> -----Original Message----- > From: Zoran Bogdanov [mailto:delta.storm@xxxxxxxxxxx] > Sent: Wednesday, November 05, 2008 5:42 AM > To: php-general@xxxxxxxxxxxxx > Subject: Secure redirection? > > Hi, > > I'm building a login system with AJAX/PHP/MySQL. > > I have worked everything out... AJAX is sending request to a php login > script (login.php) who if authentication passes initializes the session > and > sends the header using header("Location : registered_user_area.php"); > > The whole system works great without AJAX, but when I put AJAX in the > story > I ahve one problem: > > 1.When the user is successfully authenticated the login.php sends the > header, but the AJAX XMLHttpRequest call is still in progress waiting > for a > PHP response. So when PHP using the header function redirects to > another > page that page is outputed to the login form... > > My PHP login snippet is: > if ($res_hash == $u_pass) { > > $logged_user = $sql_execution->last_query_result->user; > > $sql_execution->exec_query("DELETE FROM seeds",false); > > $sql_execution->db_disconnect(); > > session_start(); > > $_SESSION['user'] = $logged_user; > > $host = $_SERVER['HTTP_HOST']; > > $url = rtrim(dirname($_SERVER['PHP_SELF']), '/\\') . > '/mpls/index.php'; > > header("Location: http://$host$url";); //--That page > ($host$url) is outputed in the login form... > > exit(); > > } > > else { > > $sql_execution->exec_query("DELETE FROM seeds WHERE id=$row- > >id",false); > > $sql_execution->db_disconnect(); > > echo 'BLS'; //--This is sent when the password/username > is > wrong > > exit(); > > } XmlHttpRequest calls do not necessarily have to be done asynchronously. You can make the page wait for the Javascript's POST/GET request to be completely fulfilled before continuing operation. Todd Boyd Web Programmer -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
