0

I'm teaching myself PHP so this is probably something stupid I don't know yet, but why is my redirect not working...

I'm trying to do this:

header("Location: members.php?view=$user"); exit;

which doesn't do anything, but when I place a link in die statement upon successful login

die("You are now logged in. Please <a href='members.php?view=$user'>click here</a> to continue.");

I can click on that link and it works fine.

Full Code

<?php //login.php
  include_once 'header.php';
  echo "<div class='main'><h3>Please enter your details to log in</h3>";
  $error = $user = $pass = "";

  if (isset($_POST['user'])) {
    $user = sanitizeString($_POST['user']);
    $pass = sanitizeString($_POST['pass']);

    if ($user == "" || $pass == "") {
      $error = "Not all fields were entered<br />";
    }
    else {
      $query = "SELECT user,pass FROM members WHERE user='$user' AND pass='$pass'";

      if (mysql_num_rows(queryMysql($query)) == 0) {
        $error = "<span class='error'>Username/Password invalid</span><br /><br />";
      }
      else {
        $_SESSION['user'] = $user;
        $_SESSION['pass'] = $pass;
        header("Location: members.php?view=$user"); exit;
      }
    }
  }

echo <<<_END
<form method='post' action='login.php'>$error
<span class='fieldname'>Username</span><input type='text' maxlength='16' name='user' value='$user' /><br />
<span class='fieldname'>Password</span><input type='password' maxlength='16' name='pass' value='$pass' />
_END;
?>

<br />
<span class='fieldname'>&nbsp;</span>
<input type='submit' value='Login' />
</form><br /></div></body></html>



<?php //header.php
session_start();
echo "<!DOCTYPE html>\n<html><head><script src='js/osc.js'></script>";
include 'functions.php';

$userstr = ' (Guest)';

if (isset($_SESSION['user'])) {
    $user     = $_SESSION['user'];
    $loggedin = TRUE;
    $userstr  = " ($user)";
}
else {
    $loggedin = FALSE;
}

echo "<title>$appname$userstr</title><link href='css/main.css' rel='stylesheet' type='text/css' />" .
     "</head><body><div class='$appname'>$appname$userstr</div>";

if ($loggedin) {
    echo "<br /><ul class='menu'>" . 
     "<li><a href='members.php?view=$user'>Home</a></li>" . 
     "<li><a href='members.php'>Members</a></li>" . 
     "<li><a href='friends.php'>Friends</a></li>" . 
     "<li><a href='messages.php'>Messages</a></li>" . 
     "<li><a href='profile'>Edit Profile</a></li>" . 
     "<li><a href='logout.php'>Log Out</a></li></ul><br />";
}
else {
    echo ("<br /><ul class='menu'>" . 
    "<li><a href='index.php'>Home</a></li>" . 
    "<li><a href='signup.php'>Sign Up</a></li>" . 
    "<li><a href='login.php'>Log In</a></li></ul><br />" . 
    "<span class='info'>&#8654; You must be logged in to view this page.</span><br /><br />"
    );
}

?>

I've tried removing the first echo at the top, as well as the $error message. Like I said, I'm trying to improve on some code I picked up from this O'Reilly book, so I appreciate any help, guidance, criticism, etc.

itsclarke
  • 8,622
  • 6
  • 33
  • 50
  • 4
    Show the code before your call to `header()` – John Conde Mar 24 '14 at 19:28
  • possible duplicate of [How to fix "Headers already sent" error in PHP](http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php) – Paul Dessert Mar 24 '14 at 19:31
  • 6
    i bet a million dollars there's output before the header call –  Mar 24 '14 at 19:31
  • At what level is your error_reporting() ? If it is false, please turn it on and paste whatever error shows up (an error should show up). – Octavian Mar 24 '14 at 19:31
  • Output before the header, or the exit call right after header? I believe header does not actually do anything instantaneously, and code after the header call can execute. If redirecting, you should call `die(header("Location: members.php?view=$user"));` – Michael Wheeler Mar 24 '14 at 19:34
  • @Michael, there is no issue with an exit() after the header. – noahnu Mar 24 '14 at 19:43
  • @noahnu Yeah, looks like you either wrap the header with die, or call exit after. My mistake. Guess Dagon gets to keep his million dollars... – Michael Wheeler Mar 24 '14 at 19:47
  • @JohnConde I've added the entire file to the question now. Thanks for any input you give. – itsclarke Mar 25 '14 at 15:19
  • @Dagon I've tried removing the output as best I could, but still cant seem to get it to redirect. I've also added my entire file to the question. I would appreciate any guidance you have for this particular question. – itsclarke Mar 25 '14 at 15:20

4 Answers4

3

Any output (echo) from the PHP script prior to setting the Location header will cause the redirection to fail. In an ideal world, a script that redirects a user shouldn't really have a body, though many still do.

Remove any echo lines before you call Header.

Luke Joshua Park
  • 9,527
  • 5
  • 27
  • 44
1

You have output before your redirect. You can't redirect once output has been sent to the browser.

echo "<div class='main'><h3>Please enter your details to log in</h3>";

Move this code block to after your redirect code.

John Conde
  • 217,595
  • 99
  • 455
  • 496
0

You either have to do away with the code which generates any html before the header function or try putting ob_start() right at the beginning of the page preferably the first line.

Vagabond
  • 877
  • 1
  • 10
  • 23
-1

As already said by Aeaex , the echo will make your header redirect fail. As an alternative to using a header redirect, you could echo this : 

'<meta http-equiv="refresh" content="2;url=http://myurl.com">';

where the number 2 in the content is the amount of seconds before the redirect, set it to 0 if it needs to be done immediately.

This might be bad practice and break w3 validation though.

developers-have-no-vacation
  • 642
  • 1
  • 5
  • 13