Re: Secure redirection?
- From: mzvarik@xxxxxxxxx (Martin Zvarík)
- Date: Sun, 09 Nov 2008 11:47:58 +0100
I might have not read your post thorougly,
but it's important to know, that Header sends a HTTP request to the browser - you are not hiding the destination URL.
So, calling header("location: in PHP is basically same as redirect using JS.
Martin
Zoran Bogdanov napsal(a):
Hi,.
I'm building a login system with AJAX/PHP/MySQL.
I have worked everything out... AJAX is sending request to a php login script (login.php) who if authentication passes initializes the session and sends the header using header("Location : registered_user_area.php");
The whole system works great without AJAX, but when I put AJAX in the story I ahve one problem:
1.When the user is successfully authenticated the login.php sends the header, but the AJAX XMLHttpRequest call is still in progress waiting for a PHP response. So when PHP using the header function redirects to another page that page is outputed to the login form...
My PHP login snippet is:
if ($res_hash == $u_pass) {
$logged_user = $sql_execution->last_query_result->user;
$sql_execution->exec_query("DELETE FROM seeds",false);
$sql_execution->db_disconnect();
session_start();
$_SESSION['user'] = $logged_user;
$host = $_SERVER['HTTP_HOST'];
$url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/mpls/index.php';
header("Location: http://$host$url";); //--That page ($host$url) is outputed in the login form...
exit();
}
else {
$sql_execution->exec_query("DELETE FROM seeds WHERE id=$row->id",false);
$sql_execution->db_disconnect();
echo 'BLS'; //--This is sent when the password/username is wrong
exit();
}
???
Any help greatly appreciated
Thank you!
- References:
- Secure redirection?
- From: "Zoran Bogdanov"
- Secure redirection?
- Prev by Date: Re: [PHP] Re: strtotime
- Next by Date: It's Sunday, and I'm bored...
- Previous by thread: RE: [PHP] Secure redirection?
- Next by thread: Re: Weird problem with HTML form and $_POST
- Index(es):
Relevant Pages
|
