header question
Moderator: General Moderators
header question
when php uses the header function to redirect a user, is it possible for the user to know the php page that holds the header function? For instance Page A does some mysql stuff then sends the user to another page using the header function, is it possible for the user to know the php file that does the mysql stuff?
Yes.
If they watch the http requests, for example with a browser that lets them (Firefox has one, and there are proxies that do as well), then they can see each http request, including the initial page, and the redirect to the second page.
Whether that is "hidden enough", is an entirely different question. Honestly, if you aren't watching for it, a header redirect on any broadband is pretty hard to detect. Dialup, possibly..
If they watch the http requests, for example with a browser that lets them (Firefox has one, and there are proxies that do as well), then they can see each http request, including the initial page, and the redirect to the second page.
Whether that is "hidden enough", is an entirely different question. Honestly, if you aren't watching for it, a header redirect on any broadband is pretty hard to detect. Dialup, possibly..
yes. If the page takes a while to process they'll see the original URL in the location bar, if they hit stop, similarly.
If they input "bad" data that causes an error that gets displayed (error_reporting on, on a production server...) then the redirect will fail, etc. Also if they view source on the form, they'll see where you are submitting to
(wow not fast enough
If they input "bad" data that causes an error that gets displayed (error_reporting on, on a production server...) then the redirect will fail, etc. Also if they view source on the form, they'll see where you are submitting to
(wow not fast enough
As mentionned already, use something like HTTP Liveheaders and you'll see them 
(An exercise: Place your network card in promiscious mode, run tcpdump (or libpcap + windump) and filter all traffic to the host you are monitoring on... Or filter on port 21/25/110/80 and grep for things like USER and PASS)
(An exercise: Place your network card in promiscious mode, run tcpdump (or libpcap + windump) and filter all traffic to the host you are monitoring on... Or filter on port 21/25/110/80 and grep for things like USER and PASS)