Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts

    404 redirect script not working

    Hi, I've set up a PHP script which checks the inputted URL against records in a db, and does one of two things- (1) sends the user to a specified URL if the typed URL matches a record in the db, or (2) just outputs the 404 ewrror page if there's no match in the db.

    The problem is that it always outputs the 404, regardless of whether or not there's a matching record in the db. I guess something must be wrong with the script but I can't see what:

    This is the code:

    <?php
    include ('manager/exhibitions/inc/dbconnect.php');

    $query = "SELECT showname FROM exhibitionstable WHERE showname = '". mysql_real_escape_string($_SERVER['REQUEST_URI']) ."' ";

    $numresults=mysql_query($query);
    $numrows=mysql_num_rows($numresults);

    if ($numrows == 0)
    {
    echo "<p>404 error</p>";
    }
    else
    {
    header('location: exhibitions.html');
    exit;
    }
    ?>

    Any ideas?

  • #2
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    I would try 2 things:

    1) echo your $query. It sometimes helps to see the problem at once. I would also try to run the echoed query outside of PHP (from phpMyAdmin or - if under Windows - HeidiSQL).

    2) try to output MySQL error message
    PHP Code:
    $numresults=mysql_query($query) or die(mysql_error()); 
    Of course or die(mysql_error()); must be commented or removed in the Production environment.

  • #3
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Thanks, tried echoing the $query and interestingl;y it displays in the output page:

    SELECT showname FROM exhibitionstable WHERE showname = '/Show2'

    "Show2" being the typed URL- but what I don't see is where on earth it's getting the slash from as it isn't in the SELECT statement...

    I guess it's picking it from the typed URL but I need a way of stopping the script including it...

    ???
    Last edited by galahad3; 09-17-2009 at 11:17 AM.

  • #4
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    Do you need to cut off the query string ? (the part of URL after "?" e.g. in URL's like /my_script?a=1).

    I think you could use basename() and String functions like this:
    PHP Code:
    $name basename($_SERVER['REQUEST_URI']);
    if(
    false!==strpos($name,'?'))
    {
     
    $name substr($name,0,strpos($name,'?'));


  • #5
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Okay- so we can then use $name in place of the global SERVER variable inside the $query, right?

    Thanks

  • #6
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    Yes.

    If you need stricter validation for anything that comes from $_SERVER['REQUEST_URI'], you could also use regular expressions. I am not absolutely sure if $_SERVER['REQUEST_URI'] could be changed by a potential attacker (maybe not). And also your script already looks like a validation script so I mentioned this just in case.

    String functions are usually considered much faster but regular expression normally give more control on what you validate without writing a lot of code. Regexps are slower but in cases where I want to be absolutely sure that something exactly corresponds the required pattern I always use regexps.

  • #7
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    That seems to be working- many thanks. It's forwarding to the speciofied page if the URL matches the db entry anyway so that's a big step forwards.

    Many thanks for the pointers.

    [Hmm... well it *was* working... but now in the testing echo I get this output:

    SELECT showname FROM exhibitionstable WHERE showname = 'fixed.htc'

    Where that comes from I've no idea as it certainly isn't in the database!

    This is the current code:

    <?php
    include ('manager/exhibitions/inc/dbconnect.php');

    $name = basename($_SERVER['REQUEST_URI']);
    if(false!==strpos($name,'?'))
    {
    $name = substr($name,0,strpos($name,'?'));
    }

    $query = "SELECT showname FROM exhibitionstable WHERE showname = '". mysql_real_escape_string($name) ."' ";

    echo $query;

    $numresults=mysql_query($query) or die(mysql_error());
    $numrows=mysql_num_rows($numresults);

    if ($numrows == 0)
    {
    echo "<p>404 error</p>";
    }
    else
    {
    header('location: exhibitions.html');
    exit;
    }
    ?>

    What's interesting if that it worked ONCE, I typed in http://mydomain/travejl.html and travejl.html is an entry in the db) and it forwarded to exhibitions.html.

    But now it just shows the output as above...
    Last edited by galahad3; 09-17-2009 at 03:06 PM.

  • #8
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Okay, this is *very* weird.

    For some reason, it only works once for each mis-typed URL, and ONLY if I make some arbitrary change to the script, undo the change, and save the script!

    For example:

    I save and upload the script
    I type in a URL which is in the db, for example, mydomain.com/GNETIG
    It forward to exhibitions.html. GREAT!

    But...

    I go back and type the URL again (even after completely clearing the cache or using a different machine) and it doesn't work. It just goes to the 404 output.

    However if I stay on that page, go and re-save the script file again, and then refresh the page- bingo, it forwards to the exhibitions.html page.

    Why would it be doing this?! Obviously it isn't workable as it needs to work every time, not just one time only and just after the script has been saved. Also I tested from a separate machine that hadn't browsed to that page before, and got the same result, so it's not session-based.

    I should note that when I re-save the script I'm not making any changes to it. The script itself seems to work fine.

    Anyone know why this bizarre behavior would take place?
    Last edited by galahad3; 09-17-2009 at 05:35 PM.

  • #9
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    I think you would need to debug ... Echo $_SERVER['REQUEST_URI'] each time instead of redirecting, echo the query, check how many rows returned - if 0, run the SELECT query on the table and see why this happened ...

    Most important - check that the script names are present in the table exhibitionstable and no script deletes them from the table.

  • #10
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Well, if I change the script so I echo the SERVER variable instead:

    if ($numrows == 0)
    {
    echo "$_SERVER['REQUEST_URI']";
    }

    I actually get no output at all from the script...

    There are no other swcripts running on the table and I've also manually checked the table and found all the records are still in place and unchanged...

  • #11
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    The correct syntax is either
    PHP Code:
    echo $_SERVER['REQUEST_URI']; 
    or
    PHP Code:
    echo "{$_SERVER['REQUEST_URI']}"
    No output means the error output is suppressed.

    Add the following to the very top of the script while debugging:
    PHP Code:
    error_reporting(E_ALL);
    ini_set('display_errors','1'); 
    After debugging is over, please comment or delete these 2 lines.

  • #12
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Okay, interestingly it now outputs as follows:

    SELECT showname FROM exhibitionstable WHERE showname = 'fixed.htc' /fixed.htc

    I still have no idea what fixed.htc is or where the script gets this from, as it certainly isn't in the db nor is in the typed URL. ???

  • #13
    Regular Coder
    Join Date
    Mar 2006
    Posts
    238
    Thanks
    3
    Thanked 37 Times in 37 Posts
    How do you redirect to this script to process URL's ? With .htaccess ? You are using Apache mod_rewrite ? If .htaccess does not contain any information you consider sensitive (only in this case) could you post the file content here ?

  • #14
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    There is a .htaccess in the web root, this is the contents of the file:

    Options +FollowSymlinks
    RewriteEngine On
    RewriteBase /

    # Fix Apache internal dummy connections from breaking [(site_url)] cache
    RewriteCond %{HTTP_USER_AGENT} ^.*internal\ dummy\ connection.*$ [NC]
    RewriteRule .* - [F,L]

    # Rewrite domain.com -> www.domain.com -- used with SEO Strict URLs plugin
    #RewriteCond %{HTTP_HOST} .
    #RewriteCond %{HTTP_HOST} !^example\.com [NC]
    #RewriteRule (.*) http://example.com/$1 [R=301,L]

    # Exclude /assets and /manager directories from rewrite rules
    RewriteRule ^(manager|assets) - [L]

    # For Friendly URLs
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?q=$1 [L,QSA]

    # Reduce server overhead by enabling output compression if supported.
    #php_flag zlib.output_compression On
    #php_value zlib.output_compression_level 5
    Last edited by galahad3; 09-18-2009 at 11:10 AM.

  • #15
    Regular Coder
    Join Date
    Sep 2009
    Posts
    174
    Thanks
    18
    Thanked 0 Times in 0 Posts
    Is there is anything in the .htaccess that needs to be changed?

    I just don't see how the script works fine but only if it's just been saved!


  •  
    Page 1 of 2 12 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •