4

I am writing a basic authorization system and I am struggling with it a bit. There are two files involved - index.php and login.php. The login form is pretty simple (it's inside index.php): 

<fieldset class="right">
    <label for="email">Email

        <input id="email" name="email" type="text" value=""/>
    </label>
    <label for="password">Password
        <input id="password" name="password" type="password" />
        <a href="#" onclick="$('#password-box').toggle();" >Forgot your password?<span></span></a>
    </label>
    <div class="btn-login"><button type="submit" value="Login"></button></div>
</fieldset>
</form>

The login.php contents:

<?php
//  Include the launcher file.
require_once('globals.php');
require_once(CORE . 'launcher.php');

//  Collect the information sent to us.
$mail = (isset($_POST['email'])) ? $_POST['email'] : '';
$password = (isset($_POST['password'])) ? $_POST['password'] : '';

$LoginError = false;
    // AUTHORIZATION STUFF HERE
if ($LoginError) {
    header('Status: 200');
    header('X-Test: test');
    header('Location: index.php');
    exit();
}

As you can see, I'm sending a custom header to the script containing the form in case there was an error during signing in. In the index.php, I'm using headers_list(), but the header I'm sending is not present in the list.

What is causing that? I've tried with php_value "output_buffering" "0" in the .htaccess file, but no success.

UPDATE After checking in Chrome, the header is being received by the browser, but is not available in PHP.

Thanks in advance.

Improve this question
1
  • The answer should be clear now with four different explanations :D Commented Apr 10, 2012 at 18:58

4 Answers 4

Reset to default
3

The redirect is sent to and processed by the client which responds by navigating to the given Location: index.php. You should not expect that the custom header is provided by the browser when it is requesting index.php from the server.

CLIENT                                    SERVER
 |------- POST login.php ------------------>|
 |                                          |
 |<- 200, Location: index.php, X-Test:test -| (this is where you send the header)
 |                                          |
 |------- GET index.php ------------------->| (no header from client to server)
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

3

The headers() you specify with header() will be present in the output from server -> client. However, when doing a redirect, the browser will perform a NEW request, client -> server, and the browser is under no obligation to include your custom headers in this new request.

Improve this answer

Comments

1

I'm sending a custom header to the script containing the form

No you're not. Your sending a custom header to the client (user's browser) and the client will simply ignore/discard it.

If you need to maintain state, use a cookie/sessions or place something in the new location, e.g., header('Location: index.php?login=false');.

Improve this answer

Comments

1

The custom headers you are sending to the user are being received. But they're being discarded when the browser does the redirect because the browser isn't sending them to the redirected page. That's why you don't see them.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.