harish harish - 4 years ago 121
PHP Question

header() not working in php when the url contains parameters?

So I'm using

$_GET
to capture the URL to use it later but when I use
$_GET
it wont redirect!



So here's my sample code:
URL :
http://localhost/project/active.php/?s=ieugfshd&h=qwuyrbcq&i=1


php code:

<?php
include 'init.php';
$s = trim($_GET['s']);
$h = trim($_GET['h']);
$i = trim($_GET['i']);
$q = key_check($s,$h,$i);
if($q == 1)
{
header("location:password_active.php");
exit;
}
if($q == 0)
{
header("location:login_failed.php");
exit;
}
?>




EDIT:

key_check( ) function

function key_check($k1,$k2,$id)
{
$query = mysql_query("select key1 from users where user_id = '$id'");
$key1 =mysql_result($query,0);
$query = mysql_query("select key2 from users where user_id = '$id'");
$key2 =mysql_result($query,0);
$y=strcmp($k1,$key1);
$z=strcmp($k2,$key2);
if($y || $z == 0)
{
return 1;
}
else
{
return 0;
}
}


Now when I try this, I got "1" but I'm getting


This web page has a redirect loop


But my
password_active.php
doesn't have any redirects. It's just an html page.

Answer Source

The URL you're using to access to your script is:

http://localhost/project/active.php/?s=ieugfshd&h=qwuyrbcq&i=1

This loads active.php, which does its role and then tries to send the following header :

header("location:password_active.php");

The browser recieves this header, and tries to resolve that relative URL by adding password_active.php after the last slash before the query string (that ?s=xxx string).

So your browser loads:

http://localhost/project/active.php/password_active.php?s=ieugfshd&h=qwuyrbcq&i=1

This loads active.php again, which does its role again and then send again the same header, and that loads this page:

http://localhost/project/active.php/password_active.php?s=ieugfshd&h=qwuyrbcq&i=1

Again. And again. And again. After several tries, your browser understands that something is going wrong and stops.

You should use an absolute URL in your HTTP header:

header("Location: /project/password_active.php");

Also, please note how HTTP headers should be written, according to the standard.


Random notes :

  • According to the file names, $s and $h are both passwords. You should hash them, and not passing them via the URL.
  • if($y || $z == 0) is unlikely to work as you think, since it will be evaluated as if y or not z in pseudo code, while you may have wanted if not y and not z for password checking.

Also, good point for calling exit() after a Location header. You should never forget that, as it is very important and may cause some trouble in your scripts if you forget them.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download