am
by Takuma
Myabe you're using relative path? or deoes that not matter?

Posted: Fri Sep 27, 2002 6:07 am
by mydimension
nope cause in my generation of $redirect i use $_SERVER['HTTP_REFERER']

Posted: Fri Sep 27, 2002 6:10 am
by twigletmac
Then you should read this:
php manual wrote:'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
Mac

Posted: Fri Sep 27, 2002 6:14 am
by mydimension
ok, well i did some error checking and printed $_SERVER['HTTP_REFERER'] and in the current situation i am redirecting to http://localhost/ and my header argument is Location: http://localhost/

Posted: Fri Sep 27, 2002 6:21 am
by mydimension
here is the code:

Code: Select all

<?php
include("includes/flib.php");

$f_user = $_POSTї'f_user'];
$f_pass = $_POSTї'f_pass'];
$password_hash = md5($f_pass);

$login_query = "SELECT username, password FROM ".USER_DB." WHERE username='$f_user'";
$cmdb->query($login_query);

$user = $cmdb->fetcharray();

if ($userї'password'] == $password_hash) {
	setcookie("c_username", $f_user, time()+3600*24*30, "/");
	setcookie("c_password", $password_hash, time()+3600*24*30, "/");
}

header("Location: " . $_SERVERї'HTTP_REFERER']);
exit;
?>
just a side note, this used to work untill i upgrade my entire web server to the latest PHP/MySQL/Apache

Posted: Fri Sep 27, 2002 6:33 am
by twigletmac
I've seen a similar problem on IIS which relates to a bug in IIS that won't let you set a cookie and then do a redirect. I don't think that this affects Apache but you may want to try removing the setcookie stuff (maybe save the info to a session) just to test.

The point about HTTP_REFERER that was made by the quote from the manual still stands though - because you can't rely on it to exist or to be correct, you should consider finding a different way of determining where in your site the user has come from.

One more thing, have you tried hardcoding a URL into the header() function to see if that works?

Mac

Posted: Fri Sep 27, 2002 6:39 am
by mydimension
yep, tried a hardcoded URL but still no redirection. tried commenting out the setcookie lines and no affect. about the HTTP_REFERER point, thats a good thing to know but right now i want to make this thing work.

Posted: Fri Sep 27, 2002 6:41 am
by twigletmac
Have you tried putting a header() function call into a PHP file which doesn't have anything else in it? If that doesn't work then it may be that somethings not quite right with your Apache setup.

Mac

Posted: Fri Sep 27, 2002 7:07 am
by volka
if Apache is 'under the impression' that there was a redirection (and location: xyz; is) you should see an entry like
127.0.0.1 - - [24/Sep/2002:11:12:59 +0200] "GET /squash.php HTTP/1.1" 302 5
in access.log. The important part is 302.

Posted: Fri Sep 27, 2002 8:34 am
by mydimension
the only access.log line i get from that script is

Code: Select all

127.0.0.1 - - ї27/Sep/2002:09:32:03 -0400] "POST /login.php HTTP/1.1" - 5

Posted: Fri Sep 27, 2002 8:51 am
by volka
uh? I've never seen that the first code after the request line does not correspond with one value in RFC2616. Did you change your log-format-string?

But anyway, probably I'm not very helpful with this header problem. So, I'm just waiting for another (a good) answer ;)

Posted: Fri Sep 27, 2002 9:01 am
by mydimension
i didn't change the format the "-" is where the HTTP response number goes in most cases. there are a few times when Apache does not send an HTTP reponse code. not sure of the details but the point is that Apache is not sending the HTTP/1.1 302 at all and this worries me.

Posted: Fri Sep 27, 2002 9:07 am
by nielsene
Can you try turning on all error/warning/notice reporting? Maybe some low priority error message is being issued that would help debug this....