theamazingninja Posted July 3, 2008 Share Posted July 3, 2008 Here is my code: <?php require_once('db.php'); include('functions.php'); if(isset($_POST['Login'])) { if($_POST['username']!='' && $_POST['password']!='') { $query = mysql_query('SELECT ID, Username, Active FROM users WHERE Username = "'.mysql_real_escape_string($_POST['username']).'" AND Password = "'.mysql_real_escape_string(md5($_POST['password'])).'"'); if(mysql_num_rows($query) == 1) { $row = mysql_fetch_assoc($query); if($row['Active'] == 1) { $_SESSION['user_id'] = $row['ID']; $_SESSION['logged_in'] = TRUE; header('Location: http://www.mywebsite.com/new_page.php'); } else{ $error = 'Your membership was not activated. Please open the email that we sent and click on the activation link.'; } } else { $error = '<font color="#FF0000" size=4>Wrong username or password.</font>'; } } else{ $error = 'Please enter both your username and password to access your account.'; } } ?> Everything works fine with no errors, but the header won't redirect to the new page. Please help. Thank you. Quote Link to comment Share on other sites More sharing options...
p2grace Posted July 3, 2008 Share Posted July 3, 2008 Do you have the headers already established? Try displaying the errors. error_reporting(E_ALL); ini_set('display_errors', '1'); Quote Link to comment Share on other sites More sharing options...
TransmogriBenno Posted July 3, 2008 Share Posted July 3, 2008 The script should exit as soon as you set the Location header, and you need to use session_start before you attempt to get or set any session variables. Quote Link to comment Share on other sites More sharing options...
p2grace Posted July 4, 2008 Share Posted July 4, 2008 Just note that the script will only exit on the session if the headers haven't been already established.... If you haven't already established the headers, try adding die() after the redirect to ensure the script exits. Quote Link to comment Share on other sites More sharing options...
TransmogriBenno Posted July 4, 2008 Share Posted July 4, 2008 If you haven't already established the headers, try adding die() after the redirect to ensure the script exits. Sorry if I wasn't clear, that's what I meant by: The script should exit as soon as you set the Location header Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted July 4, 2008 Share Posted July 4, 2008 The script should exit as soon as you set the Location header, and you need to use session_start before you attempt to get or set any session variables. There is no code that can be executed after he sends the Location header so calling die() is useless in this case. Quote Link to comment Share on other sites More sharing options...
mmarif4u Posted July 4, 2008 Share Posted July 4, 2008 Try this as p2grace mention above: error_reporting(E_ALL); ini_set('display_errors', '1'); At very top of the script after <?php. Quote Link to comment Share on other sites More sharing options...
SharkBait Posted July 4, 2008 Share Posted July 4, 2008 How do you know you are not getting an error? You're not echo'ing your $error variable anywhere that I can see in the code. Quote Link to comment Share on other sites More sharing options...
teynon Posted July 4, 2008 Share Posted July 4, 2008 Try something for me: at the very beginning on the code, put this: ob_start(); then at the very end of the code, put this: ob_end_flush(); Quote Link to comment Share on other sites More sharing options...
theamazingninja Posted July 4, 2008 Author Share Posted July 4, 2008 the ob_start(); and ob_flush(); worked. Thank you everyone for your help. Quote Link to comment Share on other sites More sharing options...
theamazingninja Posted July 4, 2008 Author Share Posted July 4, 2008 I have a new problem now. When the header redirects, it goes to a page called student_home.php where I have this code: <?php error_reporting(E_ALL); ini_set('display_errors', '1'); session_start(); if (!isset($_SESSION['user_id'])) { echo "You must be logged in to view this page"; die(); } else { echo "Hello, you're logged in!"; } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Complete Guitar Method</title> </head> <body> Student Homepage. </body> </html> it was saying i wasn't logged in. I figured there was a problem with the sessions but wasn't sure. I added the code that p2grace suggested: error_reporting(E_ALL); ini_set('display_errors', '1'); and this is what it is displaying: Warning: session_start() [function.session-start]: open(/var/php_sessions/sess_90d40c9825203679c2f22fae21b19e4f, O_RDWR) failed: No such file or directory (2) in /hermes/bosweb/web075/b753/sl.dw/public_html/student_home.php on line 4 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /hermes/bosweb/web075/b753/sl.dw/public_html/student_home.php:4) in /hermes/bosweb/web075/b753/sl.dw/public_html/student_home.php on line 4 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /hermes/bosweb/web075/b753/sl.dw/public_html/student_home.php:4) in /hermes/bosweb/web075/b753/sl.dw/public_html/student_home.php on line 4 You must be logged in to view this page Warning: Unknown(): open(/var/php_sessions/sess_90d40c9825203679c2f22fae21b19e4f, O_RDWR) failed: No such file or directory (2) in Unknown on line 0 Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/php_sessions) in Unknown on line 0 I really don't understand what's happening. Hopefully someone can help me out. Thanks. Quote Link to comment Share on other sites More sharing options...
TransmogriBenno Posted July 6, 2008 Share Posted July 6, 2008 There is no code that can be executed after he sends the Location header so calling die() is useless in this case. What I'm saying is that it's good practice, otherwise you can end up in a situation like this: <?php if (!$logged_in) { header ('Location: login.php'); } ?> Hello, logged in user. Here's the secret/private stuff you are accessing. In this case, the secret/private stuff is sent to the client along with the location header, which means that anyone using a net debugger or special browser will see it, before their client sends the request for login.php. Or another case, like this: if ($condition_a) { header ('Location: a.php'); } if ($condition_b) { header ('Location: b.php'); } Suppose $condition_a and $condition_b are true, this won't do at all what you might expect by looking at the code. Quote Link to comment Share on other sites More sharing options...
Daniel0 Posted July 6, 2008 Share Posted July 6, 2008 Or another case, like this: if ($condition_a) { header ('Location: a.php'); } if ($condition_b) { header ('Location: b.php'); } Suppose $condition_a and $condition_b are true, this won't do at all what you might expect by looking at the code. It's pretty simple if one bothers to read the manual. Calling header() with the same header twice will override it. Therefore, if $condition_a is true and $condition_b is false you will go to a.php. If $condition_b is true it will always go to b.php. Otherwise you will go nowhere. One might want to continue script execution so the "always die() after sending a Location HTTP response header"-rule doesn't always hold. An example could be cleanup/garbage collection. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.