Cannot redirect to another file after removing .php extension from url

Syther · April 19, 2023, 12:06pm

This is my website’s login.php hosted on a free account

After adding the following code to my .htaccess, i am not able to login.
here’s the code:

RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^([^\.]+)$ $1.php [NC,L]

The code worked and its now showing login instead of login.php
but now i am not able to login (it worked fine before adding the code)

The system is that once user entered correct credentials, it should either set a cookie or keep a session (depending upon the remember me option) and redirect to profile.php
But my profile.php is not accepting me because:

<?php
session_start();
if(!isset($_COOKIE['logged']) && !isset($_SESSION['logged'])){
    header('location: login.php');
}
?>

this code is in the start of profile.php and it is redirecting me to login page which is tells that cookie and session are not set. but it works fine when i remove the first code from .htaccess

$_SESSION['logged'] and $_COOKIE['logged'] are set when a user logs in.
here’s the code of it (login.php):

if(isset($_POST['check'])){
    setcookie('logged', 's', time() + (86400*30), '/');
    setcookie('username', $username, time() + (86400 * 30), '/');
}else{
    $_SESSION['logged'] = 's';
    $_SESSION['username'] = $username;
}
header("Location: http://infenix.rf.gd/profile.php");

and http://infenix.rf.gd/profile.php simply redirects me to login page, it means either the cookie or session is not set.

i need some help to fix this problem because everything works fine without adding the first code.

Admin · April 19, 2023, 6:34pm

I just tested your registration system and it’s working fine for me.

The provided .htaccess is extremely simple. All it does is take a URL like /login and map it to /login.php. I cannot think of any way it could affect how sessions and cookies work.

Also, I took a look at your code. Please note that HTTP cookies are set through HTTP headers, which means that any setcookie function calls must be sent BEFORE any HTML or other response data is sent to the browser, as by then it’s too late to send headers. If not, the cookie will not be set.

You can verify if the cookies are set in your browser through the Developer Tools. And through the Network tab, you can see if the POST call to your login form actually returned the cookies. Cookies are set with the Set-Cookie response header, so you should see those headers on the login form.

system · April 26, 2023, 6:34pm

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.