header redirection not working!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

header redirection not working!

Post by s.dot »

I know the whole deal about header("Location: xxx");

I don't have any white space before my opening tag.
Nothing is printed to the browser.
My other redirects work, just not this one!

I used Feyd's SHA256 in this, but I highly doubt that is the problem.

Code: Select all

/* SHA256 hash the input password */
require_once 'includes/hash_sha256.php';
$hashedpass = SHA256::hash($modelpassword,'hex');

/* check that the hashed password matches the password in the database for this model id */
$correct_password_result = mysql_query("SELECT count(*) FROM users WHERE id = '$modelid' AND password = '$hashedpass'") or die(mysql_error());
if(mysql_result($correct_password_result,0) < 1)
{
	/* password did not match, redirect to error message */
	header("Location: index.php?error=2");
	die();
}
Now, if I echo the $hashedpass, it shows up correctly.
If I echo inside of the if() it shows up.
and if I die("incorrect") that shows up.
It's just the header location line that's not working!
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
m3mn0n
PHP Evangelist
Posts: 3548
Joined: Tue Aug 13, 2002 3:35 pm
Location: Calgary, Canada

Post by m3mn0n »

What's the exact error message?

Can you post the contents of that include?
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

meh, it would help if I knew the error message :(
I have display_errors off
and I'm a newb on my server and cannot access the error logs with ease
I tried ini_set("display_errors","on") but that did not seem to work

here's the entire file in question

Code: Select all

<?php

/* start session */
session_start();

/*
 * This page is the worker page that will perform (mostly) all
 * form actions for the model manager website.  This page will
 * perform the actions then redirect to the previous page and
 * display either an error message or success message.  This
 * page is used separately to prevent people from reposting the
 * same data twice
 */


/* include the database connection */
require 'includes/db_connect.php';


/* the user is logging in from index.php */
if($_POST['action'] == "model_login")
{
	/* check to see that both form fields were filled in */
	if(!$_POST['modelid'] || !$_POST['modelpassword'])
	{
		/* both fields were not filled in, redirect to error message */
		header("Location: index.php?error=3");
		die();
	}
	
	/* purify field input */
	$modelid = mysql_real_escape_string($_POST['modelid']);
	$modelpassword = mysql_real_escape_string($_POST['modelpassword']);
	
	/* query database for model id existance */
	$model_existance_result = mysql_query("SELECT count(*) FROM users WHERE id = '$modelid'") or die(mysql_error());
	
	/* check the result */
	if(mysql_result($model_existance_result,0) < 1)
	{
		/* model is not found, redirect to error message */
		header("Location: index.php?error=1");
		die();
	}
	mysql_free_result($model_existance_result);
	
	/* SHA256 hash the input password */
	require_once 'includes/hash_sha256.php';
	$hashedpass = SHA256::hash($modelpassword,'hex');

	/* check that the hashed password matches the password in the database for this model id */
	$correct_password_result = mysql_query("SELECT count(*) FROM users WHERE id = '$modelid' AND password = '$hashedpass'") or die(mysql_error());
	if(mysql_result($correct_password_result,0) < 1)
	{
		/* password did not match, redirect to error message */
		header("Location: index.php");
		die();
	}
	mysql_free_result($correct_password_result);

	/* everything is good, declare users session modelid, and redirect to myaccount.php */
	$_SESSION['modelid'] = $modelid;
	header("Location: myaccount.php");
}

/* there was no $_POST form action, so display error message */
echo "Sorry, you have reached this page in error.";
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
lc
Forum Contributor
Posts: 188
Joined: Tue Apr 23, 2002 6:45 pm
Location: Netherlands

Post by lc »

hmm how about removing: echo "Sorry, you have reached this page in error.";
foobar
Forum Regular
Posts: 613
Joined: Wed Sep 28, 2005 10:08 am

Post by foobar »

Put the following line at the top of your script:

Code: Select all

error_reporting(E_ALL);
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

lc wrote:hmm how about removing: echo "Sorry, you have reached this page in error.";
actually I added that in while I was being frustrated while the script wasn't working.

but i'll try the reporting, thanks.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Warning: Cannot modify header information - headers already sent by (output started at /home/scott/public_html/modelmanager/includes/hash_base.php:175) in /home/scott/public_html/modelmanager/model_worker.php on line 58

is what I got, so I guess my problem does lie in the SHA256 code
here's Feyds sha256 hash base
line 175 is the very last line.

Code: Select all

<?php 


/******************************************************************************* 
* 
*    Hashing abstract base class definition file. 
* 
*    (C) Copyright 2005 Developer's Network. All rights reserved. 
* 
*    This library is free software; you can redistribute it and/or modify it 
*    under the terms of the GNU Lesser General Public License as published by the 
*    Free Software Foundation; either version 2.1 of the License, or (at your 
*    option) any later version. 
* 
*    This library is distributed in the hope that it will be useful, but WITHOUT 
*    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 
*    FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License 
*    for more details. 
* 
*    You should have received a copy of the GNU Lesser General Public License 
*    along with this library; if not, write to the 
*        Free Software Foundation, Inc. 
*        59 Temple Place, Suite 330, 
*        Boston, MA 02111-1307 USA 
*     
*----- Version 1.1.0 ---------------------------------------------------------- 
* 
*    These classes generate PHP level error when an error, warning, or notice of 
*    some kind happens during execution. This allows you to "hide" any of these 
*    like you would any other function's error output using error_reporting(). 
* 
*----- History ---------------------------------------------------------------- 
* 
*        1.1.0    Split from hash_sha256.php 
* 
*----- Source Control Information --------------------------------------------- 
* 
*    $Workfile: hash_base.php $ 
*    $Author: Feyd $ 
*    $JustDate: 05.04.06 $ 
*    $Revision: 4 $ 
* 
*    $Header: /inc/hash_base.php 4     05.04.06 2:57p Feyd $ 
* 
******************************************************************************/ 


//    hashing class state and register storage object. Abstract base class only. 
class hashData 
{ 
    //    final hash 
    var $hash = null; 
} 


//    hashing class message object. Abstract base class only. 
class hashMessage 
{ 
    //    retrieve the next chunk 
    function nextChunk() 
    { 
        trigger_error('hashMessage::nextChunk() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
     
    //    retrieve the current chunk 
    function currentChunk() 
    { 
        trigger_error('hashMessage::currentChunk() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 


//    hashing class message object for files. Abstract base class only. 
class hashMessageFile extends hashMessage 
{ 
    function hashMessageFile( $filename ) 
    { 
        trigger_error('hashMessageFile::hashMessageFile() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 


//    hashing class message object for URLs. Abstract base class only. 
class hashMessageURL extends hashMessage 
{ 
    function hashMessageURL( $url ) 
    { 
        trigger_error('hashMessageURL::hashMessageURL() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 


//    hashing class. Abstract base class only. 
class hash 
{ 
    //    The base modes are: 
    //        'bin' - binary output (most compact) 
    //        'bit' - bit output (largest) 
    //        'hex' - hexidecimal (default, medium) 
    //        'HEX' - hexidecimal (upper case) 

    //    perform a hash on a string 
    function hash($str, $mode = 'hex') 
    { 
        trigger_error('hash::hash() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 

    //    chop the resultant hash into $length byte chunks 
    function hashChunk($str, $length, $mode = 'hex') 
    { 
        trigger_error('hash::hashChunk() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
     
    //    perform a hash on a file. 
    function hashFile($filename, $mode = 'hex') 
    { 
        trigger_error('hash::hashFile() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 

    //    chop the resultant hash into $length byte chunks 
    function hashChunkFile($filename, $length, $mode = 'hex') 
    { 
        trigger_error('hash::hashChunkFile() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
     
    //    perform a hash on a URL 
    function hashURL($url, $timeout = null, $mode = 'hex') 
    { 
        trigger_error('hash::hashURL() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 

    //    chop the resultant hash into $length byte chunks 
    function hashChunkURL($url, $length, $timeout = null, $mode = 'hex') 
    { 
        trigger_error('hash::hashChunkURL() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 

/***************************************************************************** 
*    $History: hash_base.php $ 
* 
* *****************  Version 4  ***************** 
* User: Feyd         Date: 05.04.06   Time: 2:57p 
* Updated in $/inc 
* adjust/modify some documentation for release of 1.1.0 
* 
* *****************  Version 3  ***************** 
* User: Feyd         Date: 05.04.05   Time: 1:26a 
* Updated in $/inc 
* hashURL() finished. 
* 
* *****************  Version 2  ***************** 
* User: Feyd         Date: 05.04.04   Time: 12:40a 
* Updated in $/inc 
* Finished hashFile(). Next up, hashURL(). 
* 
* *****************  Version 1  ***************** 
* User: Feyd         Date: 05.04.03   Time: 3:53a 
* Created in $/inc 
* Initial source control addition. 
*****************************************************************************/ 

/* EOF :: Document Settings: tab:4; */ 

?>
I suppose I could just sha1 or md5 it. :P
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
josh
DevNet Master
Posts: 4872
Joined: Wed Feb 11, 2004 3:23 pm
Location: Palm beach, Florida

Post by josh »

do you have any whitespace after the closing tag, or before the opening tag for that matter?
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Are you using Dreamweaver? If so, sometimes it will throw some hidden characters in your script. Try opening it in notepad to see the hidden chars.
User avatar
Jenk
DevNet Master
Posts: 3587
Joined: Mon Sep 19, 2005 6:24 am
Location: London

Post by Jenk »

use isset() when checking for the existence of variables/indices, not !$var. That generates an error (notice error) if the var is not defined/set - which forces the headers to be sent.
User avatar
Ambush Commander
DevNet Master
Posts: 3698
Joined: Mon Oct 25, 2004 9:29 pm
Location: New Jersey, US

Post by Ambush Commander »

If you have a hex editor, make sure ?> is indeed the last and <?php is the first.

Turn out output buffering and see if that works.
Post Reply