skip to Main Content

I have a website where a user can log in from two different locations. I’m running into an issue when I attempt to manage the error handeling for empty input logins and invalid logins. Essentially what is happening is when either one of the error condtions are met my php script is running a redirect incorrectly. It is redirecting to https://www.website.com/www.website.com?error=emptyinput instead of https://www.website.com?error=emptyinput Any assistance in resolving this issue would be great.

Login Function

function loginUser ($username, $password, $conn){
    //require_once 'PasswordHash.php';
    $uidExists = uidExists($conn, $username, $username);
    if ($uidExists === false) {
        $result = false;
            $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=wrongLogin";
    } else {
        $errorUrl = $referer . "?error=wrongLogin";
    }
        header("location: ../".$errorUrl);
        exit();
    }
    $pwdHashed = $uidExists ['password'];
    $password= $_POST['pwd'];
    $checkPwd = password_verify($password, $pwdHashed);
    if ($checkPwd === false) {
                $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=wrongLogin";
    } else {
        $errorUrl = $referer . "?error=wrongLogin";
    }
        header("location: ../".$errorUrl);
        exit();
    }else if ($checkPwd === true) {
        $result = true;
            session_start();
            $_SESSION["userid"] = $uidExists ["id"];
            $_SESSION["useruid"] = $uidExists ["username"];
            $_SESSION["role"] = $uidExists["role"];
            $userID = $uidExists ["id"];
            if ($uidExists['resetFlag']!=0) {
                header("location: ../profile.php?resetFlag=1");
            }else{
            header("location: ../dashboard.php");
        }
            
    }
    return $result;  
}

Login.inc.php

<?php 
session_start();
if (isset($_POST["submit"])) {
$username = $_POST['uid'];
    $password = $_POST['pwd'];
    
    require_once 'functions.inc.php';
    require_once 'dbh.inc.php';

    if (isset($_POST['data'])){
        if (emptyInputLogin($username, $password) !== false) {
    $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=emptyinput";
    } else {
        $errorUrl = $referer . "?error=emptyinput";
    }
        header("location: ../".$errorUrl);
        exit();
    }
        $data = $_SESSION['idata'];
        $locoData = $_SESSION['locoData'];
        uploadLogin($conn, $username, $password, $data, $locoData);
    }else{
    
    

    if (emptyInputLogin($username, $password) !== false) {
        $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=emptyinput";
    } else {
        $errorUrl = $referer . "?error=emptyinput";
    }
        header("location: ../".$errorUrl);
        exit();
    }

    loginUser($username, $password, $conn);
}
}else{
    header("location: ../login.php");
}

2

Answers


  1. $referer = basename($_SERVER['HTTP_REFERER']);
    

    Try changing to

    $referer = $_SERVER['HTTP_REFERER'];
    

    I wonder why you are changing HTTP_REFERER through basename function.

    Why not just use HTTP_REFERER ?

    basename function is used to return the file name from a file path.

    For example, basename("/etc/passwd") returns passwd

    Login or Signup to reply.
  2. try it this way

    <?php 
       header("Location:" . $_SERVER['HTTP_REFERER'] . "?err=someError");
      //http://localhost/test/ref.php?err=someError
    ?>
    

    tahnk me later 🙂

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search