1

I have a form with database connection, form validation and mail sending.

Everything works perfectly. Only the redirection to my 'endcard.php' via headers, doesn't work no matter what i try!

Here's a snipped of the form.php. The input gets send to validation.php.
(I'm aware of the insecurity of php_self).

<?php include("includes/validation.php"); ?>
    <form name="employee"  id="employee-form" action="<?= $_SERVER['PHP_SELF'];?>"  method="POST">
      <div class="form-row justify-content-center">
        <div class="form-group col-md-5" <?= $output; ?>>
          <label for="nachname">Nachname</label>
          ......
          <input type="text" name="nachname" class="form-control" id="nachname" aria-describedby="nachnameHelp" placeholder="Geben Sie Ihren Nachnamen ein." value="<?php echo htmlspecialchars($_POST['nachname'] ?? '', ENT_QUOTES); ?>">
       <span class="error"><?php echo $nameErr?></span>
        </div>
        <div class="form-group col-md-5">
          <label for="vorname">Vorname</label>

If an error occurs, the form reloads with the error messages.( works perfectly).
Validation.php:

// define variables and set to empty values
$nameErr = $vornameErr = " ";
$nachname = $vorname   = " ";


if ($_SERVER["REQUEST_METHOD"] == "POST") {
  
  if (empty($_POST["nachname"])) {
    $nameErr = "Name is required";
  } 
    else {
      $nachname = test_input($_POST["nachname"]);
      if (!preg_match("/^[a-zA-Z ]*$/", $nachname))  
             {
                $nameErr = "Only Letters and whitespace allowed";  
           }  
         } 

**// If no errors occur, include signup.php. (also works perfectly)**

 if ($nameErr == '' and $vornameErr == '') 
    {
      include('signup.php');
    }

signup.php will initialize the SQL query, sends the mail and should redirected to my 'endcard.php'

   //declare header
    header('Location: https://www.mywebsite/endcard.php');
     
   //declare variables and connect them to html form fields
   ... (works fine)

   //initialize sql queri
   ... (works fine)
  // sends mail
   ..(works fine)

This one doesn't work now. When submitting the form, everything above works, but I stay on the form page but should get redirected to the endcard.php.

    
// Send mail with custom headers
    if(mail($recipient, $subject, $message, $headers)) {
      require(' https://www.mywebsite.com/endcard.php');
      // I tried inlcude, didnt work either..
      // also tried to put the header in here. Also didnt work..
    }

My guess is that the action="<?= $_SERVER['PHP_SELF'];?>" doesn't allow any redirects.

But I don't know how to pass that...

Any ideas?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
sleVen
  • 33
  • 6

2 Answers2

0

After you call header() you should exit() so the HTTP response doesn't contain a body:

// Send mail with custom headers
if(mail($recipient, $subject, $message, $headers)) {
    header('Location: https://www.mywebsite.com/endcard.php');
    exit();
}

php - Should I call exit() after calling Location: header?

Also make sure you're not outputting any HTML before the call to header(), otherwise the header won't get sent: How to fix "Headers already sent" error in PHP

kmoser
  • 8,780
  • 3
  • 24
  • 40
  • I'm still on my form page. The super weird thing is, that its not showing the form itself but only the website description. So its not redirecting to my endcard..?! – sleVen Sep 13 '20 at 11:44
  • It gets even more weird! When opening the form in local host. it redirect to my endcard... – sleVen Sep 13 '20 at 12:11
0

I somehow solved it with new logic! The headers were not the problem!

  • Instead of using action="action="<?= $_SERVER['PHP_SELF'];?> which reloads the form page generally, i simply used
    action="validation.php" which loads the form.php only if the error variables are not empty! If they are empty, it loads the signup.php. I used the headers just like before and it works.
    Maybe the most important fix was the correct use of paths in includes/includes_once.
    Before i just used includes('path in my ftp server');, which works in some cases?!
    But i turns out that you can't include php files relatively to your webroot that way, cause if you use the slash as first character, the reference will go much deeper than just your document root. So, instead of using the basepath, i did this :
     $path = $_SERVER['DOCUMENT_ROOT'];  
     $path .= "/path in my ftp server.php";  
     include_once($path);

Which works perfect and is much better code too!

sleVen
  • 33
  • 6