www programming

function redirect($url, $return = false, $disable_cd_check = true)

Since last post been using:

[code]function redirect($url, $return = false, $disable_cd_check = true)[/code]

And no more error.

argh too busy lately, haven't been keeping up.

Thanks so much for response. I am going to use just: https://www.axew3.com/w3/2016/02/phpbb-login-redirect-external-domain-subdomain/

And see what happens from there. The hardest thing is, I can't seem to reproduce it.. so therefor I have less idea of what's going on, ya know?

Honestly, began thinking it might be a cookie issue or perhaps the fact that I change my internet constantly when jumping from hotspot to home.

I'll keep paying attention to this, I am sure this is probably just my problem, no one elses.

do not know if i've understand the mean above, so maybe my answer will be wrong.
The old code concept, with the [i]preg_replace[/i] pattern, try to extract the absolute domain name, like
[i]thetopfew.com[/i] in the passed url
so assign to the var [i]$w3[/i] the domain name where phpBB is installed
$w3 = request_var('REMOTE_ADDR','0');
and so check that this value match in some way.

But the pattern can fail, in several ways, and further more, for sure when we are on domains like [i]co.uk[/i].
For this, maybe in certain domains, will fail to disable the check and correctly redirect out of phpBB folder installation.
So for this, the suggested modification, has been changed into the new one on help install:
[url]https://www.axew3.com/w3/2016/02/phpbb-login-redirect-external-domain-subdomain/[/url]

To be precise, this is not so secure as the previous: there is no check into passed url, that could be also an external site. But this not represent to me (maybe i'm wrong) a big potential security issue. You can redirect what you want if you like, until the redirect not contain any of my data, but yours.
Could contain sensitive data about server? Do not think, but this consideration is merely based on my experience.

The secure, and secured way, would be that in this piece of code, the extraction of the domain should be done by a function that never fail to extract from passed url the correct domain name to check against. That can be the cookie function that you already know, for example.

p.s for instance, in this online example there is no change on phpBB code about this, because it is not a subdomain or something like axew3.co.uk, where the pattern can fail, causing the error onlogin in phpBB [i]trying to redirect to potential[/i] ....

function redirect($url, $return = false, $disable_cd_check = false)
{
	global $user, $phpbb_path_helper, $phpbb_dispatcher;
	
	$w3ck = preg_replace('/^[^\.]*\.([^\.]*)\.(.*)$/', '\1.\2',$url); // kaspir added
 
	$w3 = request_var('REMOTE_ADDR','0');
 
	if(stristr($w3ck, $w3)){
		$disable_cd_check = true;
	} //end kaspir

anyway to refine what I have here? I'm getting the error once in while still.

[code]function redirect($url, $return = false, $disable_cd_check = false)
{
global $user, $phpbb_path_helper, $phpbb_dispatcher;

$w3ck = preg_replace('/^[^\.]*\.([^\.]*)\.(.*)$/', '\1.\2',$url); // kaspir added

$w3 = request_var('REMOTE_ADDR','0');

if(stristr($w3ck, $w3)){
$disable_cd_check = true;
} //end kaspir[/code]

I was getting the redirect error as well but this method didn't work for me. I received an error 500 when I applied that code to phpbb includes/functions.php

:lol:

I missed it too - Thank you for your great support! That fixed it for me!!

:D