Codeigniter with google oauth2 adds hashtag php to redirect('usercp')

Codeigniter's redirect() function uses the php header() function in 2 ways:

    switch ($method)    {        case 'refresh':            header('Refresh:0;url='.$uri);            break;        default:            header('Location: '.$uri, TRUE, $code);            break;    }

using the refresh parameter will not add the hashtag.You find more about this in system/helpers/url_helper.php

you can use this to your advantage in google_login.php changing

$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));

accordingly to

$redirect = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'];header('Refresh:0;url=' . filter_var($redirect, FILTER_SANITIZE_URL));

When calling the redirect, you should be able to drop the hash by using the refresh param:

redirect('usercp', 'refresh');

You can modifying the url by doing something like

$url = strstr($url, '#', true);

But otherwise since it's a client-side stuff there's not a lot of options. You could also remove it from javascript when the client load the page with

history.pushState('', document.title, window.location.pathname + window.location.search)

since this is too long in the comment section, here goes:

try to use your browser's debug mode/developer tools, and see the network part of it. in there, you could see the sequence of requests when your page are loading.

if you are using chrome, thick the preserve log option before doing the oauth.

do the oauth and then try to find the request to google that redirects to your page.

click on the request, you will get the details of the request.

see for the response header, it should be 302 status and the destination should be your http://www.example.com/usercp url.

if you did not see the #, then you have problems in your part, try to check your .htaccess file.

if it's there in the destination, then the problem lies in google part, and not much you can do about it