DEVHIDE
Login Or Sign up

Cannot Redirect Using $_SERVER Variables, PHP

161 Views Asked by At

I have a PHP application (a request form) that first checks for an active $_SESSION before a user can access the site. Because of the timeout period set for this form there is rarely an active session. Here's the check:

if (isset($_SESSION['samlUserdata'])) {
    $attributes = $_SESSION['samlUserdata'];
    $user_department = $attributes['department'];
    $user_email = $attributes['email'];
    $user_employee_id = $attributes['employee_id'];
    $user_full_name = $attributes['full_name'];
}

...and here is the else {} that I use to grab the REQUEST_URI:

else {
    if (isset($_SERVER['REQUEST_URI'])) {
        $referer = $_SERVER['REQUEST_URI'];
        $redirect = "https://myinternalwebsite.net$referer";
    }
    header("Location: https://myinternalwebiste.net/confirm_auth.php?sso");
}

...and last, here is what I do with the $_GET

if (isset($_GET['sso'])) {
    if (isset($redirect)) {
        $auth->login($redirect);
    } else {
        $auth->login("https://myinternalwebsite.net/");
    }
}

However, once my session is killed I am never properly routed back to the URL set in the ['REQUEST_URI'], I am always just dumped onto the internal site's front page. I have troubleshooted this on and off for some time over the last week, to no avail. I've tried other variables in the $_SERVER array as well, such as ['REDIRECT_URL'].

I'm at a loss, and I'm sure this fairly simple for anyone with more experience than myself... so I am all ears and eager to learn.

EDIT:

Thank you for the comments below. Per your advice I will add the entirety of my code here, removing only the unnecessary parts. (And yes, I appreciate the tip to flip the initial (isset()) to (!isset(). Thank you for that.)

<?php
    session_start();
    $auth = new OneLogin\Saml2\Auth($saml_settings);

    if (isset($_SESSION['samlUserdata'])) {
        $attributes = $_SESSION['samlUserdata'];
        $user_department = $attributes['department'];
        $user_email = $attributes['email'];
        $user_employee_id = $attributes['employee_id'];
        $user_full_name = $attributes['full_name'];
    } else {
        if (isset($_SERVER['REQUEST_URI'])) {
            $referer = $_SERVER['REQUEST_URI'];
            $redirect = "https://example.net$referer";
        }
        header("Location: https://example.net/confirm_auth.php?sso");
    }

    if (isset($_GET['sso'])) {
        if (isset($redirect)) {
            $auth->login($redirect);
        } else {
            $auth->login("https://example.net/");
        }
    } else if (isset($_GET['slo'])) {
        $auth->logout();
    } else if (isset($_GET['acs'])) {
        $auth->processResponse();
        $errors = $auth->getErrors();

        if (!empty($errors)) {
            echo '<p>', implode(', ', $errors), '</p>';
        }

        if (!$auth->isAuthenticated()) {
            echo "<p>Not authenticated!</p>";
            exit();
        }

        $_SESSION['samlUserdata'] = $auth->getAttributes();
        if (isset($_POST['RelayState']) && 
OneLogin\Saml2\Utils::getSelfURL() != $_POST['RelayState']) {
        $auth->redirectTo($_POST['RelayState']);
        }
    } else if (isset($_GET['sls'])) {
        $auth->processSLO();
        $errors = $auth->getErrors();
        if (empty($errors)) {
            echo '<p>Sucessfully logged out!</p>';
        } else {
            echo '<p>', implode(', ', $errors), '</p>';
        }
    }

?>
php redirect request-uri redirect-uri
Original Q&A
0

There are 0 best solutions below

Related Questions in PHP

Related Questions in REDIRECT

Related Questions in REQUEST-URI

Related Questions in REDIRECT-URI

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.