0

I'm developing a site that requires a log in. I have setup index.php to check if the client is logged in with a session cookie; if not, it redirects to login.php that handles the login logic. When the user enters their credentials into the login form, it posts to login.php which does the authentication. If it's okay, it should redirect back to index.php which does most of the work. This whole setup works perfectly well in Internet Explorer 10 and Chrome 30. However, in Firefox 24, the initial redirect from index.php to login.php works just fine, but not the redirect from login.php to index.php; all I get is a blank page. The weird part is, though, that if I try to "view page source" in Firefox, I get "document expired" in the code view window. When I click try again, the source code pops up as if it had successfully redirected to index.php.

I'm pretty sure this is not a phantom whitespace problem because it works in Chrome and IE, and it did work in a previous Firefox (not to mention that it works if viewing the page source). Any advice would be appreciated. Below is a snippet of login.php that does the redirect.

if(isset($_POST['login'])) {
  $contents=tnRequest(...);  // this gets an XML document describing the user
  $xml=simplexml_load_string($contents);
  if($xml->STATUS==0) {
    if($xml->PASSCHANGE==1) { // force a password change
        include('header.php');
        passwdform($puser,$ppass);
        include('footer.php');
        exit;
    }
    // user logged in okay, no forced password change.
    // load data into session variable and redirect to index.php
    load_user_data($xml);
    header('Location: ./index.php');
    exit;
  } else {  // login failed, try again
    session_regenerate_id(true);
    include('header.php');
    echo "<Center><font color='red'><strong>Incorrect login, please try again.</font></center>";
    loginform();
    include('footer.php');
    exit;
  }
}
4

1 回答 1

0

This is an indirect answer unfortunately.

I have had many issues with PHP redirects in the past. I have since switched to a javascript redirect which serves the same purpose but avoids all of the header hassles. Try:

if(isset($_POST['login'])) {
  $contents=tnRequest(...);  // this gets an XML document describing the user
  $xml=simplexml_load_string($contents);
  if($xml->STATUS==0) {
    if($xml->PASSCHANGE==1) { // force a password change
        include('header.php');
        passwdform($puser,$ppass);
        include('footer.php');
        exit;
    }
    // user logged in okay, no forced password change.
    // load data into session variable and redirect to index.php
    load_user_data($xml);
    ?>
    <script type="text/javascript">
    <!--
    window.location = "./index.php"
    //-->
    </script>
    <?php
    exit;
  } else {  // login failed, try again
    session_regenerate_id(true);
    include('header.php');
    echo "<Center><font color='red'><strong>Incorrect login, please try again.</font></center>";
    loginform();
    include('footer.php');
    exit;
  }
}

If this doesn't work then the issue is probably in the address of index.php (try /index.php instead of ./index.php or even index.php, it depends on the location of your web root). If not you must have a space or some html characters present which is blocking PHP from sending headers.

Good luck!

于 2013-10-14T16:25:47.823 回答