|
|
Posted by Benjamin Esham on 10/15/65 11:53
[quoted sections rearranged slightly]
walterbyrd wrote:
> Benjamin Esham wrote:
>
> > Also, you might try using $_SERVER['HTTP_REFERER'] instead, assuming
> > you're running PHP >= 4.1.0.
>
> I am not sure exactly how to do this.
OK, try this function:
function authenticate()
{
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit();
}
}
> The $username and $password strings seem to be empty. I tested them.
The $username and $password were empty because you have register_globals
off; this means that you can only access your form variables through $_POST.
*This is the way it should be!* Turning register_globals on is potentially
a great security risk. Newer versions of PHP ship with register_globals
turned off by default, which is probably why you're experiencing
inconsistencies between the behavior of the two versions.
> Warning: Cannot modify header information - headers already sent by
> (output started at C:\xampp\htdocs\WMS\authenticate.php:2) in
> C:\xampp\htdocs\WMS\authenticate.php on line 5
This error is caused by sending output before headers. "Output" is usually
your outputted HTML code, but *any text at all*, including whitespace, that
comes before the opening <?php of your script will mess up your attempt to
send a header. Make sure that the <?php is the very first thing in your
file, and that you have no print or echo statements that are run before your
header() call.
By the way, I'm not sure whether using HTTP_REFERER is the best way to
return to the previous page. You're probably better off just doing a
header('Location: login_form.php');
as the HTTP_REFERER value is sometimes unreliable. Another alternative is
to display an error message instead of just sending the user back to the
input form. This is a bit more user-friendly; if a user clicks on "Submit"
and is sent back to the login page again, he or she might just try to submit
the form again and again until it works. With an error message, he or she
knows what the problem was.
Hope this helps! Feel free to post again if your script continues to give
you trouble.
--
Benjamin D. Esham
bdesham@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
....and that's why I'm not wearing any pants.
[Back to original message]
|