SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Enthusiast sbob's Avatar
    Join Date
    Jun 2005
    Location
    MN, USA
    Posts
    49
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    header('location: ' . $_SERVER['PHP_SELF']) causes refresh?

    I'm using the method described here to avoid the POST data resubmit problem. Basically I have my script check to see if there is POST data in an incoming request, and if there is it takes that data and stores it in $_SESSION, then redirects the user to the same page by using header('location: ' . $_SERVER['PHP_SELF']).

    The problem is that this causes the page to refresh instead of loading the page as a new spot in history in firefox and IE. This is probably intentional and it makes sense, but it creates a problem for my script:

    Say you come from an external site to index.php. This page generates a login form if you aren't logged in. When you submit the form, the post data is converted to session data and you are redirected to the same page again. This way you will never resubmit post data by refreshing the page or accessing it again via the back anf forward buttons. If you enter in the wrong credentials, I have the same page generate an error message. Now if you try to click your browser's back button to go back to the login form when looking at that error message, you are instead taken all the way back to the external site you came in from. That's because the page was only refreshed when you submitted the form. This happens in firefox and IE, but not in opera.

    So I guess my question is this: Is there a way to redirect someone to the same page (PHP_SELF) and force them to open that page as a new page in the browser's history?

    I can't really show you an online example, as my script won't work since I don't have my online database setup yet, but here is the abbreviated code:
    PHP Code:
    <?php
           session_start
    ();
           
           if (!empty(
    $_POST)) {
               foreach(
    $_POST as $vn => $v) {
                  if (
    $vn == 'user' or $vn == 'pwd') {
                      
    $v trim($v);
                      
    $_SESSION[$vn] = substr($v025);
                  }
              }
              
    header('Location: ' $_SESSION['PHP_SELF']);
               die();
           }
     
    ?><!DOCTYPE html PUBLIC &quot;-//W3C//DTD XHTML 1.0 Strict//EN&quot; &quot;http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd&quot;>
      <html xmlns=&quot;http://www.w3.org/1999/xhtml&quot; lang=&quot;en&quot; xml:lang=&quot;en&quot;>
         <head>
             <title>Hello</title>
         <meta http-equiv=&quot;Content-Type&quot; content=&quot;text/html; charset=ISO-8859-1&quot; />
         </head>
         <body>
         
         <?php
           connect_to_db
    ();
           
         
    $user $_SESSION['user'];
         
    $pwd $_SESSION['pwd'];
         
         if(!isset(
    $user) or !isset($pwd)) {
             
    build_login();
             
    build_footer();
             die();
         } else {
             
    $term1 quote_smart($user);
             
    $term2 quote_smart($pwd);
             
    $query = &quot;select from users where username=$term1 and password=$term2&quot;;
             
    $result = @mysql_query($query);
             if (!
    $result) {
             
    build_error('A database error has occurred. Unable to process user authorization query.');
                 
    build_footer();
                 die();
             }
             
             if (
    mysql_num_rows($result) == 0) {
                 unset(
    $_SESSION['user']);
                 unset(
    $_SESSION['pwd']);
             
    build_error('Username or password incorrect. Please go back and try again.');
                 
    build_footer();
                 die();
             }
         }
        
    ?>
           
         <p>Super Secret Content!</p>
        
       <?php
        build_footer
    ();
        
    ?>
    Thanks in advance =)
    Last edited by sbob; Jun 17, 2005 at 13:40.

  2. #2
    SitePoint Guru Ruben K.'s Avatar
    Join Date
    Jun 2005
    Location
    Alkmaar, The Netherlands
    Posts
    693
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could try to add a _GET parameter like '?login=true'. I am not sure if this will work.

  3. #3
    SitePoint Evangelist
    Join Date
    Apr 2005
    Posts
    485
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    you could also make the login page the page after the index.php page. another option is to put a link back to the login page that *can't be missed*. the vast majority of folks will use the link vs the back button. you could also put a little text warning that the back button won't take you to the login page.

  4. #4
    SitePoint Evangelist
    Join Date
    Sep 2004
    Location
    Oregon
    Posts
    445
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You could also use <meta> tags, pure HTML =]


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •