Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Javascript used for PHP page direction

  • 14-03-2006 9:03pm
    #1
    Registered Users, Registered Users 2 Posts: 1,086 ✭✭✭


    When calling new pages with PHP I tend to use Javascript.

    Examples like
    if ($secure_password==mysql_result($result,0,"password"))
    {
    		  ?>
    			<script language="JavaScript">
    			location.href = "index.php";
    			</script>
    		<?
    }else{
    	?>
    		<script language="JavaScript">
    		  alert("Wrong Password");
    		  history.go(-1);
    		</script>
    	<?
    }
    

    That is fine if I am sure a user of my site has Javascript enabled. What happens if they don't? Is there any other way to get PHP files to proceed to other pages?

    What other alternatives do I have?

    Thanks in advance

    Peter


Comments

  • Closed Accounts Posts: 17,208 ✭✭✭✭aidan_walsh


    Google "http redirects".


  • Registered Users, Registered Users 2 Posts: 1,086 ✭✭✭Peter B


    Thanks for that aidan.

    Have been trying to replace all my location.href = "whatever.php"; to redirect("whatever.php"); by including method below.
    function redirect($url) {
    	
    	session_write_close();
       header('Location: '.$url);
       echo '<a href="'.$url.'">Click here to redirect to '.$url.'</a>';
       exit;
    }
    

    I can't find anything to replece the javascript history.go(-1); method.

    Also I have a form I need to post my current location to the next page which will use the value as a redirect. However I don't know how to get php to enter my current location in the form.

    In the past I was using
    <form name="form1" onsubmit="return checks1(this)" action="../login.php">
    which called the following javascript.
    <script ="javascript">
    function checks1()
    {
    	if (document.form1.id.value == "not")
    	{
    		alert("Nothing chosen");
    		return false;
    	}
    	document.form1.url.value=location.href;
    	return true;
    }
    </script>
    

    I can see how I can verify document.form1.id.value on my next page but I cannot send the current location as a form value (document.form1.url.value=location.href;)


  • Registered Users, Registered Users 2 Posts: 249 ✭✭frost


    Peter B wrote:
    Have been trying to replace all my location.href = "whatever.php"; to redirect("whatever.php");

    Peter, I'm writing a site at the moment and was using location.href reassignment myself. Any there problems with doing a redirect this way that made you decide to change?
    Peter B wrote:
    Also I have a form I need to post my current location to the next page which will use the value as a redirect. However I don't know how to get php to enter my current location in the form.
    You could use the REFERER, or
    this will work: <input type="hidden" name="previousPage" value="<?=$_SERVER?>" >

    However, I wouldn't recommend it because it is an open invitation for the user to insert something much more interesting into that variable to get access to your server's password files or something.

    How about storing a generated GUID in a PHP session; the GUID would be the key to a database table where the url (or whatever else you want to recall) is stored. The user could hack the GUID if he wanted to, but the chances that he could guess a valid one before the data was obsolete would be pretty slim.


  • Registered Users, Registered Users 2 Posts: 1,086 ✭✭✭Peter B


    I've gone for the redirect() method because I have been searching on Google and realise a small proportion of people turn off javascript on their browsers due to security loop holes and just not liking popups.

    Maybe it is not worth all the hastle and just sticking with javascript.

    Have used
    <input type="hidden" name="previousPage" value="<? echo $_SERVER?>" >

    Even if someone changes the hidden redirect value their $_SESSION is checked at the start of each new page loading so if they redirect somewhere they shouldn't they will be kicked out!


  • Registered Users, Registered Users 2 Posts: 249 ✭✭frost


    If you want to cover all bases, you could do something like this:
    function redirectToPage( $url ) {
      if ( !headers_sent() ) {  
          header("Location: {$url}");
          exit();
      } else {  
        // Can't send headers any more, so try using HTML & Javascript redirects instead
        ?>
        <HEAD>
        <META HTTP-EQUIV="Refresh" CONTENT="0; URL="<?=$url?>">
        <script language="JavaScript"><!--
          setTimeout('Redirect()',0);
          function Redirect()
          {
           location.href = '<?=$url?>';
          }
        --></script>
        </HEAD>
    <?php
      exit();     
      }  
    }
    


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,664 ✭✭✭rogue-entity


    Let me get this straight. You want to do user authentication. A user enters a username/password and if it is correct they get redirected to a new page with javascript, if not, an alert tells them the password is wrong and directs them back.

    First, I would say, avoid javascript. As you said, some users turn it off, but also history.go(-1) does not work in anything other then Internet Explorer (and browsers based on it) which is just bad form really. (I could be wrong though, but Javascript tends to be platform specific in some areas).

    Try this:
    <?php
    if ($secure_password==mysql_result($result,0,"password"))
    {
         session_start(); // Needed by all protected pages
         $authorised = 1;
         session_register('authorised'); // Now as long as this == 1. It is assumed that the password was correct.
         // Send user to new page.
         header('Location: Http://yourdomain/yourprotectedpage.php');
    }
    else // Session is not created, so protected pages will not be accessable.
    {
    ?>
    HTML "Wrong Password" page code goes here
    <?php
    }
    
    Now you just need to add a simple SESSION check to all pages protected, and they just need to check if the SESSION variable "authorised" is == 1.
    <?php
         session_start();
         if (!authorised) {
              // User did not authenticate, send back to login page.
             header('Location: Http://yourdomain/login.htm');
         else{
         ?>
    HTML FOR PAGE GOES HERE
    <?php } ?>
    
    This just a simple example.


Advertisement