Secure redirection?



Hi,

I'm building a login system with AJAX/PHP/MySQL.

I have worked everything out... AJAX is sending request to a php login
script (login.php) who if authentication passes initializes the session and
sends the header using header("Location : registered_user_area.php");

The whole system works great without AJAX, but when I put AJAX in the story
I ahve one problem:

1.When the user is successfully authenticated the login.php sends the
header, but the AJAX XMLHttpRequest call is still in progress waiting for a
PHP response. So when PHP using the header function redirects to another
page that page is outputed to the login form...

My PHP login snippet is:
if ($res_hash == $u_pass) {

$logged_user = $sql_execution->last_query_result->user;

$sql_execution->exec_query("DELETE FROM seeds",false);

$sql_execution->db_disconnect();

session_start();

$_SESSION['user'] = $logged_user;

$host = $_SERVER['HTTP_HOST'];

$url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/mpls/index.php';

header("Location: http://$host$url";); //--That page
($host$url) is outputed in the login form...

exit();

}

else {

$sql_execution->exec_query("DELETE FROM seeds WHERE id=$row->id",false);

$sql_execution->db_disconnect();

echo 'BLS'; //--This is sent when the password/username is
wrong

exit();

}

???

Any help greatly appreciated

Thank you!


.



Relevant Pages

  • RE: [PHP] Secure redirection?
    ... Subject: [PHP] Secure redirection? ... I'm building a login system with AJAX/PHP/MySQL. ... AJAX is sending request to a php login ... The whole system works great without AJAX, but when I put AJAX in the ...
    (php.general)
  • Re: Disabling backspace (back a page) in ajax application
    ... In our AJAX application this is really annoying, ... to the "login" page, and they have lost everything they were doing. ... the server should be able to know the exact state of the ... Use whatever information you have on the server about the last ...
    (comp.lang.javascript)
  • Re: Homebanking
    ... Instituts kein ganz schlichtes Anmeldeformular mit anschließender ... Funktionsauswahl haben sondern entweder mit AJAX oder JS zugange sind. ... Das heißt, ich schaffe zwar einen Login, bekomme aber im ...
    (de.comp.lang.perl.misc)
  • Re: php ajax redirect
    ... I have a Login page that checks a Db for a Un and Pw using ajax. ... You're going to have to get pretty familiar with javascript. ... PHP script, and then use javascript to put your result into action. ...
    (comp.lang.php)