Re: [PHP] Re: JavaScript vs. Header redirect

2002-05-22 Thread Sqlcoders.com Programming Dept 

Hi there!,
I've looked over this thread and from what I gather you want to know if you
can/should use JavaScript for redirecting, my usual way of going about
things is to put a JavaScript location.href='page.aspx'
call in the head of the document (putting JS in the head causes it to
execute before the page is rendered, or should at any rate), and then I use
a meta refresh tag as my backup, set for 3 seconds.

That usually covers everything,
it stops spiders (google has a strong dislike of meta refresh), it redirects
JS users transparently, it's almost instantaneous for the
paranoid-shouldn't-be-let-out-of-the-ward non JS people, and it's easy to
code.

Plus it works in any server side scripting language, as it's all client-side
code.

Just my $0.02,
Dw.


Sqlcoders.com Dynamic data driven web solutions
- Original Message -
From: "Hunter Vaughn" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: May 22 2002 11:19 AM
Subject: [PHP] Re: JavaScript vs. Header redirect


> Okay, looks like I was stupid/lazy for including the pseudo code instead
of
> something closer to what I was using.  Also, perhaps I'm being dense, but
I
> don't understand what Michael's response has to do with this situation.
Can
> he or someone else enlighten me?  Here's a more accurate/detailed
> description of what's going on, complete with the exact code (minus
> sensitive info) that I'm using:
>
> The chunk of code in question is a login handler. It's supposed to collect
> two form fields named username and password from the Post method
variables.
> Then it's supposed to check the password against an encrypted version
stored
> in a database (I didn't include the database variables/code in the example
> below). If it matches, it's supposed to redirect them to a page where they
> can perform administrative functions. In the course of debugging it, I
found
> that the header("Location: ...") command worked perfectly until I called
on
> the $_POST or $HTTP_POST_VARS arrays (which seem to be synonymous). If I
> removed the calls to the arrays, it worked fine.  I looked through the
> comments on the header function on www.php.net and through some of the
> previous questions posted in the news group, and it seems like others have
> experienced this problem as well. However, the most common situation noted
> was that it broke as soon as they called a function. I guess I'm calling a
> function implicitly when I ask for the $_POST variables. The most obvious
> way I can see around this is simply to cause the client to redirect using
> JavaScript. Of course, the downside to this is that the user may have
> disabled scripting, but I'm working in a pretty closed environment, so I
> think I can avoid that contingency. I'm using 4.1.2 as a cgi in a UNIX
> environment w/ MySQL 3.22.x.
> --Hunter Vaughn
>
>
> $Host = "___";
>$User = "___";
>$Pass = "___";
>$dbName = "___";
>$username = $_POST[username];
>$password = $_POST[password];
>
>$Link = mysql_connect($Host, $User, $Pass) or die ("Could not connect
to
> the database.");
>mysql_select_db($dbName);
>
>if((ereg(".+@.+\..+", $username)) && (eregi("^[[:alnum:]]{8,16}$",
> $password))) {
>
>   $Query = "SELECT email, memberID, pass FROM Login where
> email='$username'";
>   $Result = mysql_query($Query);
>   $Row = @mysql_fetch_array($Result);
>   if((crypt($password, $Row[pass])) == $Row[pass]) {
>   session_start();
>   $email = $Row[0];
>   $memberID = $Row[1];
>   session_register('email');
>   session_register('memberID');
>   //header("Location: http://some.domain.com/PHP/update.php";);
> This doesn't work...
>   print("window.location =
> \"<A  HREF="http://some.domain.com/PHP/update.php\"">http://some.domain.com/PHP/update.php\"</A>;;");
>   exit;
>   }
>   else {
>   $message = urlencode("The username and password submitted do not
> match those on file. Please try again.");
>   }
>}
>else {
>   $message = urlencode("Please enter your username and password to log
> in.");
>}
>print("window.location =
> \"<A  HREF="http://some.domain.com/HTML/letsboogie22.html\"">http://some.domain.com/HTML/letsboogie22.html\"</A>;;");
>exit;
> ?>
>
> "Hunter Vaughn" <[EMAIL PROTECTED]> wrote in message
> [EMA

[PHP] Re: JavaScript vs. Header redirect

2002-05-22 Thread Hunter Vaughn 

Okay, looks like I was stupid/lazy for including the pseudo code instead of
something closer to what I was using.  Also, perhaps I'm being dense, but I
don't understand what Michael's response has to do with this situation.  Can
he or someone else enlighten me?  Here's a more accurate/detailed
description of what's going on, complete with the exact code (minus
sensitive info) that I'm using:

The chunk of code in question is a login handler. It's supposed to collect
two form fields named username and password from the Post method variables.
Then it's supposed to check the password against an encrypted version stored
in a database (I didn't include the database variables/code in the example
below). If it matches, it's supposed to redirect them to a page where they
can perform administrative functions. In the course of debugging it, I found
that the header("Location: ...") command worked perfectly until I called on
the $_POST or $HTTP_POST_VARS arrays (which seem to be synonymous). If I
removed the calls to the arrays, it worked fine.  I looked through the
comments on the header function on www.php.net and through some of the
previous questions posted in the news group, and it seems like others have
experienced this problem as well. However, the most common situation noted
was that it broke as soon as they called a function. I guess I'm calling a
function implicitly when I ask for the $_POST variables. The most obvious
way I can see around this is simply to cause the client to redirect using
JavaScript. Of course, the downside to this is that the user may have
disabled scripting, but I'm working in a pretty closed environment, so I
think I can avoid that contingency. I'm using 4.1.2 as a cgi in a UNIX
environment w/ MySQL 3.22.x.
--Hunter Vaughn


http://some.domain.com/PHP/update.php";);
This doesn't work...
  print("window.location =
\"http://some.domain.com/PHP/update.php\";;");
  exit;
  }
  else {
  $message = urlencode("The username and password submitted do not
match those on file. Please try again.");
  }
   }
   else {
  $message = urlencode("Please enter your username and password to log
in.");
   }
   print("window.location =
\"http://some.domain.com/HTML/letsboogie22.html\";;");
   exit;
?>

"Hunter Vaughn" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there any reason I can't just use a JavaScript redirect from a PHP
login
> handling script since I can't seem to get the header("Location: URL");
> function to work?  Any security concerns or anything else?  As far as I
can
> tell, all calls to header fail as soon as I attain variables based on a
POST
> submission.  See example below.
>
>  $username = $_POST[username];
> $password = $_POST[password];
>
> if(some username/password format verification) {
> query the database
> if($password matches pass in database) {
> session_start();
> $email = $Row[0];
> $memberID = $Row[1];
> session_register('email');
> session_register('memberID');
> //header("Location: URL");This doesn't work.
> print("window.location =
>
\"http://depts.washington.edu/bionano/HTML/letsboogie22.html\";;");
> exit;
> }
> else {
> print("That didn't work...");
> }
> }
> else {
> print("Please enter your username & password.");
> }
> ?>
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: JavaScript vs. Header redirect

2002-05-22 Thread Michael Virnstein 

note:
you should use $array["test"] if test is a string
and $array[test] if test is a constant.
do not use $array[test] if you mean the string "test".
$array[test] will also work, if "test" is a string.
Php then tries to look for a constant with name "test",
won't find one and evaluate "test" as string.
But as soon as you define a constant with the name "test",
it won't work as expected:

$array = array();
$array["test"] = "hello";

define("test", "thetest");

$array[test] = "bye";

print_r($array);

will output:

Array
(
[test] => hello
[thetest] => bye
)

This could also happen if the php dev team decides to set a constant
with the name "test". Therefore always use "" for string-keys in arrays.


Regards Michael


"Hunter Vaughn" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Is there any reason I can't just use a JavaScript redirect from a PHP
login
> handling script since I can't seem to get the header("Location: URL");
> function to work?  Any security concerns or anything else?  As far as I
can
> tell, all calls to header fail as soon as I attain variables based on a
POST
> submission.  See example below.
>
>  $username = $_POST[username];
> $password = $_POST[password];
>
> if(some username/password format verification) {
> query the database
> if($password matches pass in database) {
> session_start();
> $email = $Row[0];
> $memberID = $Row[1];
> session_register('email');
> session_register('memberID');
> //header("Location: URL");This doesn't work.
> print("window.location =
>
\"http://depts.washington.edu/bionano/HTML/letsboogie22.html\";;");
> exit;
> }
> else {
> print("That didn't work...");
> }
> }
> else {
> print("Please enter your username & password.");
> }
> ?>
>
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php