Page 1 of 1

Redirect using a Buffer

Posted: Thu Feb 22, 2007 11:05 am
by MikeCXT
Hello. I have a login page that when correct information is submitted, redirects to a new page. My problem is the issue that no data can be send before the header() statement. I currently have include()s that are at the begining, which contain my password info for mySQL database, which I connect to in order to run sanatizing scripts, etc.

So, the includes have to remain as far as I can tell. After searching for a while, I came across the php buffer. I 'think' this means I could put the include()s in the buffer, but I can not figure out the order works... in other words...

Code: Select all

ob_start();

include_once('xPath.inc.php');
include_once($pathRoot.'password.inc.php');
include_once($pathClass.'mysqldb.class.php');

// perhaps here would go ob_end_flush() ????


//Open Connection to Database
$db = new MySQLClass();
$db->connect(MYSQL_HOST, MYSQL_USERNAME, MYSQL_PASSWORD); 
$db->select(MYSQL_DB);

//Sanitize Inputs from SESSION and POST
sanitize_inputs();

// I then use some if else statements to find out if the login information is the same as the database, $dataPresent is defined for the below if statement, and no includes or any information is passed to the browser in all this code.

if ($dataPresent == "yes" ) {
  header("location: http://www.domain.com/directory/workshop.php");
  exit;
}
Is Buffering a good option for this problem? If so, I can not figure out when to call the buffer and buffer flushing commands. The Order of everything must remain I think, since I have to have the password include() in order to be able to access mySQL for sanitizing, then checking if the login data matches the database, THEN submitting the header redirect if login verified.

Any ideas on how to make this work as intended? Or is this not possible with my current setup, and would JavaScript be better then?

Thank you for any and all help.
-Mike-

Posted: Thu Feb 22, 2007 11:19 am
by xinnex
Assuming that I undertand your question, then..

The includes isn't actually the problem. The problem is that your are sending content to the output-stream before redirecting..
Yes, you could solve your problem with outputbuffering, but a more proper way would be to make sure that your includes don't output anything unless necesarry (eg. wrap output in functions)

Posted: Thu Feb 22, 2007 12:22 pm
by MikeCXT
Thank you Xinnex,

I wrapped my password information in a function, then called the function on my login.php page, and it worked. The page correctly redirects while my includes remain in place. Thank you very much.

Since I am changing the password file, the old was:

Code: Select all

<?php 
define('MYSQL_USER', 'random'); 
define('MYSQL_PASS', 'randomagain'); 
define('MYSQL_HOST', 'mysql.adomain.com'); 
define('MYSQL_DATB', 'my_db');
?>

The new one is:

Code: Select all

<?php 
if (1==1) {
define('MYSQL_USER', 'random'); 
define('MYSQL_PASS', 'randomagain'); 
define('MYSQL_HOST', 'mysql.adomain.com'); 
define('MYSQL_DATB', 'my_db');
} 
?>
This is still secure, correct? The file is located in the root directory (? The directory above the domain directory). I just want to make sure this is still secure. As I said earlier, I was using a function, but I also found that the if statement works and makes it so I do not have to call the function, so less code in each page that uses this file.