PHP Header Location not working


#1

I have taken on the task of moving a PHP/MySql website to a new host.
I am setting up the files in a sub-directory of my website to make sure I get it right.

There is an administrative function on the first host when logging in takes the user to admin functions i.e. Add or update members, edit content pages (content in MySql database), etc.

The log in works on the first host but not on my duplication website setup.
The log in records the user and time when some one is in the admin area.

If I login for my site, the login just returns to the login screen (no admin functions show).
However, if I try to login again the system tells me someone is already logged in.
So the log in is being recorded properly but the admin function page is not showing.

A Check Login function uses

if(check_login())
header("Location: admin.php");

but never displays the functions using admin.php.

Works on first system not on my test system.

Any help is appreciated.
Yes I am new to serious php work but have learned alot.

Biran


#2

Try the following:

if(check_login()){
header("Location: admin.php");
exit(); // you should always do this
}


#3

May I show you this section below?
I read about always using exit();
When I put it in with more brackets {}, I got a blank page with 0 in the upper left corner.
Probably placement of exit(); with brackets?

<?php

$base_url = "../";

session_start();
include($base_url.'db_connections/db_connection.php');
include($base_url.'db_connections/DBConnect_admin.php');
include($base_url.'includes/ad.php');

//force_logout();
// see if the person is already logged in
if(check_login())
	header("Location: admin.php");

$title = "Administration Area - Login";
$error = "";

if(isset($_POST['submit']))
{
	$error = login();
	if(empty($error))
		header("Location: admin.php");
}

?>


#4

Yes, add exit to your code. Besides, Location header requires absolute URL:

header("Location: http://example.com/admin.php");

Browsers usually accept relative URLs like yours but technically they are not allowed. I always send full URLs to the Location header. I don't know if that is the cause of your problem but it's a good idea to correct it.

Also, when redirecting from a page that has been accessed by POST method (such as from a html form with method="post") it is recommended to use "303 See Other" response code:

header("Location: http://example.com/admin.php", true, 303);


#5

NOT that using a redirect just to pull up an admin panel is a good idea either; why aren't you just calling it flat without screwing around on the extra handshakes and page loads?!?

if (check_login()) {
  include('admin.php');
  exit();
}

Or are you sending markup before that? As I often say, if you have to resort to a redirect from inside your php, there's probably something wrong with how you've built your code.


#6

You've gone too far with this statement. There's one very valid reason to use redirects: to change the url of the page after a form has been submitted via POST. For example the login form is at http://example.com/login and after successful login a page with product listing is displayed. If you don't use a redirect then you are still at http://example.com/login on the product listing page. Two problems with that:

1) you can't bookmark the URL or copy & paste so that it will lead to the page you are currently on
2) when you hit reload on the target page the browser wants to resubmit the login form and displays alerts causing confusion among users

After a redirect you are at http://example.com/product-listing, which is the real URL of the page and no problems with reloading.

In fact, NOT using redirects in such cases causes usability problems. Usually POST requests are not hitting the server frequently compared to GET requests and using redirects in such cases has no visible impact on server load.


#7

Thanks for the advice. This project is another person's coding.
Trying to adopt or change it if necessary. I am treading lightly because of my lack of experience with PHP and MySql.

Only got notice of 1 reply. Glad to see others.
Thanks again.


#8

If you use the Live HTTP Headers add on for Firefox, and log in to the site, do you see the "Location: " header in the response at all, or doesn't it appear to do anything?


#9

I installed Live HTTP Headers. Wasn't sure how to use it then I say to myself (I do that a lot), try Tools.
Doesn't show any information but neither does this forum page.
Unless I am using it wrong.

Found it under Tools page Info.
What am I looking for now? It does have information.

I think part of my problem is the php is not finding the php/MySql pages properly.


#10

It's a bit of tricky one. When you look at the page, press CTRL + SHIFT + L , and a bar will appear at the left side of the screen

Alternatively, you could go to View (ALT + V) > Sidebar > Live HTTP Headers

When it works you will get a bar at the left side on the screen that scrolls by text when you load a page at a rate that will make you a little bit dizzy smile

An example of such a text will look like

<font color='"#0000CD"'>http://www.sitepoint.com/</font>

<font color='"#008000"'>GET / HTTP/1.1
Host: www.sitepoint.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.7,nl;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
</font>
<font color='"#FF0000"'>HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Fri, 28 Oct 2011 18:42:29 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: W3 Total Cache/0.9.2.3
Last-Modified: Fri, 28 Oct 2011 18:41:57 GMT
Vary: Accept-Encoding,Cookie,User-Agent
Content-Encoding: gzip
X-Pingback: http://www.sitepoint.com/xmlrpc.php
Cache-Control: max-age=3600
Expires: Fri, 28 Oct 2011 19:42:29 GMT
X-Cache: MISS from blogs.sitepoint.com
X-Cache-Lookup: MISS from blogs.sitepoint.com:80
Content-Length: 11136
X-Varnish: 597800873
Age: 0
Via: 1.1 varnish</font>

The blue part is the URL requested, the green part are the outgoing headers (the headers your browser sends to the server to request the resource) and the red lines are the reply headers. The Location: should be somewhere in the reply headers for your-script.php (replace "your-script" with however your script is called).


#11

this is what I got. I edited my previous response. Should have just posted again.

http://www.computersoftwaresystems.com/lba/admin/admin_login.php

POST /lba/admin/admin_login.php HTTP/1.1
Host: www.computersoftwaresystems.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://www.computersoftwaresystems.com/lba/admin/admin_login.php
Cookie: __utma=158876328.1746803708.1318789239.1319821422.1319824295.9; __utmz=158876328.1318789239.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __utmb=158876328.18.10.1319824295; PHPSESSID=5ce99389aa25becaccf139c88b2398cc; __utmc=158876328; GetResponseComWebform14260=WebformCookie
Content-Type: application/x-www-form-urlencoded
Content-Length: 42

HTTP/1.1 200 OK
Date: Fri, 28 Oct 2011 18:40:46 GMT
Content-Type: text/html
Connection: close
Server: Nginx / Varnish
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 7828


#12

Got no header info.


#13

Hey, what you posted in your previous post is what http headers are. First, you have the request headers and below (after the blank line) the response headers. So you got header info!


#14

Indeed, those are the headers, as Lemon Juice said smile

Weird, your username/password should be in there, right under "Content-Length: 42". Or did you remove that yourself before you posted it here?


#15

No didn't edit it.
I will use this to look at the 'working' website and compare with 'soon to be' working website.

Stick with me, please.


#16

Okay. Just so know what you're looking for, there should be something like

username=myusername&password=mypassword

where "username" is the name of the HTML form field where you enter your username, "password" is the name of the HTML form field where you enter your password, and "myusername" and "mypassword" are your username and password, respectively. There may be more fields in there, but it usually the minimum needed.


#17

Found Username and Password.
Noticed: HTTP/1.1 302 Found after username & password which maybe the root of my problem.
Login records into database table and let me know if I try to login again but doesn't want to show Admin functions in admin.php.


http://computersoftwaresystems.com/lba/admin/admin_login.php

POST /lba/admin/admin_login.php HTTP/1.1
Host: computersoftwaresystems.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://computersoftwaresystems.com/lba/admin/admin_login.php
Cookie: __utma=158876328.1746803708.1318789239.1319824295.1319833208.10; __utmz=158876328.1319833208.10.2.utmcsr=ipower.com|utmccn=(referral)|utmcmd=referral|utmcct=/controlpanel/FileManager/; PHPSESSID=4c98a077de35135fba63c6306561320d; __utmb=158876328.1.10.1319833208; __utmc=158876328
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
username=brian&password=23192&submit=Login

HTTP/1.1 302 Found
Date: Fri, 28 Oct 2011 20:17:59 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: close
Server: Nginx / Varnish
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://computersoftwaresystems.com/lba/admin/admin.php
Content-Length: 7530


http://computersoftwaresystems.com/lba/admin/admin.php

GET /lba/admin/admin.php HTTP/1.1
Host: computersoftwaresystems.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:7.0.1) Gecko/20100101 Firefox/7.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip, deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Connection: keep-alive
Referer: http://computersoftwaresystems.com/lba/admin/admin_login.php
Cookie: __utma=158876328.1746803708.1318789239.1319824295.1319833208.10; __utmz=158876328.1319833208.10.2.utmcsr=ipower.com|utmccn=(referral)|utmcmd=referral|utmcct=/controlpanel/FileManager/; PHPSESSID=4c98a077de35135fba63c6306561320d; __utmb=158876328.1.10.1319833208; __utmc=158876328

HTTP/1.1 302 Found
Date: Fri, 28 Oct 2011 20:18:00 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: close
Server: Nginx / Varnish
X-Powered-By: PHP/5.2.17
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://computersoftwaresystems.com/lba/admin/admin_login.php
Content-Length: 245



#18

Conclusion to my problem came down to losing $Session variable, but thanks to reading common problems I found a suggestion to use sessionstart(); at the beginning of pages to read the session variables.
After weeks, of learning PHP & MySql, I am happy to get this application working.
Strange because, it works at another hosting company developed by another company.