header problem

Anon

Hi,

I am trrying to use the methods:

header("Location: invalidpassword.php");
or
include('invalidpassword.php');

as was mentioned in a forum-thread I made yesterday.

However I am get the results:

Warning: Cannot add header information - headers already sent by (output started at C:/Apache/htdocs/loguserin.php:2) in C:/Apache/htdocs/loguserin.php on line 5

On line 4 and 5 I of loguserin.php which calls invalidpassword.php, I have got the following code:

header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");

So how do I call invalid password from loguserin without getting header errors, but still having no-caching on the loguserin page?

Cheers,
James

Anon

As the error states, you are outputting text. You mention line 4 and 5 but not 2. Look again and eliminate this output.

timbach2

Also, make sure there is not a blank line before your <?php tag.

(usually its the silly things that kill ya)

Anon

Well line 2 is just a <?php tag, so I can't understand why it isn't liked,,, and there is no blank line before it!

This is the first 7 lines of my program:

<body>
<?php

header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");
if ($notloggedin)
header("Location: invalidpassword.php");

timbach2

James wrote:

<body>
<?php

...that's the problem. You're outputting the characters <body> before you're calling the header. nothing can be output before the header()

The reason I mentioned a blank line is because a blank line will output a "\n\r" which prevents you from setting cookies, or any header() functions. For more info about headers, read up on how to set cookies with php.

BTW, have you looked into PHPLIB? It's got what you're trying to do-- sessions, password, etc.

Anon

Thanks...That fixed the problem.

I have looked at sessions, but not much.
I have my own algorithm that generates a 50-character long random code, enters it into the user's account database (along with a datestamp), and passes the code as a transparent variale along the hyperlinks.

Each page then verifies this code against the username variable (also passed along the hyperlinks), and checks that the datestamp is not more than one hour old.

The datestamp is updated everytime a link is clicked, that passes the above tests so that a user is not auto-logged out unless they stop using it for an hour.

If a login is rejected, then the header is diverted to another page - as this "header problem" has been about. Else it continues with that page.

I'm not certain whether this is a better/faster/easier way of doing things that with the Sessions Support in PHPLIB, and I don't know too much about it it...but my method only takes about 4 lines of code at the top of each page. The only two main ways my login can be hacked is if the hacker gets into my accounts database on the server to retrieve the logincode, or intercepts the transparent variables and knows how to pass them through the link.

I am working on a new version, which sends the hyperlink to every new php page as a variable, but as it is verified it gets updated with a new logincode, that is generated using the last logincode as a key. Then, when the page loads up, the new login code is sent. So if it gets intercepted as it is being sent outbound, it doesn't matter - because it is already out of date!

This is better than using cookies with seessions, because what if the user has cookies disabled - and what if two PHP pages are being accessed at once by the same machine? Does one page overide the cookie containing data about the other?

Anon

But why I cant output nothing before the header.
This make no sense as there are many cases that an output need to be done before redirection.

And Is there is a way in PHP to redirect from page to page using other than header function???

By the way, I am using Javascript to perform this task as follows:

echo "<script language=JavaScript>";
echo "parent.location.href='manage.php'";
echo "</script>";

But the problem is that Javascript doesnot work in some browsers..