CODEWITHSUNDEEP
php
sarmenhb
sarmenhb

Reputation:

redirect page to root path

i have this class here and what im trying to do is, if the checking of something equals false then the user will be redirected to the root domain path. but its not working. here is the class

class security {
    function checkAuth() {
        if(isset($_COOKIE['AUTHID'])) {
            $cookie = $this->secure($_COOKIE['AUTHID']);
            $query = mysql_query("select username,password,active from tbl_users where password = '$cookie'") or die(mysql_error());
            while($row = mysql_fetch_assoc($query)) {
                //check if cookie is set
                if(!isset($_COOKIE['AUTHID'])) {
                    header("Location: ".realpath($_SERVER['HTTP_HOST']));
                }

                //check if user is active
                if($cookie == $row['password']) { 
                    if($row['active'] == '0') {
                        setcookie("AUTHID","",time() - 100000);
                        header("Location: ".realpath($_SERVER['HTTP_HOST']));
                    }
                    else { //user is active
                    }
                }
                //check if hash in cookie matches hash in db
                if($cookie != $row['password']) { 
                    setcookie("AUTHID","",time() - 100000);
                    header("Location: ".realpath($_SERVER['HTTP_HOST']));
                }
            }
        }
    }
}
?>

Upvotes: 1

Views: 21150

Answers (5)

Thorbjørn Hermansen
Thorbjørn Hermansen

Reputation: 3552

From PHP doc:

'HTTP_HOST': Contents of the Host: header from the current request, if there is one.

It seems to me that this is a value sent from the client's browser and since a client can change request headers, I think it's better to use SERVER_NAME:

'SERVER_NAME' The name of the server host under which the current script is executing. If the script is running on a virtual host, this will be the value defined for that virtual host.

I therefor think the correct way to do it is:

header("Location: http://{$_SERVER['SERVER_NAME']}/");
die();

A comment to the "Location: /"

As stated in Header Field Definitions redirects via Location header should be given with an absolute URI including http://www.servername.com/redirect/to/this/resource.html, not simply /redirect/to/this/resource.html. (But it works redirecting to / too, but it isn't 100% correct).

EDIT: Since June 2014 both absolute and relative URLs can be used. See RFC 7231 which had replaced the old RFC 2616, where only absolute URLs were allowed.

Upvotes: 3

Patrick Nolen
Patrick Nolen

Reputation: 1

I use this in all my development programs, in each directory that contain Non Public scripts...

<?php $url = 'http://' . $_SERVER['HTTP_HOST']; header('Location: ' . $url, true, 301);?>

Upvotes: 0

Antony Carthy
Antony Carthy

Reputation: 5597

  1. I don't think its a good idea to redirect / directly output in a class for many reasons, the most important being that it defies the whole point of OO. Rather return false and have the calling script do the redirect.
  2. You need to send the headers as the FIRST thing you do, header based redirection won't work if PHP has begun outputting text as the headers will have been sent already.

Try 

$_SERVER['SCRIPT_URI'];

or 

"http://" . $_SERVER['HTTP_HOST'];

And, yes, exit(); after sending that header.

Don't forget to send an appropriate 30x header response code too, for the redirection

Upvotes: 9

Milan Babuškov
Milan Babuškov

Reputation: 61148

Why not simply:

header('Location: /');

Upvotes: 6

Gumbo
Gumbo

Reputation: 655319

The realpath function is working on the file system and returns the canonicalized absolute file system path.

But what you need is an URI. So try this:

header("Location: http://".$_SERVER['HTTP_HOST']."/");
exit;

Upvotes: 0

Related Questions