Page 1 of 1
weird differences using header() with php 4.3 and 4.4
Posted: Thu Jun 08, 2006 4:47 am
by fazz
hiya. can someone help with this problem ?
i wrote a login script using the header function to redirect the client to a secure section. this works fine on a server using php version 4.3.10 but fails on another server using 4.4.2.
when the script is run, rather than go to the redirected page, the same script is run again with the query string attached to the url but with no output to the page. i then echo'd out some variables from the script but it will not get past the header function.
can anyone tell me whats going on here ?
thanks
Posted: Thu Jun 08, 2006 4:59 am
by Oren
Post the relevant code.
Posted: Thu Jun 08, 2006 11:01 am
by ok
First of all, copy this code and check under "HTTP Headers Information" if there is something:
Secondly, check that your script doesn't print anything to the browser ("echo", "print" etc.).
Posted: Fri Jun 09, 2006 10:59 am
by fazz
the script falls over on the 3rd last line. the echo statements and the string argument to the die function within that IF condition blockwere tests which isolated the header() function as the problem. the script malfunctions equally well without them only the screen is blank.
thanks OK, i did a check using php info primarily to check the php version numbers but couldn't find a section called HTTP headers information. where is it ?
BTW $auth and $name are session variables.
Code: Select all
$user = $_POST["user"];
$pword = $_POST["pword"];
switch($do) {
case "login":
$connection = mysql_connect($host, $dbuser, $password) or die (mysql_error());
$db = mysql_select_db($database, $connection) or die (mysql_error());
$sql = "SELECT login_name FROM admin WHERE login_name='$user'";
$result = mysql_query($sql) or die (mysql_error());
$found = mysql_num_rows($result);
if ($found == 1) {
$sql2 = "SELECT pass_word FROM admin WHERE login_name='$user' AND pass_word='$pword'";
$result2 = mysql_query($sql2) or die(mysql_error());
$foundpass = mysql_num_rows($result2);
if ($foundpass == 1) {
echo "password found<br>";
$auth = "yes";
echo $auth;
$name = $user;
echo $name;
$today = date("Y-m-d H:m:s");
echo $today;
$sql3 = "INSERT INTO login (login_name, login_date) VALUES ('$name', '$today')";
mysql_query($sql3) or die ("this is weird");
header ("Location: admin.php");
exit();
}
hope you can help
Posted: Fri Jun 09, 2006 11:05 am
by ok
You can't output to the browser before sending HEADERS!!!!!!!!!!!!!!!!!!!!!!!
Posted: Fri Jun 09, 2006 11:30 am
by fazz
as i have said these echoes were to see if anything could be sent to the screen. the following code has the same no effect. i rewrote it from scratch to eliminate whitespace and commented out an irrelevance which might have caused a problem
Code: Select all
if ($foundpass == 1) {
$auth = "yes";
$name = $user;
// $today = date("Y-m-d H:m:s");
// $sql3 = "INSERT INTO login (login_name, login_date) VALUES ('$name', '$today')";
// mysql_query($sql3) or die ("this is weird");
header ("Location: admin.php");
exit();
}
the code for admin.php begins as follows.
Code: Select all
<?php
session_start();
if ($auth != "yes") {
header("Location: index.php");
exit();
?>
<html>
and in previewing this post i have spotted the problem. thanks for your time guys.
except, no...
Posted: Fri Jun 09, 2006 11:37 am
by fazz
except no, adding the missing curly brace has made no difference and i am left with my original problem