I am using a header redirect after the user submits a login and registration form and the input has been stored in a mysql database. The registration info is successfully stored into the database but when the script goes to redirect I reach a 404 error.
I am using the variable $redirectURL to pass the absolute path to the header function. Upon redirecting the URL is passed the variable $redirectURL instead of redirecting.
JavaScript
x
http://localhost/Shape_Search/app/model/user_util/$redirectURLHere is the php script redirecting user_account.php:
JavaScript
<?php/* Registration, Login, and Logout Request Processing This server-side script handles registration, authentication, and logout requests which come from login.php and registration.php. The database.class.php is used to fetch and insert user account data from/to the database*/require_once (realpath(dirname(dirname(dirname(__DIR__)))) . 'configconfig.php');session_start();// Include and initialize database classrequire_once (CONTROLLER . 'database.class.php');$accountDB = new DB();$postData = $statusMsg = $valErr = '';$status = 'error';$redirectURL = INDEX;/* SIGNUP SUBMITIf signup request is submitted, input data is inserted in the database after validation*/if (isset($_POST['registerSubmit'])) { $redirectURL= FORM . 'registration.php'; // Get user's input $postData = $_POST; $cleanUsername = strip_tags(trim($_POST['username'])); $cleanPassword = strip_tags(trim($_POST['password'])); $cleanPasswordConfirm = strip_tags(trim($_POST['passwordConfirm'])); // Validate form fields if (empty($cleanUsername)) { $valErr .= 'Please enter a username.'; } if (empty($cleanPassword)) { $valErr .= 'Please enter a password.'; } if (empty($cleanPasswordConfirm)) { $valErr .= 'Please confirm your password.'; } /* Clean username input to prevent injections * Allow usernames that begin with a-z and only contain alphanumeric plus '-' and -_' a * Also checks that username is at between 5 and 50 characters long */ $regexUsername = '/^[a-zA-Z]+(?:[a-zA-Z0-9d_]+){4,50}$/'; if (preg_match($regexUsername, $cleanUsername)) { /* Clean password input to prevent injections * Allow passwords that contain: * Minimum of 8 characters * Minimum of 1 Uppercase Letter * Minimum of 1 numeric value * Minimum of 1 Special Character !@#$%^&- */ $regexPassword = '/^(?=.*[!@#$%^&*-])(?=.*[0-9])(?=.*[A-Z]).{8,20}$/'; if (preg_match($regexPassword, $cleanPassword) && preg_match($regexPassword, $cleanPasswordConfirm)) { if ($cleanPassword != $cleanPasswordConfirm) { $valErr .= 'Passwords should match.'; } } else { $valErr .= 'Password must contain the following: Minimum of 8 characters Minimum of 1 Uppercase Letter Minimum of 1 numeric value Minimum of 1 Special Character !@#$%^&- '; } } else { $valErr .= 'Username must be between (5-50) characters and may only contain letters or numbers or - or _'; } // Check whether user errors are empty if (empty($valErr)) { // Check whether user already exists with same username in database $prevCon['where'] = array( 'username' => $cleanUsername ); $prevCon['return_type'] = 'count'; $prevUser = $accountDB->getRows('user',$prevCon); if ($prevUser > 0) { $statusMsg = 'Username already registered, please choose another username.'; } else { // Insert user data into the database $passwordHash = password_hash($cleanPassword, PASSWORD_DEFAULT); $memberData = array( 'username' => $cleanUsername, 'password' => $passwordHash ); $insert = $accountDB->insert('user', $memberData); if ($insert) { $status = 'success'; $statusMsg = 'Your account has been registered successfully, you may now login to your account.'; $postData = ''; $redirectURL = FORM . 'login.php'; } else { $statusMsg = 'Something went wrong, please try again after some time.'; } } } else { $statusMsg = 'Something is wrong with your input: '.$valErr;}// Store registration status into the SESSION$sessData['postData'] = $postData;$sessData['status']['type'] = $status;$sessData['status']['msg'] = $statusMsg;$_SESSION['sessData'] = $sessData;// Redirect to the login/registration pageheader('Location: $redirectURL');exit();/* LOGIN SUBMIT* If login request is submitted, the system checks if any record exists in database with given username and password*/} elseif (isset($_POST['loginSubmit'])) { // Get user's input $postData = $_POST; // Clean username and password input by removing injection tags and white space $cleanUsername = strip_tags(trim($_POST['username'])); $cleanPassword = strip_tags(trim($_POST['password'])); // Validate form fields if (empty($cleanUsername)) { $valErr .= 'Please enter your username.'; } if (empty($cleanPassword)) { $valErr .= 'Please enter your password.'; } // Check whether user inputs are empty if (empty($valErr)) { $conditions['where'] = array( 'username' => $cleanUsername, ); $conditions['return_type'] = 'single'; $userData = $accountDB->getRows('user', $conditions); if (password_verify($cleanPassword, $userData['password'])) { if (!empty($userData)) { $statusType = 'success'; $statusMsg = 'Welcome '.$userData['username'].'!'; $postData = ''; $_SESSION['userLoggedIn'] = TRUE; $_SESSION['userID'] = $userData['id']; $redirectURL = HOME; } else { $statusMsg = 'Wrong username or password, please try again!'; } } else { $statusMsg = 'Password does not match record.'; } } else { $statusMsg = 'Username does not exist.'; }} else { $statusMsg = 'There is something wrong with your inpput: '.$valErr;}// Store login status into the SESSION $sessData['postData'] = $postData; $sessData['status']['type'] = $status; $sessData['status']['msg'] = $statusMsg; $_SESSION['sessData'] = $sessData; // Redirect to home pageheader('Location: $redirectURL');exit();?>Advertisement
Answer
$redirectURL variable should be outside from single quote in header method and concatinate with ‘.’ operator.
JavaScript
// Redirect to home pagewrong header('Location: $redirectURL');right header('Location:'.$redirectURL);