Hi,

I want to go back to a previous webpage after I check the status of a user. I can use
header("location: index.php") to go to a main page, but when I use something else by either assigning a path and page to a variable inside a page, as
header("location: ".$where)or using the system as
header("location: ".$SERVER['SCRIPT_NAME']) it doesn't work. How can I do this?

You shouldn't use relative URLs in a Location header.

Well, I've read that it should be something like
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'mypage.php';
header("Location: http://$host$uri/$extra");The problem is not with that, but getting it to actually work with a variable. I can't seem to use either of the two examples in first post or
header("location: $where");
but the first example works fine when its a literal. I'll work on the rest to clean it up later after I get this tiny bit correct.

BTW, am using php 4.4.2 and mysql 5.0 (not my choice).

No, that's fine.

Make sure the variable contains what you think it does -- echo it somewhere.

yes, I'll do that - good idea, because when I use this:
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
header("Location: http://$host$uri/$where");
it redirects me out of the server and to http://www.noaa.gov/

Ok, I've been wight with getting the page to redirect even though the code was changed back to its simplest form. Redirection was being done even though the code said not to, even after restarting the browser and clearing the cache, cookies.

So, the question becomes, how do I redirect back to the first (calling) page, what ever it may be? This is getting so frustrating that I'm going out for chinese food! (and in Harlem NYC, that's bad!) this has been bugging me for two days! The code executes so very fast that nothing is/can be echoed.

Comment out the redirection line so you can see what the echo says? :)

my variable is still null. Even when I try to use a session variable as in:

session_start();
session_register("where");
$where = "http://earth.engr.ccny.cuny.edu/noaa/wc/Lidar/chainedmenu2.php";What can I do to get back to the original page?

If your variable is null, that would explain why the problem.

Where do you define it? How do you retrieve it?

I define it in the previous post, it's $where. I access it as in one of the first posts where it's used in the header() function. I also try to echo it to the screen, and that's where I find it's blank.

It's $where in all the above posts.

Could you give all the code you use?

Sure can. The code is in multiple pieces, so I'll show only the basics needed. I should say that the code works great, and is easy to configure to my website. The problem stems from my need to change it.

The calling page code, in part, is this:
<?php include_once("inc/auth.inc.php"); session_start(); session_register("where"); $where = "http://earth.engr.ccny.cuny.edu/noaa/wc/Lidar/chainedmenu2.php"; $user = _check_auth($_COOKIE); ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>

The line 'header("location: ".$where);' was originally 'header("location: index.php");', and assumed that you would be always wanting to go to this page. But in my case, I have password data files in several places, and so I want the redirect point to be back to the starting page, whatever it may be. The file auth.inc.php is this:
<?php

/* ===============================
== Basic PHP/MySQL Authentication
== by x0x
== Email: x0x@ukshells.co.uk
================================*/

include_once("config.inc.php");
include_once("layout.inc.php");

mysql_connect($CONFIG['HOST_NAME'], $CONFIG['DB_USERNAME'], $CONFIG['DB_PASSWORD'])
or die(mysql_error());
mysql_select_db($CONFIG['DATABASE_NAME'])
or die(mysql_error());

function _check_database($user, $pass)
{
$Q = mysql_query(" SELECT user_id FROM users WHERE user_name = '$user' AND user_pass = '$pass' ");
if(mysql_num_rows($Q) == 0) return 0;
else return mysql_fetch_array($Q);
}

function _check_auth($cookie)
{
$user = array();
$session = $cookie['SESSION'];

$q = mysql_query(" SELECT user_id, user_name FROM sessions WHERE session = '".$session."' ")
or die(mysql_error());
if(mysql_num_rows($q) == 0)
header("Location: login.php");
else {
$r = mysql_fetch_array($q);
$user['user_id'] = $r['user_id'];
$user['user_name'] = $r['user_name'];
}
return $user;
}

function _set_cookie($user_data, $rem, $session, $username)
{
if($rem == 1) setcookie('SESSION', $session, time() + 186400);
else setcookie('SESSION', $session);

$user_id = $user_data['user_id'];
$C = mysql_query(" SELECT * FROM sessions WHERE user_id = '$user_id' AND user_name = '$username' ");
if(mysql_num_rows($C) == 0)
$Q = mysql_query(" INSERT INTO sessions (session, user_id, user_name) VALUES ('$session','$user_id','$username') ");
else
$Q = mysql_query(" UPDATE sessions SET session = '$session' WHERE user_id = '$user_id' AND user_name = '$username' ");
header("Location: ".$where);
}

function _logout_user($cookie)
{
$session = $cookie['SESSION'];
$q = mysql_query(" DELETE FROM sessions WHERE session = '$session' ")
or die(mysql_error());
setcookie('SESSION', '', 0);
header("location: login.php");
}

function _already_logged($cookie)
{
if(isset($cookie['SESSION']))
header("Location: ".$where);
}

function fm($String)
{
return addslashes(strip_tags($String));
}
?>Since the login.php page is called after the first page, I commented out the 'session_start()' to see if it was a problem and put it in the first page, but that's not the issue. The other included files are for database access and for html page formatting. Just to be more complete, the file login.php is this:
<?php

/* ===============================
== Basic PHP/MySQL Authentication
== by x0x
== Email: x0x@ukshells.co.uk
================================*/

/*session_start();*/
include_once("inc/auth.inc.php");
_already_logged($_COOKIE);

if(isset($_POST['submit']))
{
$user_data = _check_database(fm($_POST['user']),fm($_POST['pass']));
if($user_data == 0) login_page();
else _set_cookie($user_data,fm($_POST['rem']),session_id(),fm($_POST['user']));
} else
login_page();
?>I did find a few references on the web about session variables being wiped out, but I haven't followed that yet because I think I'm doing something stupid.

You'll need to leave that session_start() there.
Can you add
error_reporting(E_ALL);to the top of each page and see if you get any notices?

Can I assume that successive 'session_start();' does not reset/clear the session array as it implies but does not directly state on the man pages? If it does, then it must be before the variable containing the redirect location is set in the first page, not the login.php page. Is this correct?

I'll add the error trapping lines and run the thing again.

I always am wondering if the server is running correctly. I set up a page so I could see the server properties: http://earth.engr.ccny.cuny.edu/noaa/wc/phpTest.php

If it does, then it must be before the variable containing the redirect location is set in the first page, not the login.php page. Is this correct?It must be before you use any session variables. session_start() simply sends the appropriate headers for the page it's on to use sessions; it doesn't reset or clear anything.

Ok, I clear the browser's cookies, cache & authenticated sessions. Then I run the page chainedmenu2.php. I get the following error messages:
Notice: Undefined index: SESSION in /webmail/apache/htdocs/noaa/wc/Lidar/inc/auth.inc.php on line 27

Warning: Cannot modify header information - headers already sent by (output started at /webmail/apache/htdocs/noaa/wc/Lidar/inc/auth.inc.php:27) in /webmail/apache/htdocs/noaa/wc/Lidar/inc/auth.inc.php on line 32and it does not go as usual to login.php, but instead displays the chainedmenu2.php page. Why? Because errors are no longer ignored? Well, there is no cookie now (as though the user has never signed on before). But, what does this imply about 'SESSION'? The statement 'session_start();' is at the top of the chainedmenu2.php page, so how can 'SESSION' be undefined? Hummm. The problem is not what I had thought it was.

The session isn't undefined, the cookie is. Notice that it says undefined index, not undefined variable. It means that $_COOKIE['SESSION'] doesn't exist.
The second error can be safely ignored, since it's probably caused by the displaying of the first error.

Well, the cookie should be undefined as I have erased it. This is a new entry, everything starting as though it is a new user. But, before I added the statement 'error_reporting(E_ALL);' to 'chainedmenu2.php', the execution would drop through to the 'header("Location: login.php");' line and ask to be logged in.

Does it seem that the program execution/flow is changed because of the error trapping? If so, I'm not getting to the problem area of the session variable that I declared, $where.....

You're probably right. The header() call will not function after the output from the error report was sent. Prepend the _set_cookie() call with the @ operator.

I found the problem. The issue of the session variables has changed between php 3.X and 4.4 with further changes into 6.0. Just can't use things the same way because:
session_register() accepts a variable number of arguments, any of which can be either a string holding the name of a variable or an array consisting of variable names or other arrays. For each name, session_register() registers the global variable with that name in the current session.

Caution

If you want your script to work regardless of register_globals, you need to instead use the $_SESSION array as $_SESSION entries are automatically registered. If your script uses session_register(), it will not work in environments where the PHP directive register_globals is disabled.

register_globals: important note: Since PHP 4.2.0, the default value for the PHP directive register_globals is off, and it is completely removed as of PHP 6.0.0. The PHP community encourages all to not rely on this directive but instead use other means, such as the superglobals. So, it looks like I need to change from
'session_register("where"); $where = "http://earth.engr.ccny.cuny.edu/noaa/wc/Lidar/chainedmenu2.php";' to
$_SESSION['where'] = "http://earth.engr.ccny.cuny.edu/noaa/wc/Lidar/chainedmenu2.php"Right? I'll try that out.

's right. I would have thought, however, that session_register() would simply add the variable to $_SESSION, where register_globals was off.

It's very plain, now, that the variable $_SESSION['where'] works only within a page, and is NOT passed correctly.

I define it at the beginning of chainedmenu2.php and it is not there when it goes to the login screen.

If I define it in auth.inc.php and use it in the header statement, the redirect back to chainedmenu2.php says that it is there, but ONLY because it is in the first lines of php code. I know this to be true because I made a second copy/version of chainedmenu2 (chainedmenu3.php) without the $_SESSION declaration and the different redirect or 'which' def, and the value was NOT passed. So, something is really wrong, and I just don't know what it is. Help please (sigh)?

Sure you called session_start(), and are you sure that no HTML was sent first? Not even a linebreak before the <?php?

Yes, I did that. The key is that session_start() ALSO must be the first line of the included files! I just fixed that and everything is OK now. Thanks for your help, Twey.