Does redirection not interrupt script interpretation?

Asked

Viewed 100 times

1

I may be missing something, but there’s no way I can see what. I have a simple login code that is behaving (at least it seems to me) in a strange way.

index php.:

session_start();
if(isset($_SESSION['error'])) {
    echo $_SESSION['error'];
    unset($_SESSION['error']);
}
?>
<form method="POST" action="process.php">
    username
    <input type="text" name="username">
    password
    <input type="password" name="password">
    <input type="submit">
</form>

php process.

session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    if($_POST['password'] == 'password' && $_POST['username'] == 'miguel') {
        $_SESSION['error'] = 'Loggedin Success';
        header('Location: index.php');
    }
    $_SESSION['error'] = 'Wrong details (username/password)';
    header('Location: index.php');
}
$_SESSION['error'] = 'NO POST REQUEST';
header('Location: index.php');

Now, what is happening with this code is that whether I put the wrong or right beliefs (miguel/password) it will always interpret the last block

$_SESSION['error'] = 'NO POST REQUEST';
header('Location: index.php');

How is that possible? Since we have gone through redirects before, the script interpretation (process.php) should not have been interrupted/canceled at this time and redirect us to the destination?

Put elses containing the blocks the code already does the "supposed":

session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    if($_POST['password'] == 'password' && $_POST['username'] == 'miguel') {
        ...
    }
    else {
        ...
    }
}
else {
    ...
}

But why are they needed in this structure? I’ve always thought that in interpreting a header('Location: ...'); the interpretation of the script itself would be interrupted

php logic redirecting
  • 1

    The header function only sends the header, you need an Exit after the call. As you are sending several identical headers in sequence, the browser is considering the latter.

  • Haa @bfavaretto. I always thought that redirection occurred at that time. I get it, I know the question sounds stupid, and I’m sorry, but I was getting really messed up about this. You can put a good answer that I accept... I’ve figured out what’s going on then by putting a die(); after the headers already works so

  • That, die() works too. I won’t let you answer now because I’m on mobile, maybe later.

  • Ok @bfavaretto , rest assured that I will accept yours (if it is good (: ), since you were the first who clarified/solved my doubt

  • If a good answer appears before, you can accept it if you want :) I did not find the question stupid, this behavior is not obvious at all.

  • @bfavaretto , then my answer :P ?

  • It took a while, but it came : )

Show 2 more comments

1 answer

4


The function header PHP only sends an HTTP header to the browser, and the HTTP protocol allows multiple header by request or response. So PHP doesn’t know you’re doing a redirect, it adds all the headers and it’s up to the user-agent who made the request (browser, usually) to decide what to do. In case he is deciding to redirect to the last header Location: found. This should be standard protocol (but I have no sources to confirm, if anyone knows can comment or edit my reply).

Therefore, you need to put one exit or die after sending the header Location:, so that PHP does not execute the code that sends the following:

session_start();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
    if($_POST['password'] == 'password' && $_POST['username'] == 'miguel') {
        $_SESSION['error'] = 'Loggedin Success';
        header('Location: index.php');
        exit;
    }
    $_SESSION['error'] = 'Wrong details (username/password)';
    header('Location: index.php');
    exit;
}
$_SESSION['error'] = 'NO POST REQUEST';
header('Location: index.php');
// aqui não precisa de exit pois é o último

  • Yes, I did, and I think this header (like all the others) is only effectively executed when the script interpretation, in this case php, ends. Obagdo for the clarification

Browser other questions tagged php logic redirecting

You are not signed in. Login or sign up in order to post.