> -Original Message-
> From: Zoran Bogdanov [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 05, 2008 5:42 AM
> To: php-general@lists.php.net
> Subject: [PHP] Secure redirection?
>
> Hi,
>
> I'm building a login system with AJAX/PHP/MySQL.
>
> I have worked everything out... AJAX is sending request to a php login
> script (login.php) who if authentication passes initializes the
session
> and
> sends the header using header("Location : registered_user_area.php");
>
> The whole system works great without AJAX, but when I put AJAX in the
> story
> I ahve one problem:
>
> 1.When the user is successfully authenticated the login.php sends the
> header, but the AJAX XMLHttpRequest call is still in progress waiting
> for a
> PHP response. So when PHP using the header function redirects to
> another
> page that page is outputed to the login form...
>
> My PHP login snippet is:
> if ($res_hash == $u_pass) {
>
> $logged_user = $sql_execution->last_query_result->user;
>
> $sql_execution->exec_query("DELETE FROM seeds",false);
>
> $sql_execution->db_disconnect();
>
> session_start();
>
> $_SESSION['user'] = $logged_user;
>
> $host = $_SERVER['HTTP_HOST'];
>
> $url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') .
> '/mpls/index.php';
>
> header("Location: http://$host$url";);//--That page
> ($host$url) is outputed in the login form...
>
> exit();
>
> }
>
> else {
>
> $sql_execution->exec_query("DELETE FROM seeds WHERE id=$row-
> >id",false);
>
> $sql_execution->db_disconnect();
>
> echo 'BLS';//--This is sent when the password/username
> is
> wrong
>
> exit();
>
> }
XmlHttpRequest calls do not necessarily have to be done asynchronously.
You can make the page wait for the Javascript's POST/GET request to be
completely fulfilled before continuing operation.
Todd Boyd
Web Programmer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php