-2

What exactly is wrong with my script. I tested it but every successful registration doesn't seem to redirect me to register_success.php. It's placed under the same folder as this register.php header('Location: ./register_success.php'); is it my location issue? I tried header('Location: register_success.php'); didn't work either. 

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Untitled Document</title>
</head>

<body>
<?php
include_once 'db_connect.php';
include_once 'psl-config.php';

$error_msg = "";

if (isset($_POST['username'], $_POST['email'], $_POST['p'])) {
    // Sanitize and validate the data passed in
    $username = filter_input(INPUT_POST, 'username', FILTER_SANITIZE_STRING);
    $email = filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL);
    $email = filter_var($email, FILTER_VALIDATE_EMAIL);
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        // Not a valid email
        $error_msg .= '<p class="error">The email address you entered is not valid</p>';
    }

    $password = filter_input(INPUT_POST, 'p', FILTER_SANITIZE_STRING);
    if (strlen($password) != 128) {
        // The hashed pwd should be 128 characters long.
        // If it's not, something really odd has happened
        $error_msg .= '<p class="error">Invalid password configuration.</p>';
    }

    // Username validity and password validity have been checked client side.
    // This should should be adequate as nobody gains any advantage from
    // breaking these rules.
    //

    $prep_stmt = "SELECT id FROM members WHERE email = ? LIMIT 1";
    $stmt = $mysqli->prepare($prep_stmt);

   // check existing email  
    if ($stmt) {
        $stmt->bind_param('s', $email);
        $stmt->execute();
        $stmt->store_result();

        if ($stmt->num_rows == 1) {
            // A user with this email address already exists
            $error_msg .= '<p class="error">A user with this email address already exists.</p>';
                        $stmt->close();
        }
                $stmt->close();
    } else {
        $error_msg .= '<p class="error">Database error Line 39</p>';
                $stmt->close();
    }

    // check existing username
    $prep_stmt = "SELECT id FROM members WHERE username = ? LIMIT 1";
    $stmt = $mysqli->prepare($prep_stmt);

    if ($stmt) {
        $stmt->bind_param('s', $username);
        $stmt->execute();
        $stmt->store_result();

                if ($stmt->num_rows == 1) {
                        // A user with this username already exists
                        $error_msg .= '<p class="error">A user with this username already exists</p>';
                        $stmt->close();
                }
                $stmt->close();
        } else {
                $error_msg .= '<p class="error">Database error line 55</p>';
                $stmt->close();
        }

    // TODO: 
    // We'll also have to account for the situation where the user doesn't have
    // rights to do registration, by checking what type of user is attempting to
    // perform the operation.

    if (empty($error_msg)) {
        // Create a random salt
        //$random_salt = hash('sha512', uniqid(openssl_random_pseudo_bytes(16), TRUE)); // Did not work
        $random_salt = hash('sha512', uniqid(mt_rand(1, mt_getrandmax()), true));

        // Create salted password 
        $password = hash('sha512', $password . $random_salt);

        // Insert the new user into the database 
        if ($insert_stmt = $mysqli->prepare("INSERT INTO members (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
            $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
            // Execute the prepared query.
            if (! $insert_stmt->execute()) {
                header('Location: ../error.php?err=Registration failure: INSERT');
            }
        }
        header('Location: ./register_success.php');
    }
}
?>
</body>
</html>
Alex
  • 99
  • 7
  • 2
    Ummm.. I haven't read your code but, are there any error? A tip for debugging, try to use divide and conquer method. Comment most of your code and try to `echo 'something'` after the code that is uncommented. If it outputs `something`, nothing's wrong. If it haven't output `something` the error is up above. – Wesley Brian Lachenal Aug 07 '14 at 05:45
  • Are you sure your code reaching the line where you perform redirection? – Farid Movsumov Aug 07 '14 at 05:47
  • you already output html to the client, the redirect is happening too late. – serakfalcon Aug 07 '14 at 05:48
  • try redirecting in else for this statement `if (! $insert_stmt->execute()) { header('Location: ../error.php?err=Registration failure: INSERT'); }` – Konsole Aug 07 '14 at 05:48
  • @BrianCoolidge no error displaying on the page shows blank, added `error_reporting` to the code – Alex Aug 07 '14 at 07:30

4 Answers4

3

You can't send HTTP headers after you've started sending an HTTP body.

The very first line of your code is content (the doctype) so you trigger the HTTP body on the first line.

You should see an error about being unable to set headers.

Warning: Cannot modify header information - headers already sent

If you are going to redirect, then don't send a document first.

As an aside, despite browsers being good at recovering from the error, the HTTP spec requires the Location header to have an absolute URI, not a relative one.

Community
  • 1
  • 1
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
0

If your booth the file in same folder then you can use this code 

<?php
header('Location:register_success.php');
?>

I have tested it it works fine for me

Jha
  • 23
  • 10
0

Found the error located in psl-config.php </body> </html> shouldn't belong there.

<?php
/**
 * These are the database login details
 */  
define("HOST", "localhost");     // The host you want to connect to.
define("USER", "xxxxx");    // The database username. 
define("PASSWORD", "xxxxx");    // The database password. 
define("DATABASE", "xxxx");    // The database name.
define("CAN_REGISTER", "any");
define("DEFAULT_ROLE", "member"); 
define("SECURE", FALSE);    // FOR DEVELOPMENT ONLY!!!!
?>
</body>
</html>
Alex
  • 99
  • 7
-1

try this to redirect when success (with ../)

header('Location: ../register_success.php');
exit;

also use exit; after header("location: ");

Satish Sharma
  • 9,547
  • 6
  • 29
  • 51