PHP redirect is not wkring as intended

David
June 8, 2024
34 views
0 votes
2 Answers

I have a website where a user can log in from two different locations. I’m running into an issue when I attempt to manage the error handeling for empty input logins and invalid logins. Essentially what is happening is when either one of the error condtions are met my php script is running a redirect incorrectly. It is redirecting to https://www.website.com/www.website.com?error=emptyinput instead of https://www.website.com?error=emptyinput Any assistance in resolving this issue would be great.

Login Function

function loginUser ($username, $password, $conn){
    //require_once 'PasswordHash.php';
    $uidExists = uidExists($conn, $username, $username);
    if ($uidExists === false) {
        $result = false;
            $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=wrongLogin";
    } else {
        $errorUrl = $referer . "?error=wrongLogin";
    }
        header("location: ../".$errorUrl);
        exit();
    }
    $pwdHashed = $uidExists ['password'];
    $password= $_POST['pwd'];
    $checkPwd = password_verify($password, $pwdHashed);
    if ($checkPwd === false) {
                $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=wrongLogin";
    } else {
        $errorUrl = $referer . "?error=wrongLogin";
    }
        header("location: ../".$errorUrl);
        exit();
    }else if ($checkPwd === true) {
        $result = true;
            session_start();
            $_SESSION["userid"] = $uidExists ["id"];
            $_SESSION["useruid"] = $uidExists ["username"];
            $_SESSION["role"] = $uidExists["role"];
            $userID = $uidExists ["id"];
            if ($uidExists['resetFlag']!=0) {
                header("location: ../profile.php?resetFlag=1");
            }else{
            header("location: ../dashboard.php");
        }
            
    }
    return $result;  
}

Login.inc.php

<?php 
session_start();
if (isset($_POST["submit"])) {
$username = $_POST['uid'];
    $password = $_POST['pwd'];
    
    require_once 'functions.inc.php';
    require_once 'dbh.inc.php';

    if (isset($_POST['data'])){
        if (emptyInputLogin($username, $password) !== false) {
    $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=emptyinput";
    } else {
        $errorUrl = $referer . "?error=emptyinput";
    }
        header("location: ../".$errorUrl);
        exit();
    }
        $data = $_SESSION['idata'];
        $locoData = $_SESSION['locoData'];
        uploadLogin($conn, $username, $password, $data, $locoData);
    }else{
    
    

    if (emptyInputLogin($username, $password) !== false) {
        $referer = basename($_SERVER['HTTP_REFERER']);
        if (strpos($referer, '?') !== false) {
        $errorUrl = $referer . "&error=emptyinput";
    } else {
        $errorUrl = $referer . "?error=emptyinput";
    }
        header("location: ../".$errorUrl);
        exit();
    }

    loginUser($username, $password, $conn);
}
}else{
    header("location: ../login.php");
}

Tags: php

Answers

- samgakhyeong
- June 8, 2024 at 8:00 am
- 0 votes
0
```
$referer = basename($_SERVER['HTTP_REFERER']);
```
Try changing to
```
$referer = $_SERVER['HTTP_REFERER'];
```
I wonder why you are changing HTTP_REFERER through basename function.

Why not just use HTTP_REFERER ?

basename function is used to return the file name from a file path.

For example, basename("/etc/passwd") returns passwd
Login or Signup to reply.

- MuhammedRYHAN
- June 8, 2024 at 3:37 pm
- 0 votes
0
try it this way
```
<?php 
   header("Location:" . $_SERVER['HTTP_REFERER'] . "?err=someError");
  //http://localhost/test/ref.php?err=someError
?>
```
tahnk me later 🙂
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.