PHP url Redirect

Question

I've written a PHP script for user login and I validate it using 2 users namely "test" and "admin". When the username and password is matched I redirect the page to UploadFile.php and DownloadFile.php. Though my script validates test and admin users by displaying the echo stmt present in the block, redirect is not working. What mistake have i done or should i follow any other method?

<!DOCTYPE html>

<html lang="en" class="no-js"> <!--<![endif]-->
    <head>
        <meta charset="UTF-8" />
        <title>Login Page</title>
    </head>
    <body>

        <h1>PHP &amp; MySQL File Upload & Download </h1>
        <br><br><br>
        <form autocomplete="on" method="post"> 
            <h1>Log in</h1> 
            <p> 
                <label for="userName" class="uname" data-icon="u" > Your email or username </label>
                <input id="userName" name="userName" required="required" type="text" placeholder="myusername or mymail@mail.com"/>
            </p>
            <p> 
                <label for="userPass" class="youpasswd" data-icon="p"> Your password </label>
                <input id="userPass" name="userPass" required="required" type="password" placeholder="eg. X8df!90EO" /> 
            </p>
            <p class="keeplogin"> 
                <input type="checkbox" name="loginkeeping" id="loginkeeping" value="loginkeeping" /> 
                <label for="loginkeeping">Keep me logged in</label>
            </p>
            <p class="login button"> 
                <input type="submit" value="Login" id="sign" name="sign"/> 
            </p>
            <p class="change_link">
                Not a member yet ?
                <a href="#toregister" class="to_register">Join us</a>
            </p>
        </form>
    </body>
</html>

    <?php
    if (isset($_POST['sign'])) {

        $uname = test_input($_POST["userName"]);
        $upass = test_input($_POST["userPass"]);

        if ((strcmp($uname, "test") == 0) && (strcmp($upass, "test") == 0)) {
            header("Location: UploadFile.php");
            echo "test user";
        } else if ((strcmp($uname, "admin") == 0) && (strcmp($upass, "admin") == 0)) {
            header('Location: DownloadFile.php');
            echo "admin user";
        } else {
            echo "<script>
                alert('Login Failed');
            </script>";
        }
    }

    function test_input($data) {
        $data = trim($data);
        $data = stripslashes($data);
        $data = htmlspecialchars($data);
        return $data;
    }

    ?>

score 1 · Accepted Answer · answered Feb 22 '14 at 16:51

1

Put the PHP code in front of the HTML code.

Calls to header() have to be placed before outputting anything! You are outputting lots of html before.

See any of these results for further information: https://www.google.de/search?q=headers+already+sent

answered Feb 22 '14 at 16:51

Ulrich Thomas Gabor

6,584
4
27
41

@GostGambler, Sorry I couldn't understand. I haven't done any outputting other than checking for condition. Could you please tell me how to correct or give me a sample demo? – Feb 22 '14 at 16:56
@GostGambler. I referred the link which you have given and I've corrected it. Working now. Thankyou all. – Feb 22 '14 at 16:58

score 0 · Answer 2 · edited May 23 '17 at 11:58

0

You can't output headers after starting the body of the response. Try moving your PHP block to before the HTML begins.

On a side note, the fact that PHP isn't telling you this suggests your error reporting isn't verbose enough - you should see a warning similar to the one in this question. Try putting error_reporting(-1); at the top of your code, or changing the setting in php.ini.

edited May 23 '17 at 11:58

Community

1
1

answered Feb 22 '14 at 16:50

George Brighton

5,131
9
27
36

Try adding the `error_reporting` call. There might be other errors. – Ulrich Thomas Gabor Feb 22 '14 at 16:55

score 0 · Answer 3 · answered Feb 22 '14 at 21:21

Generally speaking, I agree with the usage of header() as a proper redirection mechanism (and, with the exception of the javascript you're injecting, you could move the entire PHP code block above the HTML to get the desired effect)

However, if you'd like to display some content for a short period of time (let's say 2 seconds) before performing the redirect, consider using the "meta-refresh" method, described here:

http://www.w3.org/TR/WCAG20-TECHS/H76

For example, in your current code, try changing:

header("Location: UploadFile.php");

to:

echo "<meta http-equiv=\"refresh\" content=\"2;URL='UploadFile.php'\" />";

Although the W3C page says you should place this element inside the "head" element, practical experience shows that the vast majority of browsers will respect your intentions of showing content then redirecting after the specified time interval.

If you decide to use this "meta" element and move your PHP code to the top of the file, I suggest plugging values in accordingly instead of echoing them immediately:

<?php
$meta_element = '';
$login_message = '';

if (isset($_POST['sign'])) {

    $uname = test_input($_POST["userName"]);
    $upass = test_input($_POST["userPass"]);

    if ((strcmp($uname, "test") == 0) && (strcmp($upass, "test") == 0)) {
    $meta_element = "<meta http-equiv=\"refresh\" content=\"2;URL='UploadFile.php'\" />";
        $login_message = "test user";
    } else if ((strcmp($uname, "admin") == 0) && (strcmp($upass, "admin") == 0)) {
    $meta_elementt = "<meta http-equiv=\"refresh\" content=\"2;URL='DownloadFile.php'\" />";
        $login_message = "admin user";
    } else {
        $login_message = "<script>
            alert('Login Failed');
        </script>";
    }
}

function test_input($data) {
    $data = trim($data);
    $data = stripslashes($data);
    $data = htmlspecialchars($data);
    return $data;
}

?>

<!DOCTYPE html>

<html lang="en" class="no-js"> <!--<![endif]-->
<head>
    <meta charset="UTF-8" />
    <title>Login Page</title>
    <?php echo $meta_element; ?>
</head>
<body>

    <h1>PHP &amp; MySQL File Upload & Download </h1>
    <br><br><br>
    <form autocomplete="on" method="post"> 
        <h1>Log in</h1>
    <?php echo $login_message; ?>
        <p> 
            <label for="userName" class="uname" data-icon="u" > Your email or username </label>
            <input id="userName" name="userName" required="required" type="text" placeholder="myusername or mymail@mail.com"/>
        </p>
        <p> 
            <label for="userPass" class="youpasswd" data-icon="p"> Your password </label>
            <input id="userPass" name="userPass" required="required" type="password" placeholder="eg. X8df!90EO" /> 
        </p>
        <p class="keeplogin"> 
            <input type="checkbox" name="loginkeeping" id="loginkeeping" value="loginkeeping" /> 
            <label for="loginkeeping">Keep me logged in</label>
        </p>
        <p class="login button"> 
            <input type="submit" value="Login" id="sign" name="sign"/> 
        </p>
        <p class="change_link">
            Not a member yet ?
            <a href="#toregister" class="to_register">Join us</a>
        </p>
    </form>
</body>
</html>

PHP url Redirect

3 Answers3