Comments on: PHP function to Redirect a user with a message http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/?utm_source=rss&utm_medium=rss&utm_campaign=php-function-to-redirect-a-user-with-a-message BlueDog Web Services Thu, 26 Jan 2012 21:06:46 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Paul http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-112 Paul Wed, 20 Apr 2011 22:05:34 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-112 Thanks a lot, just what I needed. God bless you! Thanks a lot, just what I needed. God bless you!

]]> By: shabzo http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-111 shabzo Tue, 12 Apr 2011 21:15:57 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-111 thanks will give a shot thanks will give a shot

]]> By: Aaron D. Campbell http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-110 Aaron D. Campbell Tue, 12 Apr 2011 14:02:20 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-110 Instead of displaying the message and THEN redirecting, just use the code from this post and display the message on the page you're redirecting to. [sourcecode lang="php"] if ( /* Successfully changed pass */ ) { redirect( "Your new password is updated", "/page/where/success/goes.php" ); } else { redirect( "Your old password is invalid", "/page/to/try/again.php" ); } [/sourcecode] Then of course you need the code from above to display the messages on both "/page/where/success/goes.php" and "/page/to/try/again.php": [sourcecode lang="php"] if (isset($_GET['message']) && isset($_SESSION[$_GET['message']])) { echo $_SESSION[$_GET['message']]; unset($_SESSION[$_GET['message']]); } [/sourcecode] Instead of displaying the message and THEN redirecting, just use the code from this post and display the message on the page you’re redirecting to.

if ( /* Successfully changed pass */ ) {
    redirect( "Your new password is updated", "/page/where/success/goes.php" );
} else {
    redirect( "Your old password is invalid", "/page/to/try/again.php" );
}

Then of course you need the code from above to display the messages on both “/page/where/success/goes.php” and “/page/to/try/again.php”:

if (isset($_GET['message']) && isset($_SESSION[$_GET['message']])) {
	echo $_SESSION[$_GET['message']];
	unset($_SESSION[$_GET['message']]);
}
]]> By: shabzo http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-109 shabzo Sat, 09 Apr 2011 17:49:37 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-109 when a user wants to change his password and is successfull i have this $msg[] = "Your new password is updated"; //header("Location: mysettings.php?msg=Your new password is updated"); } else { $err[] = "Your old password is invalid"; //header("Location: mysettings.php?msg=Your old password is invalid"); } i want to display the message and then redirect to the login page when a user wants to change his password and is successfull i have this
$msg[] = “Your new password is updated”;
//header(“Location: mysettings.php?msg=Your new password is updated”);
} else
{
$err[] = “Your old password is invalid”;
//header(“Location: mysettings.php?msg=Your old password is invalid”);
}
i want to display the message and then redirect to the login page

]]> By: OpenBSD http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-108 OpenBSD Sun, 19 Dec 2010 10:39:04 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-108 if (isset($_GET['message']) && isset($_SESSION[$_GET['message']])) { echo $_SESSION[$_GET['message']]"; unset($_SESSION[$_GET['message']]); } if (isset($_GET['message']) && isset($_SESSION[$_GET['message']])) {
echo $_SESSION[$_GET['message']]";
unset($_SESSION[$_GET['message']]);
}

]]> By: OpenBSD http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-107 OpenBSD Sat, 18 Dec 2010 23:16:19 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-107 Sorry Your Comment system Block php tag !!! Sorry Your Comment system Block php tag !!!

]]> By: OpenBSD http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-106 OpenBSD Sat, 18 Dec 2010 23:14:31 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-106 Hi, can you send full php code with tag ? i dont care this : $my_get[] = "{$n}={$v}"; thanks . Best regards. Hi,
can you send full php code with tag ? i dont care this : $my_get[] = "{$n}={$v}";

thanks .
Best regards.

]]> By: Aaron D. Campbell http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-105 Aaron D. Campbell Thu, 12 Jul 2007 13:52:46 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-105 <blockquote><strong>Session poisoning</strong> (also referred to as "Session data pollution" and "Session modification") is to exploit insufficient input validation in server applications which copies user input into session variables.</blockquote> <p>I'm often guilty of forgetting some of the things that can cause these kinds of problems. Chalk it up to being spoiled. I work with custom written software (mine) on dedicated Rackspace servers. However, there are a few ways that you can cause session poisoning.</p> <p>First, you can insufficiently validate content that you store in it. To fix this, simply be careful about what you put in it, making sure it is what you mean to put there. Don't assume a user put a number into the "total cost" field. Assume your users are malicious.</p> <p>Secondly, you could have scripts or applications that use overlapping session variables. I see this as a worse possibility because "joe no coder" could download and install two conflicting scripts without even knowing it. To solve this, check out the applications you are using. If you can't understand the code, at LEAST do some serious research.</p> <p>Lastly, you could have a poorly configured shared server. Again, this is dangerous because people often don't have control over this. Again, however, research is your friend. Please like <a href="http://www.webhostingtalk.com/" onclick="" rel="nofollow">Web Hosting Talk</a> often have hundreds of reviews on hosts.</p> <p>Jem: this isn't aimed at you. This is aimed at filling in the gaps in the article above, for the users that need it.</p>

Session poisoning (also referred to as “Session data pollution” and “Session modification”) is to exploit insufficient input validation in server applications which copies user input into session variables.

I’m often guilty of forgetting some of the things that can cause these kinds of problems. Chalk it up to being spoiled. I work with custom written software (mine) on dedicated Rackspace servers. However, there are a few ways that you can cause session poisoning.

First, you can insufficiently validate content that you store in it. To fix this, simply be careful about what you put in it, making sure it is what you mean to put there. Don’t assume a user put a number into the “total cost” field. Assume your users are malicious.

Secondly, you could have scripts or applications that use overlapping session variables. I see this as a worse possibility because “joe no coder” could download and install two conflicting scripts without even knowing it. To solve this, check out the applications you are using. If you can’t understand the code, at LEAST do some serious research.

Lastly, you could have a poorly configured shared server. Again, this is dangerous because people often don’t have control over this. Again, however, research is your friend. Please like Web Hosting Talk often have hundreds of reviews on hosts.

Jem: this isn’t aimed at you. This is aimed at filling in the gaps in the article above, for the users that need it.

]]> By: Jem http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-99 Jem Thu, 12 Jul 2007 09:18:16 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-99 <p>I hope you didn't type all that out for my benefit :p</p> <p>"However, if you simply don’t put bad data in, you won’t get bad data out." - obviously only an idiot do that, but that doesn't cover the risks of sessions on badly configured shared hosting coupled with possibility of session poisoning (I only realised it had it's own term last night, hehe): http://en.wikipedia.org/wiki/Session_poisoning</p> <p>A shared host user manipulates the session and then calls it using using $_GET? Sounds perfectly feasible to me. </p> <p>Call me paranoid but I would say ALWAYS sanitise, rather than simply "when in doubt". Better safe than sorry, no?</p> I hope you didn’t type all that out for my benefit :p

“However, if you simply don’t put bad data in, you won’t get bad data out.” – obviously only an idiot do that, but that doesn’t cover the risks of sessions on badly configured shared hosting coupled with possibility of session poisoning (I only realised it had it’s own term last night, hehe): http://en.wikipedia.org/wiki/Session_poisoning

A shared host user manipulates the session and then calls it using using $_GET? Sounds perfectly feasible to me.

Call me paranoid but I would say ALWAYS sanitise, rather than simply “when in doubt”. Better safe than sorry, no?

]]> By: Aaron D. Campbell http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-104 Aaron D. Campbell Wed, 11 Jul 2007 19:32:17 +0000 http://bluedogwebservices.com/php-function-to-redirect-a-user-with-a-message/#comment-104 Having said all that, when in doubt...SANITIZE! Having said all that, when in doubt…SANITIZE!

]]>