Skip to main content
mmasquith
mmasquith
Participating Frequently
June 14, 2010
Question

PHP "restrict access to page" behavior oddity - extra "/" in URL

  • June 14, 2010
  • 1 reply
  • 3912 views

I have a page with the 'Restrict Access to Page' behavior applied.

The URL that is created is like: "http://domain.com/login.php?accesscheck=%2Fprojects.php"

The %2F in front of projects.php is somehow causing the URL that shows in the browser address area to be login.php instead of projects.php after I enter the correct username and password and the browser navigates to projects.php. So you end up on the correct page, projects.php, but in your browser's address area, it shows login.php.

If I manually remove the %2F, making the accesscheck URL: "http://domain.com/login.php?accesscheck=projects.php", refresh, and put in the correct username and password, it navigates to the correct destination, projects.php, and the correct URL displays in the browser address area.

The %2F slash seems to come out of this section of code: 

$MM_restrictGoTo = "login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {   
  $MM_qsChar = "?";
  $MM_referrer = $_SERVER['PHP_SELF'];
  if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
  if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0) 
  $MM_referrer .= "?" . $QUERY_STRING;
  $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
  header("Location: ". $MM_restrictGoTo); 
  exit;
}
...specifically, $QUERY_STRING. It seems to have an initial "/" character, even though nothing I've coded uses it. When the DW behavior code creates $MM_referrer, and then applies urlencode(), the / gets converted to %2F. 
 
So I'm mystified as to where this extra / comes from in $QUERY_STRING, and why it keeps the URL in the browser from correctly showing the page it navigated to (projects.php).
This topic has been closed for replies.
1 reply
David_Powers
David_Powers
Inspiring
June 14, 2010
Don't know which version of Dreamweaver you're using, but $QUERY_STRING is deprecated code. Replace all instances with $_SERVER['QUERY_STRING'].
mmasquith
mmasquithAuthor
Participating Frequently
June 15, 2010
Thanks, David.
I'm using CS4.
I saw a post on a related topic also say to use $_SERVER['QUERY_STRING'], and have replaced all instances, but unfortunately, the problem remains.
Considering that $_SERVER['QUERY_STRING'] gets its value from the server (yes?), there's probably not a lot that Dreamweaver can do to control it. I don't see anywhere in the chain of Dreamweaver code that would cause this, it is more likely to be a server issue.
That being said, and you being a seasoned professional, can you think of any reason or known setting a server would have to do this? 
To me, the seemingly arbitrary prepending of a / character, even if technically correct from a path perspective, seems strange. I have not run into this behavior before. I'm also still bewildered as to why the browser doesn't show the correct URL for the page being displayed. You end up looking at the projects.php page, but have the login.php URL in the address area. This happens in all my test browsers... Safari, Opera, Firefox, Chrome, all on Mac OSX 10.6.
I think I'll have to write some custom code to detect and remove the /. 
David_Powers
David_Powers
Inspiring
June 15, 2010
The leading slash comes from this line:
$MM_referrer = $_SERVER['PHP_SELF'];
This correctly redirects the user to the referring page when used on a live server or in a virtual host. Presumably, you're testing in a subfolder of localhost, which is why it doesn't work.
$_SERVER['PHP_SELF'] produces a site-root-relative path, such as /products/widgets.php.

        
                                                

        

    


            

                                        

            
                        

                                                                                                            
            




        

                    

    
    





    


                                        

                                                        

            
        
    






                                    
Terms & ConditionsAccessibility statement

            
        



        
            
    
        
    
        



        
        
        


        


        
        
        
        
                                                        

                            
    

                    

  

    

      
        
      
    

    

      
        Using the community
      
      
        Terms of use
      
      
        Privacy
      
      
        Cookie preferences
      
      
        Do not sell or share my personal information
      
      
        ad choicesAdChoices