$HTTP_REFERER crashes my system like clockwork

Re: $HTTP_REFERER crashes my system like clockwork

walterbyrd wrote:
This may or may not help, but is there really no space between "Location:"
and "$HTTP_REFERER" ? Because there should be.

Also, you might try using $_SERVER['HTTP_REFERER'] instead, assuming you're
running PHP >= 4.1.0.

HTH,
--
Benjamin D. Esham
bdesham@gmail.c om | AIM: bdesham128 | Jabber: same as e-mail
"I think I'd most like to spend a day with Harry. I'd take him
out for a meal and apologise for everything I've put him through."
— J. K. Rowling

Re: $HTTP_REFERER crashes my system like clockwork

Benjamin Esham wrote:I found that I can set PHP to 4.4.2-pl1 with Xampp. That didn't help. I
tried putting in a space, that didn't help either.
I am not sure exactly how to do this. I had:

header("Locatio n: $HTTP_REFER");

Do I keep the quotes? Do I keep the "Location:" ? It doesn't seem to
work either way.

I tried it like this:

header($_SERVER['HTTP_REFERER']);

And got these errors:

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs \WMS\authentica te.php:2) in
C:\xampp\htdocs \WMS\authentica te.php on line 5

I also don't understand why this works perfectly on my web-site. Also,
I don't understand why I'm not getting my $username and $password
strings.

This is from by index.html file:
<form action="authent icate.php" method="post">
Username:<br>
<input type="text" name="username" >
<br><br>
Password:<br>
<input type="password" name="password" >
<br><br>
<input type="submit" name="Log In">
</form>


This is the authenticate.ph p file:
<?php
#if either form field is empty return to the log-in page
if ( (!$username) or (!$password) )
{
header($_SERVER['HTTP_REFERER']);
exit();
}


The $username and $password strings seem to be empty. I tested them.

Re: $HTTP_REFERER crashes my system like clockwork

[quoted sections rearranged slightly]

walterbyrd wrote:
OK, try this function:

function authenticate()
{
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header('Locatio n: ' . $_SERVER['HTTP_REFERER']);
exit();
}
}
The $username and $password were empty because you have register_global s
off; this means that you can only access your form variables through $_POST.
*This is the way it should be!* Turning register_global s on is potentially
a great security risk. Newer versions of PHP ship with register_global s
turned off by default, which is probably why you're experiencing
inconsistencies between the behavior of the two versions.
This error is caused by sending output before headers. "Output" is usually
your outputted HTML code, but *any text at all*, including whitespace, that
comes before the opening <?php of your script will mess up your attempt to
send a header. Make sure that the <?php is the very first thing in your
file, and that you have no print or echo statements that are run before your
header() call.

By the way, I'm not sure whether using HTTP_REFERER is the best way to
return to the previous page. You're probably better off just doing a

header('Locatio n: login_form.php' );

as the HTTP_REFERER value is sometimes unreliable. Another alternative is
to display an error message instead of just sending the user back to the
input form. This is a bit more user-friendly; if a user clicks on "Submit"
and is sent back to the login page again, he or she might just try to submit
the form again and again until it works. With an error message, he or she
knows what the problem was.

Hope this helps! Feel free to post again if your script continues to give
you trouble.

--
Benjamin D. Esham
bdesham@gmail.c om | AIM: bdesham128 | Jabber: same as e-mail
....and that's why I'm not wearing any pants.

Re: $HTTP_REFERER crashes my system like clockwork

*** walterbyrd escribió/wrote (20 Jul 2006 11:49:52 -0700):Do you check that $HTTP_REFERER actually has a value? Even if you have
register_global s set to on, you must be aware that browsers can send
HTTP_REFERER... or not.

If the variable is empty, it's not a good idea to send an empty location
header.

--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor con rayos UVA: http://www.demogracia.com
--

Re: $HTTP_REFERER crashes my system like clockwork

Alvaro G. Vicario wrote:In that case I believe the browser would make a new request to the
current script, which of course, sends the redirect again. The
recursion would continue until the browser decides enough is enough and
kills the operation. That seems to match the symptoms described.

Re: $HTTP_REFERER crashes my system like clockwork

Benjamin Esham wrote:Okay, I think I may be making some progress. My authenticate.ph p now
starts like this:

<?php
#if either form field is empty return to the log-in page
if (!isset($_POST['username']) || !isset($_POST['password']))
{
header("Locatio n: index.html");
exit();
}

And that seems to work.
Okay, from now on I will have register_global s on. Er, how do I do
that?
I am certain that is not the case. I have absolutely nothing before the
<?php or after the ?>, not even white space.
Did that. It works. Thanks.
My script is still giving me trouble, only now in a different part.

This line:

setcookie("admi n", $username, time()+18000);

Is giving me this error:

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs \WMS\authentica te.php:29) in
C:\xampp\htdocs \WMS\authentica te.php on line 30

I am certain that $username is set correctly. I checked.

And this line (directly after the setcookie line)

header("Locatio n: table_list1.php ");

is giving me this error:

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs \WMS\authentica te.php:29) in
C:\xampp\htdocs \WMS\authentica te.php on line 32

I am certain that the file table_list1.php is correct, it's there. And
it works fine when run on my remote web-site.

Re: $HTTP_REFERER crashes my system like clockwork

walterbyrd wrote:
Good to hear.
Perhaps you misunderstood: most people consider register_global s a potential
security risk and advise to leave it off, as it seems to be already for you.
Either way, reading this page will do a better job of explaining.


OK, but does this file contain any right-to-left (e.g. Hebrew or Arabic)
text? Another recent thread in this group involved some phantom bytes at
the beginning of a file due to the different text direction, and the same
problem occurred there. (The reason that I'm being really persistent about
the beginning of the file is because I can't really think of any other
possible cause to this problem.)
OK, cool.
This is the same problem you were having before: somehow, text is being
outputted before the headers or cookie information can be sent. Go back
through your code; take a look at *everything* that happens between the time
your script is called and your cookie commands. Make sure that nothing
generates any output (remember, error messages count as output). Hopefully
the error rests with something in there.

HTH,
--
Benjamin D. Esham
bdesham@gmail.c om | AIM: bdesham128 | Jabber: same as e-mail
"Men never do evil so completely and cheerfully as when they
do it from religious conviction." — Blaise Pascal

Re: $HTTP_REFERER crashes my system like clockwork


Benjamin Esham wrote:
First, thank you again for all of your help.

I am very sure nothing is being output before, or after the <?php . .
?>. I am using 100% English, no right to left languages. The very first
and last lines of this file are below:

<?php
#if either form field is empty return to the log-in page
.. . . .
?>

Here is the section that is giving me all the trouble, complete with
error checking echo statements:

{
echo("1" . "\n\n");
setcookie("admi n", $username, time()+18000);
echo("2" . "\n\n");
header("Locatio n: table_list1.php ");
echo("3" . "\n\n");
exit;
}

Here is the complete output:

1
Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs \WMS\authentica te.php:22) in
C:\xampp\htdocs \WMS\authentica te.php on line 23
2
Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs \WMS\authentica te.php:22) in
C:\xampp\htdocs \WMS\authentica te.php on line 25
3

Re: $HTTP_REFERER crashes my system like clockwork

Another thing I forgot to mention. If I comment out the problem lines,
I do not get the error message about headers, i.e.:

{
echo("1" . "\n\n");
# setcookie("admi n", $username, time()+18000);
echo("2" . "\n\n");
# header("Locatio n: table_list1.php ");
echo("3" . "\n\n");
exit;

}


Gives me this output:

1 2 3

Also, oddly enough, when this line is executed, it works fine. No error
messages:

header("Locatio n: index.html");

And, again, this all works fine on my remote web-host, which runs about
the same version of php. My web-host runs Linux, and I am using
windows.

Re: $HTTP_REFERER crashes my system like clockwork


walterbyrd wrote:

Sorry to keep posting like this. It was the echo statements. This does
not really make sense to me. The echo are legal, and are placed between
the <?php . . ?>. Anyway, this works:

Re: $HTTP_REFERER crashes my system like clockwork

Message-ID: <1153492210.979 956.67230@b28g2 000cwb.googlegr oups.comfrom
walterbyrd contained the following:
You have to remember that with php you are engaging in a dialogue
between the client machine (your machine) and the server.

Think what echo does. It starts output. You can't have output without
headers, so the headers get sent. Cookie information is sent with the
headers so if the headers are already sent you have missed the boat.

Don't worry, it took me some time to get it straight in my mind too.
Drawing a diagram of the data flows helps.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Re: $HTTP_REFERER crashes my system like clockwork


Geoff Berrow wrote:
But what if I need to output something? Do I have to drop back to html?
What does it mean for headers to be sent?
But my cookies seems to work.

Re: $HTTP_REFERER crashes my system like clockwork

BTW: just so you understand. The file I am working on is entirely php,
no html.

The very first line in by file is:

<?php

The very last line is:

?>

This is not a matter of me using echo outside the <?php .. ?>. I can
not use echo *anywhere."

I have tried using ob_start() and ob_flush(), that didn't work.

Re: $HTTP_REFERER crashes my system like clockwork

walterbyrd wrote:Dropping back to HTML won't help, either. *ANY* output will send the
headers. It's not a PHP restriction - that's how HTTP works.

But why would you want to send data - then immediately redirect the
client to another page anyway? They'd never see the data you output.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===