[PHP] session header issue

Wed, 30 Jul 2003 15:38:20 -0700

I've got a site with a login authentication script in a file called login.php. Every page has a simple session check on top of it, as well as line that captures the name of the file the user is trying to view. The idea is that if the user tries to go straight to an inside page without logging in, they get sent to the login page (index.php) with the variable $file marking the page they wanted to view. When they log in, the $file variable is sent to login.php and (if $file is set) login.php returns them to the page they were trying to view using a simple header redirect: header("Location: $file");

Problem: instead of sending them to the page they wanted to view, they get sent to this URL: login.php?file=/dir/file_name.php?v=123

What's going on here? Why doesn't "Location: $file" return the contents of $file? The session check as well as login.php code are below. I'm stumped here -- thanks!

Sam

////----ON EVERY PAGE IN SITE----//////

//get name of file user is trying to view
$file=$PHP_SELF."?".$_SERVER['QUERY_STRING'];
// session check
session_start();
if (!session_is_registered("SESSION"))
{
        // if session check fails, invoke error handler
        header("Location: index.php?file=$file");
        exit();
}

/////----LOGIN.PHP----/////
if (!$file) {
        $page = "main.php";
        } else {
        $page = "$file";
        }
// login.php - performs validation

// authenticate using form variables
$status = authenticate($user_name, $password);

// if  user/pass combination is correct
if ($status == 1)
{
        // initiate a session
        session_start();
        
        // register some session variables
        session_register("SESSION");

        // including the username
        session_register("user_name");
        session_register("user_id");
        $user_name = "$user_name";
        $user_id = "$user_id";

        // redirect to protected page
        header("Location: $page");
        exit();
        


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to