Rubin Shrestha
Rubin Shrestha
Blog

Infinite redirect when link of form localhost/…/(…) is entered by not-logged-in user on Xampp/Apache server

by |Published

I’m encountering a bizarre issue with a site I’m building on my XAMPP-hosted webserver. Under certain circumstances (explained below) I encounter an infinite redirect and cannot figure out what on earth is triggering it.

Here’s what’s supposed to happen:

  1. A user, whether or not they’re logged in to my site (through login.php), upon entering localhost/... into the search bar, where ... is anything other than a valid link, is redirected to menu.php, which is my main menu for the site.
  2. If logged in, they can then click on any link in menu.php and the site redirects to that link.
  3. If not logged in, upon clicking a link (other than log out) on menu.php, they are redirected to login.php. After successfully logging in, they are redirected to whatever link they originally clicked.
  1. and 3. work fine. 1. works fine for the most part, but breaks whenever:

a) the user is NOT logged in AND

b) the user enters a link of the form localhost/.../(...) So, for example, localhost/asdf/ or localhost/bad/link/of/mordor trigger infinite redirect. localhost/asdf works fine, but adding the slash at the end triggers the infinite redirect, suggesting there’s some issue handling access to non-existent subfolders of localhost.

For example, when I enter localhost/asdf/ into the search bar, the link that eventually appears is http://localhost/asdf/login.php?redirect=%2Fasdf%2Flogin.php%3Fredirect%3D%252Fasdf%252Flogin.php%253Fredirect%253D%25252Fasdf%25252Flogin.php%25253Fredirect%25253D%2525252Fasdf%2525252Flogin.php%2525253Fredirect%2525253D%252525252Fasdf%252525252Flogin.php%252525253Fredirect%252525253D%25252525252Fasdf%25252525252Flogin.php%25252525253F..., where it keeps going on and on like that, with the 252525... sequences getting longer and longer. My browser window shows “localhost redirected you too many times” and the link stops at 8570 characters.

There is no such page as localhost/asdf/login.php, only localhost/login.php.

RELEVANT INFORMATION

  • I have ErrorDocument 404 /menu.php in htdocs/.htaccess. This catches most bad links and redirects to menu.php but doesn’t help with the situation described.

WHAT I TRIED

  • I tried setting ErrorDocument 414 /menu.php in htdocs/.htaccess, hoping this would catch very long links, but this doesn’t fix the problem.
  • I’ve tried a number of different configurations in login.php to try to address the issue, since it seems to be redirecting to that page over and over apparently. I tried this:
<?php
session_start();
$conn = new mysqli("localhost", "root", "", "test");
if ($conn->connect_error) die("Connection failed");

$message = "";
$redirect = $_GET['redirect'] ?? 'menu.php';
$loginSuccess = false;

// Supposed to prevent redirect loops by checking the session but doesn't work properly
if (isset($_SESSION['redirected']) && $_SESSION['redirected'] === true) {
    // Too many redirects, redirect the user to 'menu.php'
    header('Location: menu.php');
    exit();
}

// Set the redirected flag if not already set
$_SESSION['redirected'] = false;

if ($_SERVER["REQUEST_METHOD"] === "POST") {
            $_SESSION['redirected'] = true;
    $username = $_POST["username_1"] ?? "";
    $password = $_POST["password"] ?? "";
    $redirect = $_POST["redirect"] ?? 'menu.php';
//more php not related to this issue...

This, however, does not fix the issue. I also tried adding this:

if (isset($_SERVER['HTTP_REFERER']) && strpos($_SERVER['HTTP_REFERER'], 'login.php') !== false) {
    header('Location: menu.php');
    exit(); // Always call exit after a header redirect
}

and also this:

$current_url = "http://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
if ($current_url === "http://" . $_SERVER['HTTP_HOST'] . "/login.php") {
    header('Location: menu.php');
    exit(); // Always exit after redirect
}

but the issue still persists. I’ve tried a couple other things that unfortunately I have since lost with the idea being to check if the previous url equaled the current one, but none of it resolved the issue.

So, in sum,

  • How do I properly address not-logged-in users trying to access non-existent subfolders?
  • Why does this infinite redirect occur?
  • How can I fix it?

Again, this only occurs when the user is NOT logged in.

I appreciate any assistance.

You may also like

Authorization issue
Published

Authorization issue

<response> <message>The consumer isn’t authorized to access %resources./message> <parameters> <resources>Magento_Customer::customer</resources> </parameters> </response> I am getting this issue when trying to fetch the […]