By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
445,758 Members | 1,223 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 445,758 IT Pros & Developers. It's quick & easy.

$HTTP_REFERER crashes my system like clockwork

P: n/a
I like to develop on my desktop, then when I get stuff working, I copy
to my web-site.

I set up a new version Xampp on my windows-2k desktop. And downloaded
the stuff from the website to edit. On the website, everything worked,
on my desktop, nothing works.

I am guessing this has to do with PHP versions. I know PHP breaks
everything whenever they come out with a new version.

On the website, I am using PHP 4.4.2. On my desktop, I'm using 5.1.4.

This is the routine that crashes everything.

#if either form field is empty return to the log-in page
if ( (!$username) or (!$password) )
{
header("Location:$HTTP_REFERER");
exit();
}

Again, it all works with PHP 4..4.2, crashes with PHP 5.1.4. Also if I
try to do anything else with $HTTP_REFERER, the system crashes.

By "crashes" I mean I either get a blank page, or an error message that
the headers are already loaded.

Jul 20 '06 #1
Share this Question
Share on Google+
22 Replies


P: n/a
walterbyrd wrote:
This is the routine that crashes everything.

#if either form field is empty return to the log-in page
if ( (!$username) or (!$password) )
{
header("Location:$HTTP_REFERER");
exit();
}

Again, it all works with PHP 4..4.2, crashes with PHP 5.1.4. Also if I try
to do anything else with $HTTP_REFERER, the system crashes.

By "crashes" I mean I either get a blank page, or an error message that
the headers are already loaded.
This may or may not help, but is there really no space between "Location:"
and "$HTTP_REFERER"? Because there should be.

Also, you might try using $_SERVER['HTTP_REFERER'] instead, assuming you're
running PHP >= 4.1.0.

HTH,
--
Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
"I think I'd most like to spend a day with Harry. I'd take him
out for a meal and apologise for everything I've put him through."
— J. K. Rowling

Jul 20 '06 #2

P: n/a
Benjamin Esham wrote:
>
This may or may not help, but is there really no space between "Location:"
and "$HTTP_REFERER"? Because there should be.
I found that I can set PHP to 4.4.2-pl1 with Xampp. That didn't help. I
tried putting in a space, that didn't help either.
Also, you might try using $_SERVER['HTTP_REFERER'] instead, assuming you're
running PHP >= 4.1.0.
I am not sure exactly how to do this. I had:

header("Location: $HTTP_REFER");

Do I keep the quotes? Do I keep the "Location:" ? It doesn't seem to
work either way.

I tried it like this:

header($_SERVER['HTTP_REFERER']);

And got these errors:

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:2) in
C:\xampp\htdocs\WMS\authenticate.php on line 5

I also don't understand why this works perfectly on my web-site. Also,
I don't understand why I'm not getting my $username and $password
strings.

This is from by index.html file:
<form action="authenticate.php" method="post">
Username:<br>
<input type="text" name="username">
<br><br>
Password:<br>
<input type="password" name="password">
<br><br>
<input type="submit" name="Log In">
</form>
This is the authenticate.php file:
<?php
#if either form field is empty return to the log-in page
if ( (!$username) or (!$password) )
{
header($_SERVER['HTTP_REFERER']);
exit();
}
The $username and $password strings seem to be empty. I tested them.
HTH,
--
Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
"I think I'd most like to spend a day with Harry. I'd take him
out for a meal and apologise for everything I've put him through."
- J. K. Rowling
Jul 20 '06 #3

P: n/a
[quoted sections rearranged slightly]

walterbyrd wrote:
Benjamin Esham wrote:
Also, you might try using $_SERVER['HTTP_REFERER'] instead, assuming
you're running PHP >= 4.1.0.

I am not sure exactly how to do this.
OK, try this function:

function authenticate()
{
if (!isset($_POST['username']) || !isset($_POST['password'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit();
}
}
The $username and $password strings seem to be empty. I tested them.
The $username and $password were empty because you have register_globals
off; this means that you can only access your form variables through $_POST.
*This is the way it should be!* Turning register_globals on is potentially
a great security risk. Newer versions of PHP ship with register_globals
turned off by default, which is probably why you're experiencing
inconsistencies between the behavior of the two versions.
Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:2) in
C:\xampp\htdocs\WMS\authenticate.php on line 5
This error is caused by sending output before headers. "Output" is usually
your outputted HTML code, but *any text at all*, including whitespace, that
comes before the opening <?php of your script will mess up your attempt to
send a header. Make sure that the <?php is the very first thing in your
file, and that you have no print or echo statements that are run before your
header() call.

By the way, I'm not sure whether using HTTP_REFERER is the best way to
return to the previous page. You're probably better off just doing a

header('Location: login_form.php');

as the HTTP_REFERER value is sometimes unreliable. Another alternative is
to display an error message instead of just sending the user back to the
input form. This is a bit more user-friendly; if a user clicks on "Submit"
and is sent back to the login page again, he or she might just try to submit
the form again and again until it works. With an error message, he or she
knows what the problem was.

Hope this helps! Feel free to post again if your script continues to give
you trouble.

--
Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
....and that's why I'm not wearing any pants.

Jul 20 '06 #4

P: n/a
*** walterbyrd escribió/wrote (20 Jul 2006 11:49:52 -0700):
#if either form field is empty return to the log-in page
if ( (!$username) or (!$password) )
{
header("Location:$HTTP_REFERER");
exit();
}
Do you check that $HTTP_REFERER actually has a value? Even if you have
register_globals set to on, you must be aware that browsers can send
HTTP_REFERER... or not.

If the variable is empty, it's not a good idea to send an empty location
header.

--
-+ http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
++ Mi sitio sobre programación web: http://bits.demogracia.com
+- Mi web de humor con rayos UVA: http://www.demogracia.com
--
Jul 20 '06 #5

P: n/a
Alvaro G. Vicario wrote:
*** walterbyrd escribió/wrote (20 Jul 2006 11:49:52 -0700):
#if either form field is empty return to the log-in page
if ( (!$username) or (!$password) )
{
header("Location:$HTTP_REFERER");
exit();
}

Do you check that $HTTP_REFERER actually has a value? Even if you have
register_globals set to on, you must be aware that browsers can send
HTTP_REFERER... or not.

If the variable is empty, it's not a good idea to send an empty location
header.
In that case I believe the browser would make a new request to the
current script, which of course, sends the redirect again. The
recursion would continue until the browser decides enough is enough and
kills the operation. That seems to match the symptoms described.

Jul 20 '06 #6

P: n/a
Benjamin Esham wrote:
Okay, I think I may be making some progress. My authenticate.php now
starts like this:

<?php
#if either form field is empty return to the log-in page
if (!isset($_POST['username']) || !isset($_POST['password']))
{
header("Location: index.html");
exit();
}

And that seems to work.
The $username and $password were empty because you have register_globals
off; this means that you can only access your form variables through $_POST.
*This is the way it should be!* Turning register_globals on is potentially
a great security risk.
Okay, from now on I will have register_globals on. Er, how do I do
that?
This error is caused by sending output before headers. "Output" is usually
your outputted HTML code, but *any text at all*, including whitespace, that
comes before the opening <?php
I am certain that is not the case. I have absolutely nothing before the
<?php or after the ?>, not even white space.
By the way, I'm not sure whether using HTTP_REFERER is the best way to
return to the previous page. You're probably better off just doing a

header('Location: login_form.php');
Did that. It works. Thanks.
Hope this helps! Feel free to post again if your script continues to give
you trouble.
My script is still giving me trouble, only now in a different part.

This line:

setcookie("admin", $username, time()+18000);

Is giving me this error:

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:29) in
C:\xampp\htdocs\WMS\authenticate.php on line 30

I am certain that $username is set correctly. I checked.

And this line (directly after the setcookie line)

header("Location: table_list1.php");

is giving me this error:

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:29) in
C:\xampp\htdocs\WMS\authenticate.php on line 32

I am certain that the file table_list1.php is correct, it's there. And
it works fine when run on my remote web-site.
--
Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
...and that's why I'm not wearing any pants.
Jul 21 '06 #7

P: n/a
walterbyrd wrote:
Okay, I think I may be making some progress. My authenticate.php now
starts like this [...] And that seems to work.
Good to hear.
Benjamin Esham wrote:
The $username and $password were empty because you have register_globals
off; this means that you can only access your form variables through
$_POST. *This is the way it should be!* Turning register_globals on is
potentially a great security risk.

Okay, from now on I will have register_globals on. Er, how do I do that?
Perhaps you misunderstood: most people consider register_globals a potential
security risk and advise to leave it off, as it seems to be already for you.
Either way, reading this page will do a better job of explaining.

http://us3.php.net/register_globals
This error is caused by sending output before headers. "Output" is
usually your outputted HTML code, but *any text at all*, including
whitespace, that comes before the opening <?php

I am certain that is not the case. I have absolutely nothing before the
<?php or after the ?>, not even white space.
OK, but does this file contain any right-to-left (e.g. Hebrew or Arabic)
text? Another recent thread in this group involved some phantom bytes at
the beginning of a file due to the different text direction, and the same
problem occurred there. (The reason that I'm being really persistent about
the beginning of the file is because I can't really think of any other
possible cause to this problem.)
By the way, I'm not sure whether using HTTP_REFERER is the best way to
return to the previous page. You're probably better off just doing a

header('Location: login_form.php');

Did that. It works. Thanks.
OK, cool.
My script is still giving me trouble, only now in a different part.

Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:29) in
C:\xampp\htdocs\WMS\authenticate.php on line 30
This is the same problem you were having before: somehow, text is being
outputted before the headers or cookie information can be sent. Go back
through your code; take a look at *everything* that happens between the time
your script is called and your cookie commands. Make sure that nothing
generates any output (remember, error messages count as output). Hopefully
the error rests with something in there.

HTH,
--
Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
"Men never do evil so completely and cheerfully as when they
do it from religious conviction." — Blaise Pascal

Jul 21 '06 #8

P: n/a

Benjamin Esham wrote:
Make sure that nothing
generates any output (remember, error messages count as output). Hopefully
the error rests with something in there.
First, thank you again for all of your help.

I am very sure nothing is being output before, or after the <?php . .
?>. I am using 100% English, no right to left languages. The very first
and last lines of this file are below:

<?php
#if either form field is empty return to the log-in page
.. . . .
?>

Here is the section that is giving me all the trouble, complete with
error checking echo statements:

{
echo("1" . "\n\n");
setcookie("admin", $username, time()+18000);
echo("2" . "\n\n");
header("Location: table_list1.php");
echo("3" . "\n\n");
exit;
}

Here is the complete output:

1
Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:22) in
C:\xampp\htdocs\WMS\authenticate.php on line 23
2
Warning: Cannot modify header information - headers already sent by
(output started at C:\xampp\htdocs\WMS\authenticate.php:22) in
C:\xampp\htdocs\WMS\authenticate.php on line 25
3

Benjamin D. Esham
bd*****@gmail.com | AIM: bdesham128 | Jabber: same as e-mail
"Men never do evil so completely and cheerfully as when they
do it from religious conviction." - Blaise Pascal
Jul 21 '06 #9

P: n/a
Another thing I forgot to mention. If I comment out the problem lines,
I do not get the error message about headers, i.e.:

{
echo("1" . "\n\n");
# setcookie("admin", $username, time()+18000);
echo("2" . "\n\n");
# header("Location: table_list1.php");
echo("3" . "\n\n");
exit;

}
Gives me this output:

1 2 3

Also, oddly enough, when this line is executed, it works fine. No error
messages:

header("Location: index.html");

And, again, this all works fine on my remote web-host, which runs about
the same version of php. My web-host runs Linux, and I am using
windows.

Jul 21 '06 #10

P: n/a

walterbyrd wrote:

Sorry to keep posting like this. It was the echo statements. This does
not really make sense to me. The echo are legal, and are placed between
the <?php . . ?>. Anyway, this works:
>
{
#echo("1" . "\n\n");
setcookie("admin", $username, time()+18000);
# echo("2" . "\n\n");
header("Location: table_list1.php");
# echo("3" . "\n\n");
exit;

}
Jul 21 '06 #11

P: n/a
Message-ID: <11*********************@b28g2000cwb.googlegroups. comfrom
walterbyrd contained the following:
>Sorry to keep posting like this. It was the echo statements. This does
not really make sense to me.
You have to remember that with php you are engaging in a dialogue
between the client machine (your machine) and the server.

Think what echo does. It starts output. You can't have output without
headers, so the headers get sent. Cookie information is sent with the
headers so if the headers are already sent you have missed the boat.

Don't worry, it took me some time to get it straight in my mind too.
Drawing a diagram of the data flows helps.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 21 '06 #12

P: n/a

Geoff Berrow wrote:
Think what echo does. It starts output. You can't have output without
headers, so the headers get sent.
But what if I need to output something? Do I have to drop back to html?
What does it mean for headers to be sent?
Cookie information is sent with the
headers so if the headers are already sent you have missed the boat.
But my cookies seems to work.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 21 '06 #13

P: n/a
BTW: just so you understand. The file I am working on is entirely php,
no html.

The very first line in by file is:

<?php

The very last line is:

?>

This is not a matter of me using echo outside the <?php .. ?>. I can
not use echo *anywhere."

I have tried using ob_start() and ob_flush(), that didn't work.

Jul 21 '06 #14

P: n/a
walterbyrd wrote:
Geoff Berrow wrote:

>>Think what echo does. It starts output. You can't have output without
headers, so the headers get sent.


But what if I need to output something? Do I have to drop back to html?
What does it mean for headers to be sent?

>>Cookie information is sent with the
headers so if the headers are already sent you have missed the boat.


But my cookies seems to work.

>>--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/

Dropping back to HTML won't help, either. *ANY* output will send the
headers. It's not a PHP restriction - that's how HTTP works.

But why would you want to send data - then immediately redirect the
client to another page anyway? They'd never see the data you output.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 21 '06 #15

P: n/a
"walterbyrd" <wa********@iname.comwrote:
This is not a matter of me using echo outside the <?php .. ?>. I can
not use echo *anywhere."

I have tried using ob_start() and ob_flush(), that didn't work.
The way HTTP works...

Client sends a GET request for a particular URL...

GET http://www.ebay.com/

The server, if there's something to deliver sends a "response" with
a 200 HTTP code. Then the communication begins between the
client and the server. Text typically gets something like html/text in
one of the headers for the html data that is sent. The browser then
starts receiving the HTML code. As it parses the HTML code, it'll
send more GET requests based upon the HTML encoding. For
instance, the <link rel="stylesheet" type="text/css" href="css/style.css" />
tells the browser that there's a stylesheet involved with the page,
and the browser then sends a request for the stylesheet. That's
why you'll see some pages present the text, then change the
way it all looks, because it's processing the HTML document in
a top down order.

For each image statement, <img src="images/image1.jpg" /in
the HTML, causes the browser to send another GET request
for the image.

I'm not sure how PHP's buffered output works right at this
moment, so someone else needs to help out in this respect.

The echo() statement (function?) forces the server to send an
html/text header, any html code presented forces the same.
I'm not sure how PHP's buffered output works in this regard.

I'm curious about timed redirection. Perhaps someone else
can comment on that, meaning some html encoding has been
sent but you want a redirection to occur after a given number
of seconds.

--
Jim Carlock
Post replies to the group.

Jul 21 '06 #16

P: n/a

Jerry Stuckle wrote:
But why would you want to send data - then immediately redirect the
client to another page anyway? They'd never see the data you output.
It is still in development. I was thinking I would ask the user to hit
return, or create a form that is -sort of- a message box, with an OK
button.

Is output impossible with php? Or is it impossible to output something,
then change the header later? I doesn't seem like it would all that
uncommon, and it doesn't seem like it should be all that difficult.

Jul 22 '06 #17

P: n/a

Jerry Stuckle wrote:
But why would you want to send data - then immediately redirect the
client to another page anyway? They'd never see the data you output.
Another thing I forgot to mention. About a hundred years ago, before
the web was around, I used to program for a living. I have forgotten
just about everything, except for, what are now ,bad habbits.

One thing I used to do, to help me debug, was to output small messages,
maybe just numbers, at stratigic locations in my code. At one time,
this was helpful for isolating exactly where the problem code existed.
Without headers to worry about, printing small messages to the screen
was about the easiest thing in world to do. It is surprising to me that
it's such an awful ordeal with PHP.

Jul 22 '06 #18

P: n/a
Message-ID: <11**********************@75g2000cwc.googlegroups. comfrom
walterbyrd contained the following:
>One thing I used to do, to help me debug, was to output small messages,
maybe just numbers, at stratigic locations in my code. At one time,
this was helpful for isolating exactly where the problem code existed.
Without headers to worry about, printing small messages to the screen
was about the easiest thing in world to do. It is surprising to me that
it's such an awful ordeal with PHP.

It's not. It's just your understanding of the client/server process
that you need to work on.
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
Jul 22 '06 #19

P: n/a
walterbyrd wrote:
Jerry Stuckle wrote:

>>But why would you want to send data - then immediately redirect the
client to another page anyway? They'd never see the data you output.


It is still in development. I was thinking I would ask the user to hit
return, or create a form that is -sort of- a message box, with an OK
button.

Is output impossible with php? Or is it impossible to output something,
then change the header later? I doesn't seem like it would all that
uncommon, and it doesn't seem like it should be all that difficult.
It's impossible to send a header after ANY OUTPUT has been sent to the
client. No echos, no HTML - not even a DOCTYPE or even whitespace.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 22 '06 #20

P: n/a
walterbyrd wrote:
Jerry Stuckle wrote:

>>But why would you want to send data - then immediately redirect the
client to another page anyway? They'd never see the data you output.


Another thing I forgot to mention. About a hundred years ago, before
the web was around, I used to program for a living. I have forgotten
just about everything, except for, what are now ,bad habbits.

One thing I used to do, to help me debug, was to output small messages,
maybe just numbers, at stratigic locations in my code. At one time,
this was helpful for isolating exactly where the problem code existed.
Without headers to worry about, printing small messages to the screen
was about the easiest thing in world to do. It is surprising to me that
it's such an awful ordeal with PHP.
Yep, but web programming is completely different. Here you have a
client/server relationship. Each web page is effectively its own
program. Anything which needs to go to the next page must be passed in
the GET/POST or the session, for instance.

It's similar to CICS transactional programs, but nothing at all like
classic programming.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 22 '06 #21

P: n/a

Jerry Stuckle wrote:
It's impossible to send a header after ANY OUTPUT has been sent to the
client. No echos, no HTML - not even a DOCTYPE or even whitespace.
If the client clicks on a link, won't that result in new header
information being sent to the client? So is it okay to send the client
new header information, after the client has sent information to the
server?

Jul 22 '06 #22

P: n/a
walterbyrd wrote:
Jerry Stuckle wrote:

>>It's impossible to send a header after ANY OUTPUT has been sent to the
client. No echos, no HTML - not even a DOCTYPE or even whitespace.


If the client clicks on a link, won't that result in new header
information being sent to the client? So is it okay to send the client
new header information, after the client has sent information to the
server?
Yes, because that's an entirely new page. Everything starts from scratch.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Jul 22 '06 #23

This discussion thread is closed

Replies have been disabled for this discussion.