header problems *SOLVED*

[digitalgod]

Hey guys,

I'm getting header problems with my script but I can't seem to find the problem... I've read the F.A.Q about headers but it didn't really help me.

I've got index.php that has a login form
that's how I load the pages
[code]
<?php
include("includes/cachecontrol.php");
$tmpl=new Template;
$tmpl->errors=0;
$tmpl->cur_page_name="index.php";
include("includes/config.php");

//$tmpl->add_template("top");
include("includes/connect.php");

if ($_COOKIE['remember'] == "" && $_SESSION['remember'] == "") {
block_check("",$_SERVER['REMOTE_ADDR'],"index.php",$prefix);

    $a = (isset($_GET['a']) ? $_GET['a'] : 'default');
    switch ($a) {
//....
?>

//in cachecontrol.php
<?php

header("Content-Type: text/html; charset=ISO-8859-1");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");

//
// Start the session
//
session_start();

//
// Build the template class
//
class Template {
var $errors;
var $cur_page_name;

//.....
?>
[/code]

login2.php  (the part that processes the form)

[code]
<?php
ob_start();
include("includes/config.php");
include("includes/connect.php");
$uname=$_POST['uname'];
$pword=$_POST['pword'];
$remember=$_POST['remember'];
$result=mysql_query("SELECT * FROM ".$prefix."users WHERE username='$uname'") or die(query_error());
$result=mysql_fetch_array($result);
$result=$result['password'];
if ($result == "") {
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
header("Location: error.php?e=1");
}
else {
$active=mysql_query("SELECT * FROM ".$prefix."users WHERE username='$uname'") or die(query_error());
$active=mysql_fetch_array($active);
$active=$active['active'];
  if ($active == "yes") {
    if (md5($pword) == $result) {
    $logged=date('Y-m-d H:i:s');
$insert = mysql_query("UPDATE ".$prefix."users SET last_login='$logged' WHERE username='$uname'") or die(query_error());
header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");
    session_start();
      if ($remember == "yes") {
      $_SESSION['remember']=$uname;
  setcookie("remember",$uname,time()+31449600,"/",$site_address);
      }
      else {
      $_SESSION['remember']=$uname;
      }
    header("Location: members.php");
    }
    else {
    header("Cache-Control: no-store, no-cache, must-revalidate");
    header("Cache-Control: post-check=0, pre-check=0", false);
    header("Pragma: no-cache");
    header("Location: error.php?e=2");
    }
  }
  else {
  header("Cache-Control: no-store, no-cache, must-revalidate");
  header("Cache-Control: post-check=0, pre-check=0", false);
  header("Pragma: no-cache");
  header("Location: error.php?e=3");
  }
}
?>
[/code]

I used ob_start() as a temp solution but I was wondering if there was a better solution

[True`Logic]

include("./....");  <-- on some servers this gives me problems if u dont include "./", could be it..

[digitalgod]

I don't think that's the problem because it worked perfectly before I added an index.php. I just has login.php which had the login form and then would get processed by login2.php and then redirect the user to members.php if the he got approved.

[ryanlwh]

try to put session_start before any header code

[gluck]

I think you are sending an output to the browser before setting the headers. All the headers should be set before any output is sent to the browser

[digitalgod]

ryanlwh, yup that worked perfectly ( I think )

[digitalgod]

oh got another question, my index.php is for members and non members, to access some of the pages you need to be a member so I did this

[code]
<?php
if (isset($_COOKIE['remember']) || isset($_SESSION['remember'])) {
//takes you to the page
} else {
//takes you to the login page
}
?>
[/code]

my question is, is there a better way of doing this, like just checking at the begining of the page, like checking if the session exists, if it does the username is stored in a variable and if it doesn't exist 'guest' is stored in that variable. I think I answered my own question but I want to see if there's another way of doing it

[ryanlwh]

instead of storing 'member' or 'guest', why not just a true false value?
[code]<?php
if (isset($_COOKIE['remember']) || isset($_SESSION['remember'])) {
  $member  = true;
} else {
  $member = false;
}

if($member)
  do this;
else
  do that;
?>[/code]

[digitalgod]

see that's why I needed your opinion :P

thanks again ryanlwh

[ryanlwh]

you're welcome. depending on your need, you can even make it even neater
[code]$member = (isset($_COOKIE['remember']) || isset($_SESSION['remember']));[/code]

[digitalgod]

well $member would contain the username if I do it like that and if they're not logged in $member would be '' so I guess when I need to check if a person is logged in or not I can do if ($member != '')

[ryanlwh]

yeah. it's not a big deal what $member should store or how you check it. just do the best way you think will save you the most headache :)

[digitalgod]

my bad, isset returns 1 or 0

[ryanlwh]

1 and 0 basically equals to true or false