header redirect isn't redirecting anywhere (sometimes)...

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Avaenuha
    New Member
    • Apr 2007
    • 19
    #1

    header redirect isn't redirecting anywhere (sometimes)...

    Okay. I'm coding a login function for an online security subject at uni. It's written in PHP5, on a Solaris server; I don't have permissions to alter or even access the php.ini file, I believe.

    What is supposed to happen is:
    User fills in their username and password, hits 'submit'
    javascript takes a timestamp, usernamd and password, calculates an md5 hash, fills in a hidden form with the username, hashvalue and timestamp, and sends that to login.php

    login.php takes those values, checks the username, checks the timestamp, and makes its own hash (from the password in its databanks), and compares. If successful, it redirects to the transaction.htm l page. If not, it directs the user to a bagLogin.html page.

    The Problem:
    When my validation functions return true or false, and I have my redirect conditions as "if($errors == 0)" then it redirects to the transaction page regardless of invalid logins - even if the username doesn't exist. As far as I can tell, my validation functions *should* work; they're relatively simple (and if they were failing, I'd expect them to deny all rather than allow all).

    However, if I change any of that - if my validation returns 1 or 0 rather than true/false, for example, or my condition is "if($errors == true)" or even "if($errors )", it just sits there at login.php, not displaying anything - even though I have all error reporting and debugging turned on, and echo testing statements, it's entirely blank.

    I hope I've explained this clearly enough for someone to give me a guide to the problem. As this is for an assignment, I'm loath to post code up on here. I'd appreciate any advice.
    Tags: None
    • Markus
      Recognized Expert Expert
      • Jun 2007
      • 6092
      #2
      Originally posted by Avaenuha
      Okay. I'm coding a login function for an online security subject at uni. It's written in PHP5, on a Solaris server; I don't have permissions to alter or even access the php.ini file, I believe.

      What is supposed to happen is:
      User fills in their username and password, hits 'submit'
      javascript takes a timestamp, usernamd and password, calculates an md5 hash, fills in a hidden form with the username, hashvalue and timestamp, and sends that to login.php

      login.php takes those values, checks the username, checks the timestamp, and makes its own hash (from the password in its databanks), and compares. If successful, it redirects to the transaction.htm l page. If not, it directs the user to a bagLogin.html page.

      The Problem:
      When my validation functions return true or false, and I have my redirect conditions as "if($errors == 0)" then it redirects to the transaction page regardless of invalid logins - even if the username doesn't exist. As far as I can tell, my validation functions *should* work; they're relatively simple (and if they were failing, I'd expect them to deny all rather than allow all).

      However, if I change any of that - if my validation returns 1 or 0 rather than true/false, for example, or my condition is "if($errors == true)" or even "if($errors )", it just sits there at login.php, not displaying anything - even though I have all error reporting and debugging turned on, and echo testing statements, it's entirely blank.

      I hope I've explained this clearly enough for someone to give me a guide to the problem. As this is for an assignment, I'm loath to post code up on here. I'd appreciate any advice.
      Can you post the code (using the relevant code tags) so we can have a good look at it, and suggest ways to help!

      Regards,

        Comment

        • Avaenuha
          New Member
          • Apr 2007
          • 19
          #3
          Okay...Apprecia te the help. I'll post what I can of the code (have to be careful, my uni is very strict on plagiarism.

          This vrsion of it allows anyone through, but it's technically comparing boolean values to ints ($errors will be true or false). If I correct that (either by changing the return values to ints, or changing the if statement to boolean) it just sits with a blank page with the URL of this script.
          [CODE=PHP]
          <?php
          session_start() ;
          error_reporting (E_ALL);
          ini_set('displa y_errors', true);

          if(isset($_SESS ION['USER']))
          {
          header("Locatio n: logout.php");
          }

          if(isset($_POST['hName']))
          {
          if(strcmp($_POS T['hName'], "NOTSET"))
          {
          $errors = jsLogin();
          if($errors == 0)
          {
          $_SESSION['USER'] = $_POST['hName'];
          header("Locatio n: transaction.htm l");
          }
          else
          {
          header("Locatio n noLogin.html");
          }
          }
          else
          {
          $errors = noJSLogin();
          if($errors == 0)
          {
          $_SESSION['USER'] = $_POST['NOJSname'];
          header("Locatio n: transaction.htm l");
          }
          else
          {
          header("Locatio n noLogin.html");
          }
          }
          }
          else
          {
          header("Locatio n noLogin.html");
          }

          ?>[/CODE]
          I haven't given the validation function code; assume it returns boolean true if the data is valid. If that's required (ie if there's nothing 'wrong' with this part) then I'd much rather PM the validation code, or have someone say "here's a list of most probable causes" or something, thanks. Your help is much appreciated.

            Comment

            • TheServant
              Recognized Expert Top Contributor
              • Feb 2008
              • 1168
              #4
              Yeah, I can't see any errors there.Are you 100% sure the validation scripts are working? Just echo the output from them to find out.

              Originally posted by Avaenuha
              If I correct that (either by changing the return values to ints, or changing the if statement to boolean) it just sits with a blank page with the URL of this script.
              Not sure what you're saying here but there is no output in this script so you wouldn't expect anything other than a blank page. Make an echo statement at the top of your code, and do your "correction ". Move the statement down your code until it doesn't display and that is probably where your error is.

              Also, maybe it is a header problem? If that script is sending the header location line back to the original form, it is possible that one is crashing in some way? Check that out, or post your form code.

                Comment

                • Avaenuha
                  New Member
                  • Apr 2007
                  • 19
                  #5
                  Problem solved. Some of the header(location ) things are missing colons between location and the URI. *sheepish* All good, now.

                  (Clarification (though it's kinda moot now) I meant the validation scripts return boolean, but are being tested against ints in the quoted script above.)

                    Comment

                    • TheServant
                      Recognized Expert Top Contributor
                      • Feb 2008
                      • 1168
                      #6
                      lol, yeah, should've seen that. I remember looking at one and moving onto the next idea, but should've checked 'em all. Hope you stop by again.

                        Comment

                        Previous template Next
                        Working...