header question

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

header question

Post by nincha »

when php uses the header function to redirect a user, is it possible for the user to know the php page that holds the header function? For instance Page A does some mysql stuff then sends the user to another page using the header function, is it possible for the user to know the php file that does the mysql stuff?
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Yes.

If they watch the http requests, for example with a browser that lets them (Firefox has one, and there are proxies that do as well), then they can see each http request, including the initial page, and the redirect to the second page.

Whether that is "hidden enough", is an entirely different question. Honestly, if you aren't watching for it, a header redirect on any broadband is pretty hard to detect. Dialup, possibly..
User avatar
nielsene
DevNet Resident
Posts: 1834
Joined: Fri Aug 16, 2002 8:57 am
Location: Watertown, MA

Post by nielsene »

yes. If the page takes a while to process they'll see the original URL in the location bar, if they hit stop, similarly.

If they input "bad" data that causes an error that gets displayed (error_reporting on, on a production server...) then the redirect will fail, etc. Also if they view source on the form, they'll see where you are submitting to

(wow not fast enough :)
timvw
DevNet Master
Posts: 4897
Joined: Mon Jan 19, 2004 11:11 pm
Location: Leuven, Belgium

Post by timvw »

As mentionned already, use something like HTTP Liveheaders and you'll see them ;)

(An exercise: Place your network card in promiscious mode, run tcpdump (or libpcap + windump) and filter all traffic to the host you are monitoring on... Or filter on port 21/25/110/80 and grep for things like USER and PASS)
nincha
Forum Contributor
Posts: 191
Joined: Fri Mar 28, 2003 12:30 pm
Location: CA, USA

Post by nincha »

well is there a tip/trick to have the same redirect function but hide the http request?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it wouldn't be a redirect anymore...

why not call this script (rebuilt as a function or library of functions/classes whatever) from the location it's redirecting to (assuming it's not off-site) ?
Post Reply