Page 1 of 1

header redirection not working!

Posted: Sun Dec 25, 2005 6:56 am
by s.dot
I know the whole deal about header("Location: xxx");

I don't have any white space before my opening tag.
Nothing is printed to the browser.
My other redirects work, just not this one!

I used Feyd's SHA256 in this, but I highly doubt that is the problem.

Code: Select all

/* SHA256 hash the input password */
require_once 'includes/hash_sha256.php';
$hashedpass = SHA256::hash($modelpassword,'hex');

/* check that the hashed password matches the password in the database for this model id */
$correct_password_result = mysql_query("SELECT count(*) FROM users WHERE id = '$modelid' AND password = '$hashedpass'") or die(mysql_error());
if(mysql_result($correct_password_result,0) < 1)
{
	/* password did not match, redirect to error message */
	header("Location: index.php?error=2");
	die();
}
Now, if I echo the $hashedpass, it shows up correctly.
If I echo inside of the if() it shows up.
and if I die("incorrect") that shows up.
It's just the header location line that's not working!

Posted: Sun Dec 25, 2005 7:27 am
by m3mn0n
What's the exact error message?

Can you post the contents of that include?

Posted: Sun Dec 25, 2005 7:31 am
by s.dot
meh, it would help if I knew the error message :(
I have display_errors off
and I'm a newb on my server and cannot access the error logs with ease
I tried ini_set("display_errors","on") but that did not seem to work

here's the entire file in question

Code: Select all

<?php

/* start session */
session_start();

/*
 * This page is the worker page that will perform (mostly) all
 * form actions for the model manager website.  This page will
 * perform the actions then redirect to the previous page and
 * display either an error message or success message.  This
 * page is used separately to prevent people from reposting the
 * same data twice
 */


/* include the database connection */
require 'includes/db_connect.php';


/* the user is logging in from index.php */
if($_POST['action'] == "model_login")
{
	/* check to see that both form fields were filled in */
	if(!$_POST['modelid'] || !$_POST['modelpassword'])
	{
		/* both fields were not filled in, redirect to error message */
		header("Location: index.php?error=3");
		die();
	}
	
	/* purify field input */
	$modelid = mysql_real_escape_string($_POST['modelid']);
	$modelpassword = mysql_real_escape_string($_POST['modelpassword']);
	
	/* query database for model id existance */
	$model_existance_result = mysql_query("SELECT count(*) FROM users WHERE id = '$modelid'") or die(mysql_error());
	
	/* check the result */
	if(mysql_result($model_existance_result,0) < 1)
	{
		/* model is not found, redirect to error message */
		header("Location: index.php?error=1");
		die();
	}
	mysql_free_result($model_existance_result);
	
	/* SHA256 hash the input password */
	require_once 'includes/hash_sha256.php';
	$hashedpass = SHA256::hash($modelpassword,'hex');

	/* check that the hashed password matches the password in the database for this model id */
	$correct_password_result = mysql_query("SELECT count(*) FROM users WHERE id = '$modelid' AND password = '$hashedpass'") or die(mysql_error());
	if(mysql_result($correct_password_result,0) < 1)
	{
		/* password did not match, redirect to error message */
		header("Location: index.php");
		die();
	}
	mysql_free_result($correct_password_result);

	/* everything is good, declare users session modelid, and redirect to myaccount.php */
	$_SESSION['modelid'] = $modelid;
	header("Location: myaccount.php");
}

/* there was no $_POST form action, so display error message */
echo "Sorry, you have reached this page in error.";

Posted: Sun Dec 25, 2005 8:56 am
by lc
hmm how about removing: echo "Sorry, you have reached this page in error.";

Posted: Sun Dec 25, 2005 9:00 am
by foobar
Put the following line at the top of your script:

Code: Select all

error_reporting(E_ALL);

Posted: Sun Dec 25, 2005 9:03 am
by s.dot
lc wrote:hmm how about removing: echo "Sorry, you have reached this page in error.";
actually I added that in while I was being frustrated while the script wasn't working.

but i'll try the reporting, thanks.

Posted: Sun Dec 25, 2005 9:11 am
by s.dot
Warning: Cannot modify header information - headers already sent by (output started at /home/scott/public_html/modelmanager/includes/hash_base.php:175) in /home/scott/public_html/modelmanager/model_worker.php on line 58

is what I got, so I guess my problem does lie in the SHA256 code
here's Feyds sha256 hash base
line 175 is the very last line.

Code: Select all

<?php 


/******************************************************************************* 
* 
*    Hashing abstract base class definition file. 
* 
*    (C) Copyright 2005 Developer's Network. All rights reserved. 
* 
*    This library is free software; you can redistribute it and/or modify it 
*    under the terms of the GNU Lesser General Public License as published by the 
*    Free Software Foundation; either version 2.1 of the License, or (at your 
*    option) any later version. 
* 
*    This library is distributed in the hope that it will be useful, but WITHOUT 
*    ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 
*    FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License 
*    for more details. 
* 
*    You should have received a copy of the GNU Lesser General Public License 
*    along with this library; if not, write to the 
*        Free Software Foundation, Inc. 
*        59 Temple Place, Suite 330, 
*        Boston, MA 02111-1307 USA 
*     
*----- Version 1.1.0 ---------------------------------------------------------- 
* 
*    These classes generate PHP level error when an error, warning, or notice of 
*    some kind happens during execution. This allows you to "hide" any of these 
*    like you would any other function's error output using error_reporting(). 
* 
*----- History ---------------------------------------------------------------- 
* 
*        1.1.0    Split from hash_sha256.php 
* 
*----- Source Control Information --------------------------------------------- 
* 
*    $Workfile: hash_base.php $ 
*    $Author: Feyd $ 
*    $JustDate: 05.04.06 $ 
*    $Revision: 4 $ 
* 
*    $Header: /inc/hash_base.php 4     05.04.06 2:57p Feyd $ 
* 
******************************************************************************/ 


//    hashing class state and register storage object. Abstract base class only. 
class hashData 
{ 
    //    final hash 
    var $hash = null; 
} 


//    hashing class message object. Abstract base class only. 
class hashMessage 
{ 
    //    retrieve the next chunk 
    function nextChunk() 
    { 
        trigger_error('hashMessage::nextChunk() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
     
    //    retrieve the current chunk 
    function currentChunk() 
    { 
        trigger_error('hashMessage::currentChunk() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 


//    hashing class message object for files. Abstract base class only. 
class hashMessageFile extends hashMessage 
{ 
    function hashMessageFile( $filename ) 
    { 
        trigger_error('hashMessageFile::hashMessageFile() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 


//    hashing class message object for URLs. Abstract base class only. 
class hashMessageURL extends hashMessage 
{ 
    function hashMessageURL( $url ) 
    { 
        trigger_error('hashMessageURL::hashMessageURL() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 


//    hashing class. Abstract base class only. 
class hash 
{ 
    //    The base modes are: 
    //        'bin' - binary output (most compact) 
    //        'bit' - bit output (largest) 
    //        'hex' - hexidecimal (default, medium) 
    //        'HEX' - hexidecimal (upper case) 

    //    perform a hash on a string 
    function hash($str, $mode = 'hex') 
    { 
        trigger_error('hash::hash() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 

    //    chop the resultant hash into $length byte chunks 
    function hashChunk($str, $length, $mode = 'hex') 
    { 
        trigger_error('hash::hashChunk() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
     
    //    perform a hash on a file. 
    function hashFile($filename, $mode = 'hex') 
    { 
        trigger_error('hash::hashFile() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 

    //    chop the resultant hash into $length byte chunks 
    function hashChunkFile($filename, $length, $mode = 'hex') 
    { 
        trigger_error('hash::hashChunkFile() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
     
    //    perform a hash on a URL 
    function hashURL($url, $timeout = null, $mode = 'hex') 
    { 
        trigger_error('hash::hashURL() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 

    //    chop the resultant hash into $length byte chunks 
    function hashChunkURL($url, $length, $timeout = null, $mode = 'hex') 
    { 
        trigger_error('hash::hashChunkURL() NOT IMPLEMENTED', E_USER_WARNING); 
        return false; 
    } 
} 

/***************************************************************************** 
*    $History: hash_base.php $ 
* 
* *****************  Version 4  ***************** 
* User: Feyd         Date: 05.04.06   Time: 2:57p 
* Updated in $/inc 
* adjust/modify some documentation for release of 1.1.0 
* 
* *****************  Version 3  ***************** 
* User: Feyd         Date: 05.04.05   Time: 1:26a 
* Updated in $/inc 
* hashURL() finished. 
* 
* *****************  Version 2  ***************** 
* User: Feyd         Date: 05.04.04   Time: 12:40a 
* Updated in $/inc 
* Finished hashFile(). Next up, hashURL(). 
* 
* *****************  Version 1  ***************** 
* User: Feyd         Date: 05.04.03   Time: 3:53a 
* Created in $/inc 
* Initial source control addition. 
*****************************************************************************/ 

/* EOF :: Document Settings: tab:4; */ 

?>
I suppose I could just sha1 or md5 it. :P

Posted: Sun Dec 25, 2005 10:50 am
by josh
do you have any whitespace after the closing tag, or before the opening tag for that matter?

Posted: Sun Dec 25, 2005 10:53 am
by John Cartwright
Are you using Dreamweaver? If so, sometimes it will throw some hidden characters in your script. Try opening it in notepad to see the hidden chars.

Posted: Sun Dec 25, 2005 11:26 am
by Jenk
use isset() when checking for the existence of variables/indices, not !$var. That generates an error (notice error) if the var is not defined/set - which forces the headers to be sent.

Posted: Sun Dec 25, 2005 11:48 am
by Ambush Commander
If you have a hex editor, make sure ?> is indeed the last and <?php is the first.

Turn out output buffering and see if that works.