URL Forwarding

I have been trying to adjust a php code to auto forward to a redirect.php, which forwards a customer to their proper url.

This is what I have.

<?php
session_start();
//check to see if the user already has an open session
if (($_SESSION[user_name] != “”) && ($_SESSION[password] != “”))
{
header(“Location:$_SESSION[redirect]”);
exit;
}

//check to see if cookies have been set previously
if(($lr_user != “”) && ($lr_pass != “”))
{
header(“Location:redirect.php”);
exit;
}

?>

What is the problem here?

I am trying to auto forward if the client has cookies.

Try it!
www.glsbrakes.com/GLS_Login/
user php
pw coders

close the browser, and re-try.
Just does not work. It sees the cookie, but does not forward

Firstly, make sure your array elements are quoted in single or double quoted strings…

This line:

probably wont be parsed. You need to change it to:

Also, never ever ever rely on a redirect for security, always put your code inside some sort of conditional statement. Theres a fantastic story on thedailywtf of this coming back to bite someone. The trouble is search engines ignore redirect requests. For example:



if( !userIsAdmin() )
{
 // user isnt an admin, send them somewhere else
 header("Location:home.php");

}


// a normal user should have been redirected to home.php if they are not admin, so lets display some admin only stuff:

echo "<a href='erasedatabase.php'>Erase The Entire Database</a>";

With the above code - if a normal user visits the page, and they are not an admin, they will be given a redirect, and will happily follow it. However if google indexes that page, they will be given a redirect. but will ignore it! Google will continue to index the page, and will follow the link to erasedatabase.php, executing any code in that, and erasing your database.

ALWAYS ensure there is no possible way for the code to appear:



if( !userIsAdmin() )
{
 // user isnt an admin, send them somewhere else
 header("Location:home.php");

}
else
{
// this code now will only ever appear if the user is an admin. It is FAR safer.

echo "<a href='erasedatabase.php'>Erase The Entire Database</a>";
}

Still did not do what I thought it would do. But, I have a work around.
Once cookies are set, www.glsbrakes.com/GLS_Login/check_login.php and if they have set cookies then they will auto forward to their proper url page, if not they will be sent to the login url www.glsbrakes.com/GLS_Login/index.php

Thank you.

Dave
:cool:
:coffee:

tried this code

header(“Location:” . $_SESSION[“redirect”]);

and I got

਀㰀吀䤀吀䰀䔀㸀䄀挀挀漀甀渀琀 䰀漀最椀渀㰀⼀吀䤀吀䰀䔀㸀 ਀