PHP Redirect


Results 1 to 4 of 4

Thread: PHP Redirect

  1. #1
    Join Date
    May 2002
    Location
    Philippines
    Posts
    1,377

    PHP Redirect

    I have a page in php that has some protection for hijacking a page(editing the browser address to go to another page), it compares some variables during the session & if there's an illegal entry, it redirects the user back to the home page.

    I tried using 'header' for redirecting but it gives me this error:

    Code:
    Warning: Cannot add header information - headers already sent by....
    Next I tried is javascript :
    document.location.href='mainpage.php'

    It works but .. for half a second before redirecting, the user can get a glimpse of the page, that's not supposed to happen I noticed that this security issue can be noticed in konqueror but not in firefox browsers. In firefox the redirection is done without showing anything.

    Any suggestions on what other redirect codes I could use??
    "SEARCH FIRST... ASK SECOND" -mdwatts-

  2. #2
    Join Date
    Sep 2002
    Location
    South Jersey Shore
    Posts
    292
    You can use the php header function to redirect, you just need to make sure you do so before writing anything to the page.

    On my first big php project I spent days trying to figure out why the redirect failed, in the end the fix was to just move the redirection test and redirector up so that it ran before anything was output. That doesn't mean it has to run before any kind of statement, it just means it has to run before any statements that would doutput anything.

    Hope that helps.

  3. #3
    Join Date
    Oct 2002
    Location
    UK
    Posts
    254
    Be aware that windows linebreaks can cause problems on a linux server.

    Lets say you have an include script, include.inc , with '<?php' as the very first characters in the script, and ?> as the last characters - BUT there is a windows line break after the '?>'. If you include this file in you php page, then PHP will send out the windows line break to the browser as if it was in-line HTML - and you would not be able to send out any headers (in code, after the include) cos they would have gone automagically with the windows linebreak.

    hth
    --Robin

  4. #4
    Join Date
    May 2002
    Location
    Philippines
    Posts
    1,377
    The redirect didn't really fail, it just allowed a few seconds to go through some parts of the script, but that's just what I think happened. Users can press the stop button and take a peek, unauthorized.

    edit: there aren't any line breaks either, I do all my editing in vi.
    Last edited by Elijah; 09-07-2004 at 12:44 AM.
    "SEARCH FIRST... ASK SECOND" -mdwatts-

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •