0

Using PHP 7.1, MySQL, HTML5 Using localhost at present, I wanted to set-up a redirect from each webpage if the user is not logged in, to return to the login page login.php.

So I added the following include header.php to all of my PHP files 

<!--    header.php
        on all webpages, checks if user logged in, redirects to login.php if NOT
https://stackoverflow.com/questions/29202153/how-to-redirect-users-to-login-page-if-they-havent-logged-in
-->
<?php
  session_start();
  if(empty($_SESSION["username"])){ /* IF NO USERNAME REGISTERED TO THE SESSION VARIABLE */
    header("LOCATION:login.php"); /* REDIRECT USER TO LOGIN PAGE */
  }
?>

I am now getting the error 

localhost redirected you too many times.

Having cleared all my cookies as recommended and rebooted my system, and I have removed the call to header.php from about 40 php files, it is still a problem.

I should say that it worked 100% until I edited my approximately 40th PHP file to add 

<?php require('header.php'); ?>

Then the error was displayed in the chrome browser as follows.

This page isn’t working
localhost redirected you too many times.
Try clearing your cookies.
ERR_TOO_MANY_REDIRECTS

I can add the header.php to less files in the future i.e. by adding to a higher level php file.

  1. how do I fix the error so I can continue to develop and
  2. what change do I make to the code to prevent the error in the future.

I assume the system is now in an infinite loop, which needs to be cleared

I am desperate for a quick solution so any help would be much appreciated, I will continue looking for a solution in the meantime.

Many Thanks in advance, Colin

colin
  • 65
  • 2
  • 12
  • Is this an include file? – Yash Karanke Apr 02 '18 at 10:04
  • Try to add `exit();` after redirection code. – Darshan Jain Apr 02 '18 at 10:05
  • Make sure that you don't have the same header on your login page ! – lotfio Apr 02 '18 at 10:07
  • Yes I should have said I did not add the header.php to the login page. I will try to add exit(); after the redirection, I am just using the – colin Apr 02 '18 at 10:11
  • try to put ob_start() in top of header file and ob_flush() in end of the footer – Rahul Apr 02 '18 at 10:19
  • I don't think is it a problem of `exit()` since the exit construct is used for security reasons. the error message is coming from too many redirection meaning the header is redirecting to another header which is creating an infinite loop ! – lotfio Apr 02 '18 at 10:23
  • which page are you trying to access while getting this error ? does this happen with all your pages ? – lotfio Apr 02 '18 at 10:34
  • it appears to be happening with all PHP pages (40 odd) where I added the line at the top of the file, despite now having removed the line and saved the file to its original state. PHP files where I had not made this change work ok, this seems to be the pattern – colin Apr 02 '18 at 10:53
  • Rahul, I have tried adding to top of login.php and to end of login.php after call to footer.php but it still displays browser error – colin Apr 02 '18 at 11:00

2 Answers2

1

The code after header('Location: login.php') is still being executed unless you know what you are doing always exit() after a Location header as this is much more secure.

Also, you can change the require to avoid a double include (that would cause this problem)

<?php require_once('header.php'); ?>

However this more of a patch than a code logic fix.

A better solution would be to do something like the following:

#header.php

if(!defined('TO_LOGIN')){
  define('TO_LOGIN', true);
  header("Location: login.php");
  exit();
} else {
  trigger_error('Another request to "login.php". debug: <pre>' . print_r(debug_backtrace(), true) . '</pre>');
}

Because if a client does not have cookies enabled, this would never cause the code to loop.

Xorifelse
  • 7,878
  • 1
  • 27
  • 38
  • Thanks Xorifelse, I have now added the exit to prevent further occurrences, but do you know how I stop the existing code executing on my localhost, resulting in the error on my browser shown above, as I cannot continue until this is fixed. Cheers Colin – colin Apr 02 '18 at 10:27
  • I've updated the code a bit, it will throw a debug if another include of `header.php` is made. This you can use to see which file caused the issue in the first place and fix it from there. – Xorifelse Apr 02 '18 at 10:37
0

I have solved the problem, my file header.php (used to check if user logged in and call login.php if NOT logged in) was calling login.php

header.php
 called login.php
     called header-loginregister.php
         called header.php

so it was creating an infinite loop, I need to be careful where I place the include header.php call to avoid this mistake in the future.

So indirectly login.php was calling itself via header-loginregister.php and header.php

Thanks for all the comments on how to improve the code which I will implement.

colin
  • 65
  • 2
  • 12