How do sessions work?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

Thank you :)

One question. How important is the

Code: Select all

exit;
after the redirect?

Shears :)
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

It is probably a good idea to make sure you are passing a complete page name as well. If not, add it in the script.

This is a little function I borrowed from phpBB (and modified a pinch) to handle redirects...

Code: Select all

function redirect($url)
{
	// The $site_data global is an array of settings 
	// that manage the basic server params
	global $site_data;
	
	if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
	{
		// This is a custom error handler
		set_error('Tried to redirect to potentially insecure url.');
	}

	$server_protocol = ($site_data['cookie_secure']) ? 'https://' : 'http://';
	$server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($site_data['server_name']));
	$server_port = ($site_data['server_port'] <> 80) ? ':' . trim($site_data['server_port']) : '';
	$script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($site_data['script_path']));
	$script_name = ($script_name == '') ? $script_name : '/' . $script_name;
	$url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));

	// Some servers don't handle header redirects properly, so we need to account for that
	if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')))
	{
		header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url);
		echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="refresh" content="0; url=' . $server_protocol . $server_name . $server_port . $script_name . $url . '"><title>Redirect</title></head><body><div align="center">If your browser does not support meta redirection please click <a href="' . $server_protocol . $server_name . $server_port . $script_name . $url . '">HERE</a> to be redirected</div></body></html>';
		exit;
	}

	// Behave as per HTTP/1.1 spec for others
	header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url);
	exit;
}
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

Shears wrote:Thank you :)

One question. How important is the

Code: Select all

exit;
after the redirect?

Shears :)
Anyone?

Shears :)
LiveFree
Forum Contributor
Posts: 258
Joined: Tue Dec 06, 2005 5:34 pm
Location: W-Town

Post by LiveFree »

That is to make sure that after you redirect, nothing else is executed from the page you redirected from.
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Some servers do not handle the header redirect method the same as the HTTP spec calls for. When that is the case, if you do not call exit it may execute more of the script.
Post Reply