Jump to content

PHP program - Works at school but not at home

DensetsuAE86

By DensetsuAE86
in PHP Coding Help

Recommended Posts

DensetsuAE86 Newbie

DensetsuAE86

Posted
Posted

Hey guys, i'm facing a bit of a problem here. At school I wrote a PHP application for a project and it worked fine on the teachers server. But when I took it home and uploaded it to my web server it does'nt.

 

Basically, this code is at the top of the page

<?php
session_start();
if (!isset($_SESSION['valid_user']))
  {
    header('Location:index.php');
  }
?>

For some reason it doesn't even try to test the "IF" statement, it basically does nothing.  Can you guys help me? Thanks

 

Heres the whole code

<?php
session_start();
if (!isset($_SESSION['valid_user']))
  {
    header('Location:index.php');
  }
?>
<html>
<LINK href="zengarden-sample.css" rel="stylesheet" type="text/css">
<body>
<?php
//$userid = $_GET['userid'];
$userid = $_SESSION['valid_user'];
include "connect.php";	
include "links.php";


$sql = "select * from mail WHERE username='".$userid."' Order By date desc";

$proverbs_query = mysql_query($sql);
if(!$proverbs_query)
{
echo "Query failed";
exit;
}


$html = "<br />";
$html .= "<br />";
$html .= "<center>INBOX</center>";
$html .= "<table border='1' align='center' cellpadding='8'>";
$html .= "<th>Sender</th><th>Subject</th><th>Date</th>";	
while($row = mysql_fetch_assoc($proverbs_query))
{
$html .= "<tr>";
    $html .= "<td>".$row["sender"]."</td>";
$html .= "<td><a href=viewzmail.php?id=".$row['id'].">".$row["subject"]."</td>";
$html .= "<td>".$row["date"]."</td>";

$html .= "</tr>";

}
$html .= "</table>";
echo $html;

mysql_free_result($proverbs_query);
?>

</body>
</html>

PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

You need an exit; statement following your header() redirect to prevent the remainder of the code on the page from being execuited while the browser performs the redirect. For the posted code, all a hacker would need to do is ignore the header() redirect and he can still access the content on your page.

 

You also need to be debugging your code on a system with error_reporting set to E_ALL and display_errors set to ON (preferably set in your master php.ini, but alternatevely set immediately after your first opening <?php tag) so that all php detected errors will be displayed. You likely have a problem with your session or with a header being sent.

 

Are you sure the code that is setting the session variable is working?

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.