RE: [PHP] Secure redirection?
> -Original Message-
> From: Zoran Bogdanov [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 05, 2008 5:42 AM
> To: php-general@lists.php.net
> Subject: [PHP] Secure redirection?
>
> Hi,
>
> I'm building a login system with AJAX/PHP/MySQL.
>
> I have worked everything out... AJAX is sending request to a php login
> script (login.php) who if authentication passes initializes the
session
> and
> sends the header using header("Location : registered_user_area.php");
>
> The whole system works great without AJAX, but when I put AJAX in the
> story
> I ahve one problem:
>
> 1.When the user is successfully authenticated the login.php sends the
> header, but the AJAX XMLHttpRequest call is still in progress waiting
> for a
> PHP response. So when PHP using the header function redirects to
> another
> page that page is outputed to the login form...
>
> My PHP login snippet is:
> if ($res_hash == $u_pass) {
>
> $logged_user = $sql_execution->last_query_result->user;
>
> $sql_execution->exec_query("DELETE FROM seeds",false);
>
> $sql_execution->db_disconnect();
>
> session_start();
>
> $_SESSION['user'] = $logged_user;
>
> $host = $_SERVER['HTTP_HOST'];
>
> $url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') .
> '/mpls/index.php';
>
> header("Location: http://$host$url";);//--That page
> ($host$url) is outputed in the login form...
>
> exit();
>
> }
>
> else {
>
> $sql_execution->exec_query("DELETE FROM seeds WHERE id=$row-
> >id",false);
>
> $sql_execution->db_disconnect();
>
> echo 'BLS';//--This is sent when the password/username
> is
> wrong
>
> exit();
>
> }
XmlHttpRequest calls do not necessarily have to be done asynchronously.
You can make the page wait for the Javascript's POST/GET request to be
completely fulfilled before continuing operation.
Todd Boyd
Web Programmer
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Secure redirection?
I wonder why you redirect the page via php when the browser supports JavaScript
Why not let JS do the redirect after the XMLHttpRequest?
figurative code ..
if (BROWSER DOES NOT SUPPORT JS) header("Location: http://$host$url";);
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Secure redirection?
Hi,
I'm building a login system with AJAX/PHP/MySQL.
I have worked everything out... AJAX is sending request to a php login
script (login.php) who if authentication passes initializes the session and
sends the header using header("Location : registered_user_area.php");
The whole system works great without AJAX, but when I put AJAX in the story
I ahve one problem:
1.When the user is successfully authenticated the login.php sends the
header, but the AJAX XMLHttpRequest call is still in progress waiting for a
PHP response. So when PHP using the header function redirects to another
page that page is outputed to the login form...
My PHP login snippet is:
if ($res_hash == $u_pass) {
$logged_user = $sql_execution->last_query_result->user;
$sql_execution->exec_query("DELETE FROM seeds",false);
$sql_execution->db_disconnect();
session_start();
$_SESSION['user'] = $logged_user;
$host = $_SERVER['HTTP_HOST'];
$url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . '/mpls/index.php';
header("Location: http://$host$url";);//--That page
($host$url) is outputed in the login form...
exit();
}
else {
$sql_execution->exec_query("DELETE FROM seeds WHERE id=$row->id",false);
$sql_execution->db_disconnect();
echo 'BLS';//--This is sent when the password/username is
wrong
exit();
}
???
Any help greatly appreciated
Thank you!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
