0
$email = trim($_POST['email']);
        $pass = md5(trim($_POST['password']));
        $user = R::findOne("user"," email = ? AND password = ? ", array($email,$pass));
        if($user != NULL) {
            // good login
            header('Location: http://www.google.com/');
        } else {
            // bad login
        }

Now the framework we are provided already in redbean to create the login script is in this file which runs when we submit any form on website - 

require_once('xyz.class.php');
if (isset($_REQUEST['apiName']) && $_REQUEST['apiName'] != null) {
    $apiName = $_REQUEST['apiName'];
    switch ($apiName) {
        case 'requestSignUp':
            echo UberHealth::requestSignUp($_REQUEST['email']);
            break;
        case 'contact':
            echo UberHealth::contact($_REQUEST['email'], $_REQUEST['msg'], $_REQUEST['name'], $_REQUEST['subject']);
            break;
        ...
    }
}

and xyz.class.php has redbean functions for logging in / sign up etc. Now when i login through this script this gives me an error on console like - 

XMLHttpRequest cannot load http://www.google.com/. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost' is therefore not allowed access.

I have tried 

return header('Location: http://www.google.com/');
return json_encode(header('Location: http://www.google.com/'));

instead of just header('Location: ...'));

But gave the same error.

Harshit Laddha
  • 2,044
  • 8
  • 34
  • 64

1 Answers1

0

I think you're missing the Access-Control-Allow-Origin header, as the message said :)

Here is the same question on SO.

Edit: To address your header alternative question As far as I understood you're searching for an alternative approach for header redirects. Well typically PHP Frameworks I know use some Bootstrapping mechanisms to build the user output. Take a look at my rude graphic below:

Sample of a framework bootstrap-process

Essentially the request from the client will always be handled via a main entry point (index.php) where you depending on the url style either use hashes, or parts of the querystring to determine where to navigate to. Thats the job of the bootstrapper to find out: "Ok the user want's to visit Page XYZ". The next layer could be the Authorization amongst others. Here you would check whether the user has the permission or not if so continue to your BL and render the result which then is returned to the client.

So this whole sequence takes place during the initial request from the client thus no redirecting would be needed. For detailed examples take a look how well-known Frameworks do the Job.

Community
  • 1
  • 1
zewa666
  • 2,593
  • 17
  • 20
  • It did help but i am not only looking for that but also a good technique here to redirect to secure section of website. Now I have heard headers are not that good option though I can make sure that permissions for the secure section being redirected through headers are changed so that the world can not execute it still if a better approach is there please help. – Harshit Laddha Mar 07 '14 at 14:00
  • I've updated the answer to hopefully address your additional question better – zewa666 Mar 08 '14 at 07:46