Solved

Another header question by a PHP newbie

Posted on 2004-09-13
12
308 Views
Last Modified: 2008-02-01
I want to re-direct users to the log in page if not logged in using the code
//session_start();

ob_start()

if (!$_SESSION["userid"])
{
// User not logged in, redirect to login page
Header("Location: login.php");
ob_flush();
}

I keep getting the following:
Warning: Cannot modify header information - headers already sent by (output started at <page name>)

Also, if I uncomment the session line, I also get
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at <page name>

How can I correct this? Thanks.
0
Comment
Question by:nicky2k
  • 6
  • 5
12 Comments
 
LVL 48

Expert Comment

by:hernst42
ID: 12048069
There is other output send by your script. maybe
<newline>
<?php
// your script

put at the 1st line of your script  (before you incude anything or call any function)
<?php ob_start();?>

Then you should be able to get rid of that messages ans session_start() should also work
0
 
LVL 3

Expert Comment

by:steve918
ID: 12048090
sometimes ob_flush sends headers when it shouldn't especially with Apache 2.  You might try

header("Location: login.php");
exit;  // Try adding exit

If that don't work try removing ob_flush and make sure you don't have any characters INCLUDING blank space after the ?>
0
 

Author Comment

by:nicky2k
ID: 12048262
Now I've got rid of the message, but I get redirected all the time to the login page!!!
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 48

Accepted Solution

by:
hernst42 earned 150 total points
ID: 12048287
If that warning comes for session_start() there has been made output before that function is executed by PHP. Instead of using ob_flush() you might use
ob_end_clean();
die(1);

The interessting part (the lines before //session_start(); or the first lines of your php-script) are missing so we could see where that error might come from. If you have firther problems please post that lines.
0
 

Author Comment

by:nicky2k
ID: 12048354
Now I have

<?php
 ob_start();

session_start();

if (!$_SESSION["userid"])
{

// User not logged in, redirect to login page
Header("Location: login.php");
ob_end_clean();
die(1);

The header error has gone, but the session error remains. I read in a PHP text book that session_start(); has to be written on every page where sesssion variables are used. Is that true?
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12048376
Is session_start still commented out ? and is $_SESSION["userid"] realy set.

Change:
if (!$_SESSION["userid"]){
// User not logged in, redirect to login page
Header("Location: login.php");

to:

if (!$_SESSION["userid"]){
// User not logged in, redirect to login page
var_dump($_SESSION);
die(1);

so you will see whats in your session, but you won't be redirected.
0
 

Author Comment

by:nicky2k
ID: 12048470
With session_start(); commented out, i get NULL in the browser.
$_SESSION["userid"] was supposed to be set during the login process below:-

<?php
      session_start();
      
      ob_start();

             
      
      // dBase file
      include "dbConfig.php";
      
      if ($_GET["act"] == "login")
            {
            if (!$_POST["username"] || !$_POST["password"])
                  {
                  die("You need to supply a username and password.");
                  }
            
            // Create query
            $q = "SELECT * FROM  users WHERE username='".$_POST["username"]."' AND password='".$_POST["password"]."'";
                  
            echo $q."<br><br>";
            
            // Run query
            $r = mysql_query($q);

            if ( $obj = @mysql_fetch_array($r) )
                  {
                  // Login O.K., create session variables
                  $_SESSION["userid"] = $obj["userid"];
                  $_SESSION["loggedinuser"] = $obj["first_name"]."&nbsp;".$obj["last_name"];
                  $_SESSION["usertype"] = $obj["usertypeid"];
                  $_SESSION["sitename"] = "Elephantfeet.com website administration";
                  $_SESSIOM["imagepath"]= "C:\Inetpub\wwwroot\elephantfeet\generic_images";
                  $_SESSION["valid_time"] = time();

                  // Redirect to member page
                  
                  Header("Location: admin_main.php");
                  ob_flush();
                  }
            else
                  {
                  // Login not successful
                  die("Sorry, could not log you in. Wrong login information.");
                  }
            }
      else
            {
      ?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
      <TITLE>Elephantfeet.com website administration</TITLE>
      <META NAME="Generator" CONTENT="TextPad 4.4">
      <META NAME="Author" CONTENT="?">
      <META NAME="Keywords" CONTENT="?">
      <META NAME="Description" CONTENT="?">
      <LINK REL="stylesheet" href="styles/sitewide.css">
      <script language="JavaScript" src="scripts/loginval.js"></script>
</HEAD>

<BODY BGCOLOR="#FFDD66" TEXT="#000000" LINK="#FF0000" VLINK="#800000" ALINK="#FF00FF" BACKGROUND="">

<table width="800" height="600" cellpadding="0" border="0" cellspacing="0" align="center">
      <!-- Header Row 2cx1r -->
      <? include("includes/header.php") ?>
      <tr>
            <td>&nbsp;</td><!-- Spacer Row -->
      </tr>
      <!--- menu row ---><?php  echo $_SERVER["server_name"]; ?>
      <tr>
            <td align="left"  valign="top">
                  <form action="login.php?act=login" method="post" name="loginform">
                  <table cellpadding="4" border="0" cellspacing="0" width="100%" align="left">
                        <tr>
                              <td align="center" colspan="2"><h2>Log in</h2></td>
                        </tr>
                        <tr>
                              <td align="right" width="50%">Username :</td>
                              <td align="left" width="50%"><input type="text" name="username" size="20" maxlength="50" class="input"></td>
                        </tr>
                        <tr>
                              <td align="right" width="50%">Password :</td>
                              <td align="left" width="50%"><input type="password" name="password" size="20" maxlength="50" class="input"></td>
                        </tr>
                        <tr>
                              <td align="right" width="50%"><input type="submit" name="submit" value="Log in" class="button" onclick="return loginval();"></td>
                              <td align="left" width="50%"><input type="reset" value="Clear" class="button"></td>
                        </tr>
                  </table>
                  </form>
            </tD>
      </tr>
      <? include("includes/footer.php") ?>
</table>
</body>
</html>

<?php

}

?>

0
 
LVL 48

Expert Comment

by:hernst42
ID: 12048545
If you don't use session_start on that page then the $_SESSION variable is null/empty and that check
if (!$_SESSION["userid"]) will always be true and you will be redirected. So so not comment out session_start();
0
 

Author Comment

by:nicky2k
ID: 12049051
Uncommented, I still get
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at <page name>), but the value of $_SESSION["userid"] is now displayed.
0
 
LVL 48

Expert Comment

by:hernst42
ID: 12049298
Is that file included into another page ? whcih might have printed something:

If you file loks like the following and is not included from another page so this code may not produce such an error:
<?php
ob_start();
session_start();
if (!$_SESSION["userid"])
{
...
0
 

Author Comment

by:nicky2k
ID: 12052856
The login process does everything on the same page and sets the session variables. I then want to use these session variables throughout the application until the session expires, hence the test for $_SESSION["userid"]. The code I have is EXACTLY as you have written it.

The process should be
1) Enter username and password into login form, which posts to itself
2) When form details are posted, check database to see if user exists. If user exists, set session variables and then take user to main home page (NOTE: redirection done hear also, which is ehre header may have been printed), Else let user view log in form again.

I will try adding ob_end_clean(); die(1); in the log in page. if it works, you get the points!!!

:)

0
 

Author Comment

by:nicky2k
ID: 12052919
I have ob_start(); on every page!!!! That is what the problem was!!! What do you know, you live and learn!!
But hernst42, you get points for putting up with me.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Installer 5 37
PHP Query return divisible by 3 3 26
Returning errors to display in a dialog box - Ajax, Json, Php 16 33
Checking https returns 301 21 21
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

860 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question