Skip to content
Advertisement

PHP Header Function Redirects to 404 Error

I am using a header redirect after the user submits a login and registration form and the input has been stored in a mysql database. The registration info is successfully stored into the database but when the script goes to redirect I reach a 404 error.

I am using the variable $redirectURL to pass the absolute path to the header function. Upon redirecting the URL is passed the variable $redirectURL instead of redirecting.

http://localhost/Shape_Search/app/model/user_util/$redirectURL

Here is the php script redirecting user_account.php:

<?php
/* Registration, Login, and Logout Request Processing
  This server-side script handles registration, authentication, and logout requests which come from login.php and registration.php. The database.class.php is used to fetch and insert user account data from/to the database
*/
require_once (realpath(dirname(dirname(dirname(__DIR__)))) . 'configconfig.php');

session_start();

// Include and initialize database class
require_once (CONTROLLER . 'database.class.php');
$accountDB = new DB();

$postData = $statusMsg = $valErr = '';
$status = 'error';
$redirectURL = INDEX;

/* SIGNUP SUBMIT
If signup request is submitted, input data is inserted in the database after validation
*/
if (isset($_POST['registerSubmit'])) {   
    $redirectURL= FORM . 'registration.php'; 

    // Get user's input
    $postData = $_POST;
    $cleanUsername = strip_tags(trim($_POST['username']));
    $cleanPassword = strip_tags(trim($_POST['password']));
    $cleanPasswordConfirm = strip_tags(trim($_POST['passwordConfirm']));

    // Validate form fields
    if (empty($cleanUsername)) {
        $valErr .= 'Please enter a username.';
    }
    if (empty($cleanPassword)) {
        $valErr .= 'Please enter a password.';
    }
    if (empty($cleanPasswordConfirm)) {
        $valErr .= 'Please confirm your password.';
    }

    /* Clean username input to prevent injections
    * Allow usernames that begin with a-z and only contain alphanumeric plus '-' and -_' a
    * Also checks that username is at between 5 and 50 characters long
    */
    $regexUsername = '/^[a-zA-Z]+(?:[a-zA-Z0-9d_]+){4,50}$/';


    if (preg_match($regexUsername, $cleanUsername)) {
        /* Clean password input to prevent injections
        * Allow passwords that contain:
        *      Minimum of 8 characters
        *      Minimum of 1 Uppercase Letter
        *      Minimum of 1 numeric value
        *      Minimum of 1 Special Character !@#$%^&-
        */
        $regexPassword = '/^(?=.*[!@#$%^&*-])(?=.*[0-9])(?=.*[A-Z]).{8,20}$/';
        

        if (preg_match($regexPassword, $cleanPassword) && preg_match($regexPassword, $cleanPasswordConfirm)) {
            if ($cleanPassword != $cleanPasswordConfirm) {
                $valErr .= 'Passwords should match.';
            }
        } else {
            $valErr .= 'Password must contain the following:
            Minimum of 8 characters
            Minimum of 1 Uppercase Letter
            Minimum of 1 numeric value
            Minimum of 1 Special Character !@#$%^&- ';
        }
    } else {
        $valErr .= 'Username must be between (5-50) characters and may only contain letters or numbers or - or _';
    }

    // Check whether user errors are empty
    if (empty($valErr)) {
        // Check whether user already exists with same username in database
        $prevCon['where'] = array(
            'username' => $cleanUsername
        );
        $prevCon['return_type'] = 'count';
        $prevUser = $accountDB->getRows('user',$prevCon);

        if ($prevUser > 0) {
            $statusMsg = 'Username already registered, please choose another username.';
        } else {
            // Insert user data into the database
            $passwordHash = password_hash($cleanPassword, PASSWORD_DEFAULT);
            $memberData = array(
                'username' => $cleanUsername,
                'password' => $passwordHash
            );
            $insert = $accountDB->insert('user', $memberData);

            if ($insert) {
                $status = 'success';
                $statusMsg = 'Your account has been registered successfully, you may now login to your account.';
                $postData = '';

                $redirectURL = FORM . 'login.php';
            } else {
                $statusMsg = 'Something went wrong, please try again after some time.';
            }
        }
    } else {
        $statusMsg = 'Something is wrong with your input: '.$valErr;
}

// Store registration status into the SESSION
$sessData['postData'] = $postData;
$sessData['status']['type'] = $status;
$sessData['status']['msg'] = $statusMsg;
$_SESSION['sessData'] = $sessData;

// Redirect to the login/registration page
header('Location: $redirectURL');
exit();

/* LOGIN SUBMIT
* If login request is submitted, the system checks if any record exists in database with given username and password
*/
} elseif (isset($_POST['loginSubmit'])) {
    // Get user's input
    $postData = $_POST;

    // Clean username and password input by removing injection tags and white space  
    $cleanUsername = strip_tags(trim($_POST['username']));
    $cleanPassword = strip_tags(trim($_POST['password']));
    // Validate form fields
    if (empty($cleanUsername)) {
        $valErr .= 'Please enter your username.';
    }
    if (empty($cleanPassword)) {
        $valErr .= 'Please enter your password.';
    }

    // Check whether user inputs are empty
    if (empty($valErr)) {

        $conditions['where'] = array(
            'username' => $cleanUsername,
        );
        $conditions['return_type'] = 'single';
        $userData = $accountDB->getRows('user', $conditions);
        
        if (password_verify($cleanPassword, $userData['password'])) {
            if (!empty($userData)) {
                $statusType = 'success';
                $statusMsg = 'Welcome '.$userData['username'].'!';
                $postData = '';

                $_SESSION['userLoggedIn'] = TRUE;
                $_SESSION['userID'] = $userData['id'];

                $redirectURL = HOME;
            
            } else {
            $statusMsg = 'Wrong username or password, please try again!';
            }
        } else {
            $statusMsg = 'Password does not match record.';
        }
    } else {
        $statusMsg = 'Username does not exist.';
    }
} else {
    $statusMsg = 'There is something wrong with your inpput: '.$valErr;
}
// Store login status into the SESSION 
$sessData['postData'] = $postData; 
$sessData['status']['type'] = $status; 
$sessData['status']['msg'] = $statusMsg; 
$_SESSION['sessData'] = $sessData; 

// Redirect to home page
header('Location: $redirectURL');
exit();
?>

Advertisement

Answer

$redirectURL variable should be outside from single quote in header method and concatinate with ‘.’ operator.

// Redirect to home page
wrong header('Location: $redirectURL');

right header('Location:'.$redirectURL);
User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement