It says it not there.... 404 Error?!?! !@$#@%@$#

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Zoram
Forum Contributor
Posts: 166
Joined: Sun Aug 18, 2002 3:28 pm
Location: Utah
Contact:

It says it not there.... 404 Error?!?! !@$#@%@$#

Post by Zoram »

I have been working on my website and after updating the login i started to get some really maddening responses.

Now when i log in it logs in and sets the SESSION variables but when it gets to the header("Location: " . $HTTP_REFERER); it brings up a 404 page not found ... heres the code... it seems to bring up the error on a couple of pages...

Code: Select all

<?php session_start();

// ********************PAGE VARIABLES******************
	$waldo = "../";
// ****************************************************
if (isset($_POST&#1111;'user']) && isset($_POST&#1111;'pass']))&#123;
	
	// Get Login Information
	$user_name = addslashes($_POST&#1111;'user']);
	$password = addslashes($_POST&#1111;'pass']);
	
	// **** QUERY ****
	$query = "SELECT * FROM users WHERE user_username = '$user_name' AND user_pass = SHA1('$password')";
	$result = @mysql_query($query, $connection) or die ( header ("Location: " . $waldo . "Error.php" ) );
	$affected_rows = @mysql_num_rows($result);
	if (@mysql_num_rows($result) > 0) &#123;
		while ($row = @mysql_fetch_array($result)) &#123;
			$_SESSION&#1111;'VAL'] = $row&#1111;'user_uniId'];
			$cartId = $row&#1111;'user_cartId'];
			$_SESSION&#1111;'USER'] = $user_name;
			
			if (!isset($_SESSION&#1111;'CART'])) &#123;
				$_SESSION&#1111;'CART'] = $cartId;
			&#125; else &#123;
				// Change temp cart contents to new cart id.
				$query = "UPDATE cart SET cart_cartId = '$cartId' WHERE cart_cartId = '" . $_SESSION&#1111;'CART'] . "'";
				$result = @mysql_query($query, $connection) or die ( header ("Location: " . $waldo . "Error.php" ) );
				
				// Set new cart id
				$_SESSION&#1111;'CART'] = $cartId;
			&#125; // if preset cart
			$date = date("Y-m-d");
			
			$ipAdd = $_SERVER&#1111;'REMOTE_ADDR'];
			$browser = $_SERVER&#1111;'HTTP_USER_AGENT'];
			
			$query = "INSERT INTO log (log_id, log_user, log_ip, log_date, log_browser) VALUES (NULL, '$user_name', '$ipAdd', NULL, '$browser')";
			$result = @mysql_query($query, $connection) or die ( header ("Location: " . $waldo . "Error.php" ) );
			
			$query = "UPDATE users SET user_lastlog = '$date' WHERE user_username = '" . $_SESSION&#1111;'USER'] . "' AND user_uniId = '". $_SESSION&#1111;'VAL'] ."'";
			$result = @mysql_query($query, $connection) or die ( header ("Location: " . $waldo . "Error.php" ) );
			
			header("Location: " . $HTTP_REFERER);
			exit;
		&#125;
	&#125; else &#123;
		$loginPass = false;
	&#125;
&#125;
.... Any Suggestions?
User avatar
gyardleydn
Forum Commoner
Posts: 27
Joined: Tue Dec 03, 2002 8:27 am

Post by gyardleydn »

$HTTP_REFERER
Weren't you the one who said they were conserned about stopping injection attacks. Did you decide to keep globals on?

I don't think ("Location: " . $waldo . "Error.php" ) will work when $waldo is "../" as you need to supply an abolute path.
See: header()
User avatar
Zoram
Forum Contributor
Posts: 166
Joined: Sun Aug 18, 2002 3:28 pm
Location: Utah
Contact:

Post by Zoram »

it's worked so far... and what globals? the session vars? i just save the username, cart and a validation number... is there something wrong with that?
User avatar
gyardleydn
Forum Commoner
Posts: 27
Joined: Tue Dec 03, 2002 8:27 am

Post by gyardleydn »

Should $HTTP_REFERER be $_SERVER['HTTP_REFERER']?
Zoram wrote:it's worked so far... and what globals? the session vars? i just save the username, cart and a validation number... is there something wrong with that?
User avatar
Zoram
Forum Contributor
Posts: 166
Joined: Sun Aug 18, 2002 3:28 pm
Location: Utah
Contact:

Post by Zoram »

Actually, as i am testing it out more if i log in from different pages half of the time it works and the other half when i try to redirect it gives me the 404 error.
User avatar
twigletmac
Her Royal Site Adminness
Posts: 5371
Joined: Tue Apr 23, 2002 2:21 am
Location: Essex, UK

Post by twigletmac »

From the manual (http://www.php.net/manual/en/reserved.variables.php):
'HTTP_REFERER'
The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.
And as gyardleydn pointed out, if register_globals are off it should be $_SERVER['HTTP_REFERER'] instead of $HTTP_REFERER.

Mac
User avatar
Zoram
Forum Contributor
Posts: 166
Joined: Sun Aug 18, 2002 3:28 pm
Location: Utah
Contact:

Post by Zoram »

hmmm... i need to learn more about php.... i didn't even relize they were on.
Post Reply