[RESOLVED] Header not redirecting - Any suggestions

dr_overload

Asking for your help

I'm using the php login script from http://php.about.com/od/finishedphp1/ss/php_login_code.htm

The login page contains the following

header("Location: profile.php");

This redirect works fine if the the page only contains the login file, but as soon as I insert the code & login form into my own login page the redirect doesnt work, the login page just reloads.

From reading various sites I understand this is because the header is not at the top of the page - am I correct in thinking this? If so, is there an alternative I can use?

Thanks
Jon

bradgrafelman

If you show us your code we might be able to help you, but the usual problem is that you outputted data before the header() call.

If you're going to output the login form HTML, make sure you put it in a conditional so that it ONLY tries to output it if a form hasn't been submitted for processing. Don't just output it right away.

Also, to ensure header() redirects work properly, make sure you kill the script directly after the header call.

dr_overload

This is the code - which I placed within the body of html page.

<?php

// Connects to your Database
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$username = $COOKIE['ID_my_site'];
$pass = $COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM pds_users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check )) 	
	{

	if ($pass != $info['password']) 
		{

		}

	else
		{
		header("Location: profile.php");

		}

	}

}

//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
	die('You did not fill in a required field.');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
	$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM pds_users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That username is invalid. <a href=register.php>Click Here to Register</a>');
}

while($info = mysql_fetch_array( $check ))
{

$POST['pass'] = stripslashes($POST['pass']);
$info['password'] = stripslashes($info['password']);
$POST['pass'] = md5($POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
	die('Incorrect password, please try again.');
}

else
{
// if login is ok then we add a cookie

$POST['username'] = stripslashes($POST['username']);

$hour = time() + 3600;
setcookie(ID_my_site, $POST['username'], $hour);
setcookie(Key_my_site, $POST['pass'], $hour);

//then redirect them to the members area
header("Location: profile.php");
}

}

} else {

// if they are not logged in
?>
<link href="football.css" rel="stylesheet" type="text/css">

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr class="selection">
<td colspan=2><h3>Login</h3></td></tr>
<tr><td class="text">Username:</td>
<td>
<input name="username" type="text" class="details" maxlength="40">
</td></tr>
<tr><td class="text">Password:</td>
<td>
<input name="pass" type="password" class="details" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}

Weedpacket

dr_overload wrote:
which I placed within the body of html page.

So bradgrafelman was right, then.

dr_overload

Weedpacket wrote:
So bradgrafelman was right, then.

Yes, so is there a way to get round this?

Thanks

Eric_T

I use this

echo '<script language="JavaScript" type="text/javascript">';
echo 'top.location.href="blah.php";';
echo '</script>';

dr_overload

Resolved using ob_start() & ob_end_flush

Thanks anyway 🙂

Weedpacket

Just be aware that that's not a resolution, that's a temporary workaround while the thing's getting fixed.