1

I am currently working on a form that displays email address and other details of the member when user is posting an advert. Understanding this is not an ideal world where things always happen according your plan, I wd like to be able to destroy session and redirect user to sign-in page when someone is tampering with email address field. I have managed to destroy the session but while redirecting url is playing up as per below.

FORM URL: http://localhost:8080/advert_post_Off.php?productid=31380&advertid=201246998

Expected signin page URL:http://localhost:8080/signin.php?redirect=authenticationerror

Redirect URL: http://localhost:8080/signin.php?redirect=advert_post_Off.php?productid=31380&advertid=201246998

PHP Code

$q = "SELECT * FROM users where email='$_SESSION[username]'";
$r = mysqli_query($dbc, $q) or die(mysql_error());
$row = mysqli_fetch_assoc($r);
$email = $row['email'];
$email_posted = $_POST['inputemail'];

if($email === $email_posted) {
    if(isset($_POST['postad'])) {
        // Insert form data into URL
    }
} else {
    unset($_SESSION['username']); 
    session_destroy(); 
    header('Location:/signin.php?redirect=authenticationerror');
}

Please help how could I redirect properly so that the URL will look as per expectation.

Gautam P Behera
  • 171
  • 2
  • 13

2 Answers2

1

header('Location: signin.php?redirect=authenticationerror');

It will work as you expected.

Ankit Jain
  • 898
  • 7
  • 12
1

To use the "Location" header, you have to set a FULL url.

header('Location: http://localhost:8080/signin.php?redirect=authenticationerror');

Read this to have a full explanation: https://stackoverflow.com/a/10541458/7473150

Community
  • 1
  • 1
Sandro Modarelli
  • 351
  • 2
  • 7