Solved

Checking login and redirecting to new header from an included part of the page causes header already sent error

Posted on 2008-06-16
3
215 Views
Last Modified: 2008-06-17
Hey

Well the story is my index page calls a header, cell and footer. The cell being the changing element. I'm now adding member only pages and don't know how to protect the page from unauthorised access.

I use this..

<?php
session_start();
if( @$_SESSION['auth'] !="yes")
{header("Location: ../index.php?cellname=pagecells/noauth.php");
exit();
}
?>

and I call it at the start of the cell file that requires protection. Problem is I get errors regarding the header already being sent.

So any ideas on a better way to structure my page. I have offcourse considered sending logged in users to a new php file totally but once again I would want to use cells in that page. If those cell files exist back to square one they will simply be accessed view the original and free to access index.

Only option is whole range of pages created for users only!

thanks for any advice
0
Comment
Question by:Ryan Bayne
3 Comments
 

Assisted Solution

by:qaelan
qaelan earned 50 total points
ID: 21799067
If you are getting errors regarding the headers already being sent, make sure that you are calling the header function before any thing is printed to the browser.
0
 
LVL 14

Accepted Solution

by:
Vel Eous earned 150 total points
ID: 21799084
>> Problem is I get errors regarding the header already being sent.

You're getting that message because you are trying to modifiy the browser headers after they have already been sent.  You should be putting it before your HTML.

<?PHP

session_start();
if( @$_SESSION['auth'] !="yes")
{header("Location: ../index.php?cellname=pagecells/noauth.php");
exit();
}

?>

<html>
...
</html>

Creating a "user/members only area" is no more complicated than your cell approach and in the long term more desirable (think of expansion).

For security store the session_id() in a database table on the server and a cookie on the client.  When the user is authenticated, the database table is populated with the user name and session_id() and the cookie with the same.  When a new page is accessed, do a check on the database table that the current user and session_id() match with that of the cookie.
0
 
LVL 2

Author Comment

by:Ryan Bayne
ID: 21807869
OK lots of good stuff there. Tchuk that seems to be my solution thanks a lot. Never done it before or stored cookies on server but I will see what I can do and more questions if I get stuck

cheers
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
php construct 5 27
Can't find PHP files on account that has WordPress 3 27
tutorial for ebay api 3 35
PHP Installer 5 25
Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question