[Resolved] Headers Already Sent Error with Authentication

cbj4074

Hi everyone,

I have some code that authenticates a user with MySQL. The code is functional, I'm just wondering how to avoid resending headers.

Basically, I have a template for my site, which is coded with PHP and HTML. The template includes all of the code for every page, except for one table cell that holds the content, which is where each page differs.

My login page uses this template, so obviously the page contains headers. I'm running into the problem when a user logs in successfully. In my login code, I redirect the user to another page upon successful login. This used to work, but I upgraded from PHP5 RC2 to 5.0.1 and now I get the headers already sent error. I wondered why I didn't get it before, to be honest, since I knew I was sending headers twice...

Is there any other way to send authenticated users to another page without sending another, illegal, header?

Thanks 🙂

yelvington

Headers are simple. They go at the top of the output. If you are getting an error, it means you have sent some output other than a header before sending the header. Look closely at your code and make sure you did not inadvertently introduce a space or a newline.

cbj4074

Hey, thank you for the response. Maybe I wasn't clear in phrasing my question...

I understand perfectly well how headers work. I'm looking for more of a strategic response, such as a method for authenticating users with a form-based approach (as opposed to Apache digest or something) that allows me to send the user to another page once authenticated.

If one has a form on a login page, and it uses XHTML-1.0-compliant code, headers have already been sent. Agreed? So using PHP, how would one go about redirecting a user upon successful authentication without having the form action be set to another page? Is it possible?

Right now, my form action is set to $_SERVER['PHP_SELF']. The reason is so that I can display a "bad username/password" message on the login page, instead of displaying it on an ugly, white, subsequent page and forcing the user to click back. I'm running into the headers problem when I attempt to send the user to the "Congrats, you're logged in" page, for obvious reasons.

Just wondering how PHP programmers normally deal with this situation, because I see this type of login page on a lot of sites.

Thanks!

tsinka

Hi,

I hope that I understood you completely 🙂

The solution to this problem is in most cases to move the code that checks the submitted data on top of the script so that you can execute the header function before any output is created. Make sure to add exit just after the header call like e.g.

<?PHP
if (isset($_POST['submit'])) {
  $redir = true;
  $error = "";
  // do form validation and send header 
  if (!isset($_POST['theid']) || !is_numeric($_POST['theid'])) {
    $redir = false;
    $error .= "invalid id submitted<br />\n";
  }

  if ($redir) {
    header("Location: http://mydomain.com/welcome.php");
    exit;
  }
}
?>
<html>
  <head>
    <title>Login</title>
  </head>
  <body>
    <?=$error?>
    ....
    <form name="loginform" method="post" action="<?=$_SERVER['PHP_SELF']?>">
      ....
      <input type="submit" name="submit" value="Login" />
    </form>
  </body>
</html>

Thomas

cbj4074

Yup, you understood me exactly 😉

I should have thought of that earlier!

Thanks for your code, too; it gave me some new ideas!