Too many redirects

I've created the following session class for my own personal framework. I decided that the framework should automatically check if a user is logged in and then do whatever the programmer wants, in my case I'm check to see if they have chosen a character. If they aren't logged in they need to be sent to the back to the login page. But when I do this, the browser pulls and error and says there are too many redirects. I don't understand how.


<?php
require_once("functions.php");
class Session {

private $logged_in = false;
private $selected_char = false;
public $user_id;
public $char_id;
public $message;

function __construct() {
session_start();
$this->check_message();
$this->check_login();
if($this->logged_in) {
// actions to take right away if user is logged in
$this->check_char();
if($this->selected_char) {
redirect_to("profile.php");
} else {
redirect_to("select_character.php");
}

} else {
// actions to take right away if user is not logged in
redirect_to("login.php");
}
}

public function is_logged_in() {
return $this->logged_in;
}
public function has_selected_char() {
return $this->selected_char;
}
public function login($user) {
// database should find user based on username/ password
if($user) {
$this->user_id = $_SESSION['user_id'] = $user->id;
$this->logged_in = true;
}
}

public function logout() {
unset($_SESSION['user_id']);
unset($this->user_id);
$this->logged_in = false;
}

public function message($msg="") {
if(!empty($msg)) {
// then this is "set message"
// make sure you understand why $this->message=$msg wouldn't work
$_SESSION['message'] = $msg;
} else {
// then this is "get message"
return $this->message;
}
}

private function check_login() {
if (isset($_SESSION['user_id'])) {
$this->user_id = $_SESSION['user_id'];
$this->logged_in = true;
} else {
unset($this->user_id);
$this->logged_in = false;
}
}
private function check_char() {
if (isset($_SESSION['char_id'])) {
$this->char_id = $_SESSION['char_id'];
$this->selected_char = true;
} else {
unset($this->char_id);
$this->selected_char = false;
}
}
private function check_message() {
// Is there a message stored in the session
if(isset($_SESSION['message'])) {
// Add it as an attribute and erase the stored version
$this->message = $_SESSION['message'];
unset($_SESSION['message']);
} else {
$this->message = "";
}
}
}

$session = new Session();
$message = $session->message();
?>

I'm just taking a wild shot at this one ... something to try...

After each of your redirect_to() lines, add this:

exit;

Mlseim, I do that within my redirect function.

function redirect_to( $location = NULL ) {
if ($location != NULL) {
header("Location: {$location}");
exit();
}
}

So is the error about the redirect function, or is it about "headers already sent"?

See the page doesn't actually render the error, the browser is popping up its own custom error page. I believe it may have something to do with how the header is being sent to a page that has the same exact header in it.

Cyclical redirect?
Is this same session class used within the pages profile.php, select_character.php or register.php? If so, the problem is that you are redirected to a page which calls this same code again, and issues a redirect to itself where it calls this same code and issues a redirect to itself and calls this same code. . . and so forth. You need to detect where the user is first, and only issue such redirect if they are not sitting on one of the pages where they should be redirected to.

Fou-Lu, this is precisely what I thought was happening. I know $_SERVER['HTTP_REFERER'] is not a very reliable way to do this, but is this how I should do it?

Use $_SERVER['SCRIPT_NAME'] or SCRIPT_FILENAME instead. That's the executing script that's running and can be compared to your criteria of when it should not redirect.


Also, other options like sessions are always available.