Page 1 of 1
PHP Simple Login Form
Posted: Thu Jul 14, 2005 5:48 am
by anfion
Hi guys, i have a very big problem. i'm a database and an upload form from which yuo can insert new rows into the database, but i want only my friends to be able to do that so i though about a general password and creating a simple login form taht only has one textfield for the password. that login page echoes to itself when you click the submit button and through a hidden field i assign a value that is checked at the begining, if that value is already set, then the pagesends via post the password to the row-insertion page and through a
i redirected to the row-insertion-page. at the beginig of the body of that page i check the post variable and if it's the same passowrd i coded there, then continues displaying the page, but if the pass is different then it redirects to the login form again. the code i used:
Code: Select all
function check() {
if($_POST[contrasena]=='apollonia'){
}else{
header("Location: loginform.php");
}
}
it worked excelent on my machine using apache. then i uploeaded those file to the internet and the headers at the row-insertion page don't work. it seays a message like "header info cannot be changed once sent" or something like it. the headers at the login form do work and redirect me to the register.php when i click the button, if the password is correct then the register page opens perfectly, but if it is not, then it appears the strange message above and displays the page still.
i am kind of new to php so if you could please help me, i don't know much about php
Posted: Thu Jul 14, 2005 9:10 am
by shiznatix
well this is definatly not the correct forum to post this but take a look at ob_start() if you want a quick fix and look at this post if you want a real solution
viewtopic.php?t=1157
Re: PHP Simple Login Form
Posted: Tue Jul 26, 2005 1:14 pm
by josh
Also, I'm off topic but I'm real picky about code.
anfion wrote:
header("Location: loginform.php");
Should be
Code: Select all
header("location:http://domain.com/loginform.php");
You could run into some problems if you don't put the full URL
anfion wrote:
$_POST[contrasena]
Should be
Re: PHP Simple Login Form
Posted: Tue Jul 26, 2005 1:17 pm
by hawleyjr
jshpro2 wrote:Also, I'm off topic but I'm real picky about code.
anfion wrote:
header("Location: loginform.php");
Should be
Code: Select all
header("location:http://domain.com/loginform.php");
You could run into some problems if you don't put the full URL
Why? There is nothing wrong with using relative paths if you are on the same domain.
Posted: Tue Jul 26, 2005 1:33 pm
by nielsene
One thing to be careful of, when using header, is that you can break sessions with it. The PHP auto-propagate sessionid by GET/hidden vars in post technique when cookies are rejected will not add the SID to the url in a header.
I use a function like this:
Code: Select all
function localRedirect($url)
{
if (isset($_COOKIE["PHPSESSID"]))
header("Location: $url");
else
header("Location: $url?" .SID);
}
to avoid this problem, plus it also make it clear that its a local redirection and not an offsite one. Plus it saves me from having to type "Location:" every time.
Re: PHP Simple Login Form
Posted: Tue Jul 26, 2005 4:36 pm
by Roja
hawleyjr wrote:jshpro2 wrote:Also, I'm off topic but I'm real picky about code.
anfion wrote:
header("Location: loginform.php");
Should be
Code: Select all
header("location:http://domain.com/loginform.php");
You could run into some problems if you don't put the full URL
Why? There is nothing wrong with using relative paths if you are on the same domain.
Yes there is:
http://us2.php.net/header .
Note:
HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs.
Re: PHP Simple Login Form
Posted: Tue Jul 26, 2005 4:42 pm
by hawleyjr
Roja wrote:hawleyjr wrote:jshpro2 wrote:Also, I'm off topic but I'm real picky about code.
Should be
Code: Select all
header("location:http://domain.com/loginform.php");
You could run into some problems if you don't put the full URL
Why? There is nothing wrong with using relative paths if you are on the same domain.
Yes there is:
http://us2.php.net/header .
Note:
HTTP/1.1 requires an absolute URI as argument to Location: including the scheme, hostname and absolute path, but some clients accept relative URIs.
Learn something new every day. Thanks Roja...
Re: PHP Simple Login Form
Posted: Tue Jul 26, 2005 5:20 pm
by Roja
hawleyjr wrote:
Learn something new every day. Thanks Roja...
The sad part is that it took me probably an hour to find where that was documented.
I get so many truly oddball errors from people running my code in the WEIRDEST combinations imaginable that I trip over a huge number of weirdo corner cases like this. Then I change my code, and promptly forget why I "always do it this way".
Which sounds cool to my friends, but on a forum, it just sounds snobbish/arrogant.

Posted: Tue Jul 26, 2005 5:24 pm
by hawleyjr
Actually I totally understand. Experience is invaluable. When we hire new developers straight from college it’s always fun to watch them come across odd ball rules and errors and then try and explain why...
The funny thing is I just did a "Find All" I have 150 header() changes/verifications...Yeah, thanks again

Re: PHP Simple Login Form
Posted: Thu Jul 28, 2005 11:11 am
by shiflett
I'm glad to see someone else pointing this out. :-)
Be careful, however - the L should be uppercase, and there's a space after the colon:
header('Location:
http://example.org/');
Roja wrote:The sad part is that it took me probably an hour to find where that was documented.
If you're interested in where this is really documented, it's in section 14.30 of RFC 2616, the HTTP/1.1 specification:
http://ietf.org/rfc/rfc2616.txt
Re: PHP Simple Login Form
Posted: Thu Jul 28, 2005 1:16 pm
by Roja
shiflett wrote:
Roja wrote:The sad part is that it took me probably an hour to find where that was documented.
If you're interested in where this is really documented, it's in section 14.30 of RFC 2616, the HTTP/1.1 specification:
http://ietf.org/rfc/rfc2616.txt
You mean the RFC thats linked from the header page on php's manual, which I included the link for, which also explains how to implement it properly in php?
Dept. of redundancy dept.