[RESOLVED] Header doesn't work after upgrade

denzlite

Upgraded PHP recently on server, is there something wrong with this?

// Redirect:
		$url = absolute_url ('instructions.php');
		header("Location: $url");
		exit();

laserlight

It depends on the implementation of the absolute_url function.

denzlite

hmm... I think it has something to do with the upgrade itself... is it possible there is some Apache/PHP setting my admin missed?

I tried some straight basic header calls copied from php.net and even they don't work...

THanks...

walterquez

what is the value returned from absolute_url ('instructions.php')?

bradgrafelman

Is display_errors set to On and error_reporting set to E_ALL ? Perhaps PHP is trying to output an error message (e.g. "Headers already sent").

denzlite

Ok - this is the problem I can't figure out. I had PHP code using headers that was working perfectly fine with PHP 4.x - but we recently updated our Apache server and all services. I'm not very good with all this - but now that we have PHP 5.x my headers don't work.

When one submits login credentials it should load a new page (I'm using a session variable). Instead it displays a blank page. I know the session gets set off the login because then if I go to that exact page, it loads.

Is strange no?

Ashley_Sheridan

What is that absolute_url function? I can't find it on the PHP manual pages. Is it coming from somewhere else, and if so, where and what is it doing?

laserlight

Ashley Sheridan wrote:
What is that absolute_url function? I can't find it on the PHP manual pages. Is it coming from somewhere else, and if so, where and what is it doing?

It is some user defined function, which is why I noted that its implementation needs to be shown.

denzlite

here is what I'm trying to do - This is the login page, upon correct credentials this would redirect them. The session is getting set properly, but the redirect isn't. Again, this was working, but my admin recently moved everything over to a new server and upgraded PHP.

if (isset($_POST['submitted'])) {

require_once ('includes/login_functions.inc.php');
require_once ('includes/connection.php');
require_once ('includes/functions.php');
list ($check, $data) = check_login($connection, $_POST['email'], $_POST['password']);

if ($check) { // OK!

	// Set the session data:

	session_start();
	$_SESSION['id'] = $data['id'];
	$_SESSION['name'] = $data['name'];
	$_SESSION['email'] = $data['email'];

	// Store the HTTP_USER_AGENT:
	$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
	$_SESSION['check'] = 22;
	// Redirect:
	$url = absolute_url('submissions_grid.php');
	header("Location: $url");
	exit();

} else { // Unsuccessful!
	$errors = $data;
}

} // End of the main submit conditional.

Ashley_Sheridan

Again, what is absolute_url and could you show the code that defines it?

denzlite

oh yes, sorry:

function absolute_url ($page = 'login.php') {

// Start defining the URL...
// URL is http:// plus the host name plus the current directory:
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

// Remove any trailing slashes:
$url = rtrim($url, '/\\');

// Add the page:
$url .= '/' . $page;

// Return the URL:
return $url;

} // End of absolute_url() function.

denzlite

I've tried subsituting a redirect without using the above function,

header('Location: http://www.google.com/');

but even that doesn't work...

bradgrafelman

You never answered above, so I'll reiterate:

bradgrafelman;10898893 wrote:
Is display_errors set to On and error_reporting set to E_ALL ? Perhaps PHP is trying to output an error message (e.g. "Headers already sent").

denzlite

Well - that's tricky. There are other developers working on the same live server so it isn't feasible to turn on error reporting.

So - I created a local copy of everything using WAMP and Dreamweaver and set error reporting to On. I exported the live database to my local machine and when I ran everything the header worked fine.

I was hoping to recreate the error with a local copy where I could control everything with my own settings - but alas it works. Same code - same db only on my WAMP.

So - everything worked fine on the former server. The problem started with moving everything to a new server and upgrading PHP from v4 to v5 - is there any other track I can take? Are there other settings in PHP ini that might affect this behavior?

Let's assume that the error does say headers already sent - what would be the path to follow in that case?

Thanks for your patience.

Ashley_Sheridan

I can't see any problem with the absolute_url function, but I'd go through a few checks just in case:

After the line that reads:

$url = absolute_url('submissions_grid.php');

What do you get if you add a

print $url;

(obviously ignoring the headers already sent error you might get); does it display the URL you expected?

I'm not sure about your login check. AFAIK, your list() is expecting a scaler and an array, yet you are expecting these to be returned from a function which should only be returing one variable, which could be a scaler OR an array, and not both. Are you sure that this is the best way to do it? Maybe instead, you could pass the two variables by reference, like this:

$check = false;
$data = Array();
check_login($connection, $_POST['email'], $_POST['password'], $check, $data);

and then in your check_login() function, accept the parameters like this:

check_login($connection, $email, $password, &$check, &$data);

One final possible cause of the problem, are you validating the $_POST variables you are using before you send them to any queries in the check_login() function? If the password, for example, had an apostrophe in, it could cause all sorts of havoc with your query.

denzlite

All right. Here's what I've done. Headers are now working on other pages. At the top of every page I include a session.php file with the following code to kick people back to the login page:

	// The user is redirected here from login.php.
	session_start(); // Start the session.
	// If no session value is present, redirect the user:

if (($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT'])) OR (!isset($_SESSION['agent']))) {
	require_once ('login_functions.inc.php');
	$url = absolute_url();
	header("Location: $url");
	exit();	
}


$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

On the login.php - nothing I did would make the redirect work - and since I can't turn errors on the live server and it works on local server, I instead went with a meta tag:

if (isset($_POST['submitted'])) {

require_once ('includes/login_functions.inc.php');
require_once ('includes/connection.php');
require_once ('includes/functions.php');
list ($check, $data) = check_login($connection, $_POST['email'], $_POST['password']);

if ($check) { // OK!

	// Set the session data:
	session_start();
	$_SESSION['id'] = $data['id'];
	$_SESSION['name'] = $data['name'];
	$_SESSION['email'] = $data['email'];

	// Store the HTTP_USER_AGENT:
	$_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

	/* // Redirect:
	$url = absolute_url('submissions_grid.php');
	header("Location: $url");	
	exit(); */

	$url = absolute_url('submissions_grid.php');
	echo '<meta http-equiv="Refresh" content="0.3; URL=';
	echo $url;
	echo '">';

} else { // Unsuccessful!
	$errors = $data;
}

} // End of the main submit conditional.
echo '<div id="login">';
include ('includes/login_page.inc.php');
echo '</div>';

It seems like this works. If someone tries to access an interior page directly then the header redirect seems to work. I don't know why on the login page it doesn't.

Thanks, this is all code from a training course that i've tried to jimmy - so that's why it's so frustrating. But I guess that's what being a noob is all about.

Thanks -

Ashley_Sheridan

Sounds like you're outputting some content to the browser then. Check the login page, are the first 5 characters of the file

<?php

? you got to make sure there are not even any spaces before that PHP tag.

bradgrafelman

If you want to see if the headers being sent is the problem, you could do something like this:

// Redirect:
if(!headers_sent()) {
        $url = absolute_url ('instructions.php');
        header("Location: $url");
        exit();
} else {
        exit("DEBUG: Headers already sent!");
}

I just ask about the headers already being sent because it's easy to have this error; a single space or blank line before a '<?php' tag would cause data to be outputted and thus HTTP headers to be sent before the header() command is called.

denzlite

Thanks folks. That's it. Brad - that debug code was nice for me. It was frustrating not to be able to turn on error reporting - and yes, that's the error - "Headers already sent."

Correct me if I'm wrong - but this has got be an issue with our new server - with the implementation of Apache/PHP. I don't understand either - my admin says that he upgraded PHP - but to Version 5.2.5?? But my local WAMP/php (where error rep is on and i don't receive any warnings) is 5.2.6 - and the newest is 5.2.8. Hmm. Would love to get admin rights and monkey around with the php.ini sometime in the dead of night.

bradgrafelman

This error has nothing to do with a configuration; somewhere in your code, you are outputting data. Now, that may be a blank space or empty line before a '<?php' tag (note that this includes any files include/require'd as well!), or it may be actual data you meant to output. Either way, once you output data, HTTP headers are sent to the user and thus you cannot change them.

denzlite wrote:
It was frustrating not to be able to turn on error reporting

But that's what I don't understand; even if you can't turn on display_errors, surely you must be utilizing the error_log directive to log all PHP errors someplace for review, right?