Redirect not working with header("Location:

Question

I've searched but can't seem to figure this one out. I have a config.php which searches for an active session and if found passes the user through, if not it fowards to the login.php page. The config.php also grabs the orginal URL and posts to login.php so we can redirect them to the page they were going to originally.

From there it should be pretty simple, authenticate and then use the redirect variable to forward browser to original page. But it's not working like that. It forwards me back to the login.php and says "Object Moved". Its redirects if I put header("location: /index.php"); but not if I use the variable in the login.php like below.

Any help would be appreciated!

PHP (config.php):

<?php
session_start();
// put somewhere in a config file
define('SESSION_EXPIRE',3600); // in seconds

// check passage of time, force log-out session expire time
if(isset($_SESSION['last_activity']) && (time() - strtotime($_SESSION['last_activity']) >     SESSION_EXPIRE)) {
// destroy session
session_unset();
session_destroy();
}

// if user is logged in and unexpired, update activity
if(isset($_SESSION['user'])) {
// user is logged in
$_SESSION['last_activity'] = date('Y-m-d H:i:s');
}

// if user doesn't have session forward them to login page and post requested URL
if (!(isset($_SESSION['user']) && $_SESSION['user'] != '')) {
header ("Location: ../login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
}
?>

PHP (login.php):

<?php
include("authenticate.php");

// check to see if user is logging out
if(isset($_GET['out'])) {
// destroy session
session_unset();
$_SESSION = array();
unset($_SESSION['user'],$_SESSION['access']);
session_destroy();
}
// get orginal URL from config.php
$url = $_GET['location'];

// check to see if login form has been submitted
if(isset($_POST['userLogin'])){
// run information through authenticator
if(authenticate($_POST['userLogin'],$_POST['userPassword']))
{
    // authentication passed
    header("location:".$url);
    die();
} else {
    // authentication failed
    $error = 1;
}
}


// output logout success
if (isset($_GET['out'])) echo "Logout successful";
?>

HTML:

<div class="panel-body">
    <form action="login.php" method="post">
         <fieldset>
             <div class="form-group">
                <input class="form-control" placeholder="Username" name="userLogin" type="Username" autofocus>
             </div>
             <div class="form-group">
                <input class="form-control" placeholder="Password" name="userPassword" type="password" value="">
             </div>
      <!-- Change this to a button or input when using this as a form -->
                <input class="btn btn-lg btn-success btn-block" type="submit" name="submit" value="Login" />

      </fieldset>
    </form>
 </div>

Answer 1

I am not sure if I understand your exact problem but if you are trying to redirect to $location and it is not going to the proper page or throwing an error then you may need to urldecode it before passing the variable.

in your config you encode the URI:

// if user doesn't have session forward them to login page and post requested URL
if (!(isset($_SESSION['user']) && $_SESSION['user'] != '')) {
    header ("Location: ../login.php?location=" . urlencode($_SERVER['REQUEST_URI']));
}

So in your Login decode it:

$url = urldecode($_GET['location']);

As mGamerz said make sure that your header has a capitol L and a space after the colon

header("Location: ".$url);

Answer 2

您需要从此处删除login.php： action="login.php"您正在丢失$ url变量，因为在页面发回自身之后，该变量未包含在GET中。