Meta tag refresh loop with authentication check - please help

Hi Guys,

I’m having trouble with the below authentication check. If I try to access an area you need to be logged in to view without logging in I’m getting an infinite refresh loop on that page instead of being redirected to login.php. Problem is I can’t think of any other way to redirect, the Location header doesn’t work unless it’s first in the php script and up until now the refresh meta tag was working perfectly for all other redirects.


<?php
include('session_connection.php');
$loggedIn = false;
$sessionid = session_id();
$sessionQuery = "Select * from Users where SessionID = ". $sessionid .";";
$result = mysql_query($sessionQuery);

if(mysql_num_rows($result) > 0)
{
  $_SESSION['user'] = mysql_fetch_assoc($result); //stores the row of user data in the 'user' reserved session array
  $loggedIn=true;
}
else
{
if(basename($_SERVER['PHP_SELF']) != "login.php") //basename clips to the end of a url and _SERVER['PHP_SELF'] is a reserved variable holding the location of the currently executing script
 {
   echo '<META HTTP-EQUIV="Refresh" Content="0"; URL="login.php">';    
   exit; 
 }
}
?>

Try removing .php from the path check as i did a bit of light reading and found that the file extension gets removed with [B]basename/B

Thanks for your reply, unfortunately this is not the case. When I ran a


print basename($_SERVER['PHP_SELF']);

From within my login script the resultant output was “login.php”

I tried your suggestion anyway but I’m still stuck with my refresh loop

Also I know for a fact this is the buggy script as I have created a blank php script and included this authentication check with the same results. It doesn’t appear to be a double-invoke or something similiar.

I have also tried redirecting to a blank script in case it was a redirection bounce which it doesn’t appear to be.

I’m thinking it may be my logic that’s at fault, I’m getting the same loop if I try to access the authentication script itself in a browser.

Out of desperation I’ve gone back to the header method and modified the code with a dirty hack to allow the header to be the first thing accessed which seems to work ok.

If anyone knows of a cleaner method I’d be very grateful to hear it.