Page 2 of 2

Posted: Sat Sep 09, 2006 5:10 pm
by Dave2000
Thank you :)

One question. How important is the

Code: Select all

exit;
after the redirect?

Shears :)

Posted: Sat Sep 09, 2006 5:18 pm
by RobertGonzalez
It is probably a good idea to make sure you are passing a complete page name as well. If not, add it in the script.

This is a little function I borrowed from phpBB (and modified a pinch) to handle redirects...

Code: Select all

function redirect($url)
{
	// The $site_data global is an array of settings 
	// that manage the basic server params
	global $site_data;
	
	if (strstr(urldecode($url), "\n") || strstr(urldecode($url), "\r"))
	{
		// This is a custom error handler
		set_error('Tried to redirect to potentially insecure url.');
	}

	$server_protocol = ($site_data['cookie_secure']) ? 'https://' : 'http://';
	$server_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($site_data['server_name']));
	$server_port = ($site_data['server_port'] <> 80) ? ':' . trim($site_data['server_port']) : '';
	$script_name = preg_replace('#^\/?(.*?)\/?$#', '\1', trim($site_data['script_path']));
	$script_name = ($script_name == '') ? $script_name : '/' . $script_name;
	$url = preg_replace('#^\/?(.*?)\/?$#', '/\1', trim($url));

	// Some servers don't handle header redirects properly, so we need to account for that
	if (@preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')))
	{
		header('Refresh: 0; URL=' . $server_protocol . $server_name . $server_port . $script_name . $url);
		echo '<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><meta http-equiv="refresh" content="0; url=' . $server_protocol . $server_name . $server_port . $script_name . $url . '"><title>Redirect</title></head><body><div align="center">If your browser does not support meta redirection please click <a href="' . $server_protocol . $server_name . $server_port . $script_name . $url . '">HERE</a> to be redirected</div></body></html>';
		exit;
	}

	// Behave as per HTTP/1.1 spec for others
	header('Location: ' . $server_protocol . $server_name . $server_port . $script_name . $url);
	exit;
}

Posted: Sun Sep 10, 2006 6:28 pm
by Dave2000
Shears wrote:Thank you :)

One question. How important is the

Code: Select all

exit;
after the redirect?

Shears :)
Anyone?

Shears :)

Posted: Sun Sep 10, 2006 7:00 pm
by LiveFree
That is to make sure that after you redirect, nothing else is executed from the page you redirected from.

Posted: Mon Sep 11, 2006 7:10 pm
by RobertGonzalez
Some servers do not handle the header redirect method the same as the HTTP spec calls for. When that is the case, if you do not call exit it may execute more of the script.