need help with redirect to secured page and back if not a user

[webguync]

I need some help with a form being successfully submitted redirecting to a secure page. I already have the form code working and just need the part to redirect within an else statement. Also need to redirect a user back to the form page if they try and visit the secure page without being a member.

 

thanks in advance.

[elmas156]

If the user has to sign in, can you do something like this:

 

<?php

if ($_SESSION['logged'] == 1) { // User is already logged in.

     header("Location: secure.php"); // Goes to secure page.

} else {

     header("Location: formpage.php"); // Goes back to form page.

}

?>

[webguync]

thanks hoping to be able to redirect not after a user signs in but after they fill out a form successfully, that is why I want to be able to redirect within an if statement.

 

if no validation errors submit form and redirect after successful submission, else don't submit and display validation errors.

 

Thanks in advance.

[robert_gsfame]

then u can use <form action="<?php echo $_SERVER['PHP_SELF'];?>">

 

then u can validate every single input and put it at the top of your page eg:

if($_POST['submit'])

{

  if(!empty($_POST['text']))

    {

      header("Location:page2.php"); 

    }

}

 

so no submission when $_POST['text'] is empty

 

[elmas156]

How about this:

 

use a javascript validation script, then once the form is complete and there are no validation errors do this:

 

<?php

if (isset($_POST['submit'])) { // If the form has been submitted.

header("Location: securepage");

}

?>

 

This wouldn't be very secure though because if the user typed the url of the "secure" page directly into the address bar of the browser, there would be no way to keep them from viewing the content unless you had a session logged or determine whether or not they are authorized to see the content based on page they came from.

 

Hope this helps... I'm pretty new to php myself so I'm just throwing out ideas that I would try.

[webguync]

I tried doing the header in the else statement if the form is submitted successfully, but I get this error.

 

Warning: Cannot modify header information - headers already sent by (output started at /inc/inc.header.php:7) in /new_site/register.php on line 86

 

so I guess I need to put something in the actual header of the document to redirect if the form was successfully submitted?

[robert_gsfame]

at the top of your page put

<?php

session_start();

?>

 

then never put the header() in the <body>

so put everything at the top of your php page so it goes like this

<?php

session_start();

?>

<?php

if($_POST['submit'])

{

  if(!empty($_POST['textbox']))

    {

      header("Location:page2.php"); 

    }

}

?>

<html>

<head>

<body>

<form name=form1 method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">

<input type="text" name="textbox">

<input type="submit" name="submit">

</form>

</body>

</head>

</html>

 

IT WILL WORK 100%

[elmas156]

Yes, Robert is exactly right... I had the same problem a couple of months ago.  The thing was, when I was building my site, I built it on a server that didn't have all the error reporting problems and it seemed to work ok.  When I moved it to the permanent server, I was getting the same header error.  I worked on it for a few days until I got it figured out.  The bad part was that I had to completely restructure every page on my site, which took forever because I've got about 40 pages on my site that needed the restructuring in order to work properly... won't make that mistake again! 

 

Webguy.... just make sure that you are doing the actual processing of your form and the redirection ABOVE the <html> tag on your page.  It kid of seems kind of like this is done backward but think of it this way:

 

The code at the top of the page is ignored by the server when the page is first visited and the actual form is displayed.  After the form is submitted and the form "action" is actually the same page that the form is on, the php code then kicks in, does its thing, and your page is redirected with absolutely no header errors.  It actually makes for cleaner looking code and it's easier to read and modify later if needed... it was for me anyway.

[webguync]

I added this to the top of my page before any of the HTML code begins.

<?php
session_start();
?>
<?php
if($_POST['Submit'])

  
    {
      header("Location:Profile.php");   
    }

?>

 

but it doesn't seem to work and I am getting the 'headers already sent warning msg.

 

the header is part of an include and is on every page. Is this the problem?

[webguync]

any ideas on this problem? Is there another way to redirect other than by header()?

[laffin]

Some thing u must understand

1) Sessions don't work without a sessiion_start() before any output is sent out this includes header()

2) header() doesnt work if output has been sent out (with exception of rule #1)

 

All in one forms work great, however they require a lot of planning.

so start with your form:

<html>
<head>
<body>
<form name=form1 method="post" action="?">
<input type="text" name="textbox">
<input type="submit" name="submit">
</form>
</body>
</head>
</html>

the action='?' just redirects to itself

 

now add your validation code at top

<?php
if(isset($_POST['name']))
{
     $name=trim($_POST['name']);
     if(strlen($name))
     {
           // do processing of the variables (no output);
          // like inserting into db etc
          header('Location: nextpage.php");
         // or if u need to send the nextpage somthing, from the processing procedure
        //  header('Location: nextpage.php?name=".htmlspecialchars($name));
        die(); // we are done
   }
   // we get here when we did have a name but it was empty
   echo "<h3>Bad Form entries, try again</h3>". PHP_EOL;
}
?>
[code]

Very simple, when u think about it logically.

[webguync]

so it should be ok, putting this code in the header in an include file which is on every page?

 

<!--
PHP to start a SESSION and redirect to Profile page once profile info is submitted
-->
<?php
session_start();
?>
<?php
if($_POST['Submit'])

  
    {
      header("Location:Profile.php");   
    }

?>

[laffin]

Yes, but you arent sending any info to the next page, all $_POST/$_GET data is lost.

Reason, I put Processing of variables.