headers already sent(but it worked before)

[Ninjakreborn]

I am trying to redirect someone to another location after they login.  I need it to do what it needs to do, and redirect them back to the homepage, set on what school they are suppose to, so I have to pass school through it
header("Location: index.php?school={$_SESSION[schoolaccess]}");
That is what I have, but it is saying header allready sent,  I thought the location header could be sent anywhere??

[bholbrook]

something else is being sent to the browser before that line of code, can you post all of your code?

[Ninjakreborn]

The thing is I thought you could use redirect anywhere.  Like in the middel of a page, if they do something it redirects them somewhere, I thought this could be used pretty much anywhere, to change them to other pages, when something happens. 
[code]<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
include './includes/meta.inc.php'; // includes meta tags, stylesheet, and javascript inclusion
?>
</head>
<body>
<div id="wrap">
<?php
include './includes/header.inc.php'; // inserts header, logo, and everything up there
?>
    <br style="clear: both;" />

<?php
include './includes/leftnav.inc.php'; // inserts left navigation
?>

    <div id="content">

        <div id="processor">
<h3>Sign Up Completion</h3>
<?php
// signing into database, and preparing for validation and entry
mysql_connect("mysql185.secureserver.net", "#####", "######");
mysql_select_db("joyel");

// Get information from database to work with
$errorhandler = "";
$username = mysql_real_escape_string($_POST['username']);
$username = strtolower($username);
$password = mysql_real_escape_string($_POST['password']);
$password = strtolower($password);
if ($username == "") {
$errorhandler .= "The Login Username was left blank.<br />";
}
if ($password == "") {
$errorhandler .= "The password was left blank.<br />";
}
if ($errorhandler != "") {
echo "<span class=\"spanred\">";
echo $errorhandler;
echo "</span>";
}

if ($errorhandler == "") {
$password = md5($password);
$selectemail = "SELECT * FROM userinfo WHERE email = '$username';";
$queryemail = mysql_query($selectemail);
if ($rowemail = mysql_fetch_array($queryemail)) { // checks if email exists
$selectpass = "SELECT * FROM userinfo WHERE email = '$username' AND password =
'$password';";
$querypass = mysql_query($selectpass);
if ($rowpass = mysql_fetch_array($querypass)) {
$_SESSION['username'] = $rowpass['email'];
$_SESSION['schoolaccess'] = $rowpass['schoolname'];
$_SESSION['controller'] = true;
$_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['lastlogin'] = date("m/d/y");
$url = "http://www.thecampussource.com/index.php?school={$_SESSION['schoolaccess']}";
header("Location: {$url}");
}else {
// Send email to account owner, notifying him of date and time of attempted access
// With improper password to his/or her account
echo "You have attempted an unauthorized access.<br />";
echo "If you are not the user of this account, please discontinue this activity ";
echo "immediately.";
echo "The original account owner was sent all of your computer information.  If they.";
echo "Report the unauthorized attempt to administration you will be banned from the ";
echo "site for an indefinite period of time.";
$to = "{$rowemail[email]}";
$subject = "www.thecampussource.com: Security Issue";
$newdate = date("m/d/y");
$newtime = time();
$message = "
  There has been a possible unauthorized attempt on your account.  Someone attempted to access your account via your email address, however they provided the wrong credentials.  The following information was information we were able to recover from the attempted entry.  If you are wondering whether or not this was you, please compare this IP number with your IP number for a match, if there was no match, then please contact administration, with the IP number of the person who attempted unauthorized access, with a forwarded version of this email, and we will investigate, and possible ban that user from the site.
IP Address: {$_SERVER['REMOTE_ADDR']}
Possible Browser: {$_SERVER['HTTP_USER_AGENT']}
Date of Attempt: {$newdate}
Possible Time Of Attempt: {$newtime}
";
$headers = "From: Administrator@thecampussource.com";
mail($to, $subject, $message, $headers);
} // end security measure

}else {
echo "There is no point in continuing with the process.  your email does not exist ";
echo "within our database.  Please double check your email address, register, or contact ";
echo "support if you feel you recieved this message in error.<br />";
}
} // close error handler check

?>




        </div>

    </div>
<?php
include './includes/banner.inc.php'; // includes the banner, randomly selected from a database
?>

<?php
include './includes/footer.inc.php'; // includes the page footer, bottom navigation copyright
?>
</div>
</body>
</html>[/code]

[Ninjakreborn]

Ok what's going on, I can't even use location when I try and do a logout with session destroy something is messed up here, what in my php ini might affect this, can someone help, I am having to do everything were they click on a link instead of automatically redirecting.

[Ninjakreborn]

well I guess that will have to do, for the logout, I got it working with just

[code]<?php
session_start();
session_destroy();
header("location: /index.php");
?>[/code]

For my other page, I just settled for the, finish the process type of setup.

[code]<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<?php
include './includes/meta.inc.php'; // includes meta tags, stylesheet, and javascript inclusion
?>
</head>
<body>
<div id="wrap">
<?php
include './includes/header.inc.php'; // inserts header, logo, and everything up there
?>
    <br style="clear: both;" />

<?php
include './includes/leftnav.inc.php'; // inserts left navigation
?>

    <div id="content">

        <div id="processor">
<h3>Sign Up Completion</h3>
<?php
// signing into database, and preparing for validation and entry
mysql_connect("mysql185.secureserver.net", "#####", "#####");
mysql_select_db("joyel");

// Get information from database to work with
$errorhandler = "";
$username = mysql_real_escape_string($_POST['username']);
$username = strtolower($username);
$password = mysql_real_escape_string($_POST['password']);
$password = strtolower($password);
if ($username == "") {
$errorhandler .= "The Login Username was left blank.<br />";
}
if ($password == "") {
$errorhandler .= "The password was left blank.<br />";
}
if ($errorhandler != "") {
echo "<span class=\"spanred\">";
echo $errorhandler;
echo "</span>";
}

if ($errorhandler == "") {
$password = md5($password);
$selectemail = "SELECT * FROM userinfo WHERE email = '$username';";
$queryemail = mysql_query($selectemail);
if ($rowemail = mysql_fetch_array($queryemail)) { // checks if email exists
$selectpass = "SELECT * FROM userinfo WHERE email = '$username' AND password =
'$password';";
$querypass = mysql_query($selectpass);
if ($rowpass = mysql_fetch_array($querypass)) {
$_SESSION['username'] = $rowpass['email'];
$_SESSION['schoolaccess'] = $rowpass['schoolname'];
$_SESSION['controller'] = true;
$_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['lastlogin'] = date("m/d/y");
echo "<p>Please finish the login process by clicking the link below.</p><br />";
echo "<a href=\"/index.php?school={$_SESSION[schoolaccess]}\" title=\"Finish Login\">Finish Login Process</a>";
}else {
// Send email to account owner, notifying him of date and time of attempted access
// With improper password to his/or her account
echo "You have attempted an unauthorized access.<br />";
echo "If you are not the user of this account, please discontinue this activity ";
echo "immediately.";
echo "The original account owner was sent all of your computer information.  If they.";
echo "Report the unauthorized attempt to administration you will be banned from the ";
echo "site for an indefinite period of time.";
$to = "{$rowemail[email]}";
$subject = "www.thecampussource.com: Security Issue";
$newdate = date("m/d/y");
$newtime = time();
$message = "
  There has been a possible unauthorized attempt on your account.  Someone attempted to access your account via your email address, however they provided the wrong credentials.  The following information was information we were able to recover from the attempted entry.  If you are wondering whether or not this was you, please compare this IP number with your IP number for a match, if there was no match, then please contact administration, with the IP number of the person who attempted unauthorized access, with a forwarded version of this email, and we will investigate, and possible ban that user from the site.
IP Address: {$_SERVER['REMOTE_ADDR']}
Possible Browser: {$_SERVER['HTTP_USER_AGENT']}
Date of Attempt: {$newdate}
Possible Time Of Attempt: {$newtime}
";
$headers = "From: Administrator@thecampussource.com";
mail($to, $subject, $message, $headers);
} // end security measure

}else {
echo "There is no point in continuing with the process.  your email does not exist ";
echo "within our database.  Please double check your email address, register, or contact ";
echo "support if you feel you recieved this message in error.<br />";
}
} // close error handler check

?>




        </div>

    </div>
<?php
include './includes/banner.inc.php'; // includes the banner, randomly selected from a database
?>

<?php
include './includes/footer.inc.php'; // includes the page footer, bottom navigation copyright
?>
</div>
</body>
</html>[/code]

Also, you know, if anyone has any advice, on how I can make that login processor page redirect automatically back to the homepage, and have it work, It would be greatly appreciated, but if not I can live with this.

[bholbrook]

You can use the output buffer.

headers can't be modified after they're sent, but you can determine WHEN they're sent.

[b]WONT WORK[/b]
[code]
<html>
<? header("location:page.html"); ?>
[/code]

[b]WILL WORK[/b]
[code]
<? ob_start(); ?>
<html>
<? header("location:page.html"); ?>
<? ob_end_flush(); ?>
[/code]

There is more to know on output buffers, I suggest you give it a read. Also, when you change the page location, the first page will finish processing. Make sure to put an exit(); after your header if you dont want that to happen.

[redbullmarky]

put an 'exit' after a header("Location: blah") call. someone will need to put this into better words ,but these header redirects dont occur until the script ends.

[code]
header("Location: /somewhere.php");
exit;
[/code]
output buffering works, but in many cases its used too often to patch up sloppy code.

otherwise, i'm sure youve been around long enough to have read: http://www.phpfreaks.com/forums/index.php/topic,37442.0.html

cheers
Mark

[b]edit[/b]: sorry bholbrook, missed this:
[quote]
Also, when you change the page location, the first page will finish processing. Make sure to put an exit(); after your header if you dont want that to happen.
[/quote]

[trq]

[quote]The thing is I thought you could use redirect anywhere.[/quote]
You thought wrong. There is a stick in the [url=http://www.phpfreaks.com/forums/index.php/topic,95562.0.html]FAQ/Code snippet repository[/url], read it.