Jump to content

Recommended Posts

Hi,

I read the HEADER advice on the forum but I think that I still need help to figure out what I am doing wrong with header("location: page_to_load"). In local, the redirection works without problems. When I test online on a free server (p4o.net), it works fine; but when I test it on the paid server (mediaserve.com), the redirect loads a blank page.

After the blank page is loaded, I manually load the protected page (MyAccount.php) and all the information were displayed successfuly. I logged out and signed in with wrong credential. The result is a blank page. I manually loaded MyAccount.php again and I had "Access denied". I then concluded that the redirection deos not work. Is there any work arround for this situation? Please help.

Thanks

 

Login.php

<form  id="login" method="POST" action="handlers/login_handler.php">
<strong>Username</strong>
<input name="TextBoxEmailAdress" type="text" id="TextBoxEmailAddress" />
<strong>Password</strong>
<input name="TextBoxPassword" type="password" id="TextBoxPassword" />
<input name="ButtonSubmit" value="Login" id="ButtonSubmit" type="submit" />
</form>

login_handler.php

<?php 
ob_start();
//Start session
session_start();

//Include database connection details
require_once('../includes/WebConfig.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$Var_EmailAddress = clean($_POST['TextBoxEmailAddress']);
$Var_Password1 = clean($_POST['TextBoxPassword']);

//Input Validations
if($Var_EmailAddress== '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if($Var_Password1== '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: ../index.php?PageId=login");
	exit();
}

//Create query
$Var_Password1 = md5($Var_Password1);
$query="SELECT * FROM $tbl_member WHERE EmailAddress='$Var_EmailAddress' AND Password1='$Var_Password1'";
$result=mysql_query($query);

//Check whether the query was successful or not
if($result) 
{
	if(mysql_num_rows($result) == 1) 
	{
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['Member_Id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['FirstName'];
		$_SESSION['SESS_LAST_NAME'] = $member['LastName'];
		$_SESSION['SESS_EMAIL_ADDRESS'] = $member['EmailAddress'];
		$_SESSION['SESS_ADMIN_ROLE'] = $member['AdminRole'];
		$_SESSION['SESS_CONTRIB_EMAIL'] = "";

		session_write_close();
		header("location: ../MyAccount.php");
		exit();
	}
	else 
	{
		//Login failed
		header("location: ../index.php?PageId=login-failed");
		exit();
	}
}
else 
{
	//echo "mysql error: " .mysql_error();
	//echo "<br> mysql error number: " .mysql_errno();
	//die("Query failed");
	//Login failed
	header("location: ../index.php?PageId=login-failed");
}
?> 

Thanks for that quick reply. I added the code you provided as followed in the login_handler.php:

<?php 
ob_start();
error_reporting(-1);
ini_set('display_errors',1);
//Start session
session_start();

//Include database connection details
require_once('../includes/WebConfig.php');

//Array to store validation errors
$errmsg_arr = array();

//Validation error flag
$errflag = false;

//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Sanitize the POST values
$Var_EmailAddress = clean($_POST['TextBoxEmailAddress']);
$Var_Password1 = clean($_POST['TextBoxPassword']);

//Input Validations
if($Var_EmailAddress== '') {
	$errmsg_arr[] = 'Login ID missing';
	$errflag = true;
}
if($Var_Password1== '') {
	$errmsg_arr[] = 'Password missing';
	$errflag = true;
}

//If there are input validations, redirect back to the login form
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: ../index.php?PageId=login");
	exit();
}

//Create query
$Var_Password1 = md5($Var_Password1);
$query="SELECT * FROM $tbl_member WHERE EmailAddress='$Var_EmailAddress' AND Password1='$Var_Password1'";
$result=mysql_query($query);

//Check whether the query was successful or not
if($result) 
{
	if(mysql_num_rows($result) == 1) 
	{
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['Member_Id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['FirstName'];
		$_SESSION['SESS_LAST_NAME'] = $member['LastName'];
		$_SESSION['SESS_EMAIL_ADDRESS'] = $member['EmailAddress'];
		$_SESSION['SESS_ADMIN_ROLE'] = $member['AdminRole'];
		$_SESSION['SESS_CONTRIB_EMAIL'] = "";

		session_write_close();
		header("location: ../MyAccount.php");
		exit;
	}
	else 
	{
		//Login failed
		header("location: ../index.php?PageId=login-failed");
		exit;
	}
}
else 
{
	//echo "mysql error: " .mysql_error();
	//echo "<br> mysql error number: " .mysql_errno();
	//die("Query failed");
	//Login failed
	header("location: ../index.php?PageId=login-failed");
}
?> 

After executing, I got the following warnings:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /handlers/login_handler.php:2) in /handlers/login_handler.php on line 7

The line 7 is session_start();

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /handlers/login_handler.php:2) in /handlers/login_handler.php on line 7

The line 7 is session_start();

 

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /handlers/login_handler.php on line 60

The line 60 is session_regenerate_id();

 

Warning: Cannot modify header information - headers already sent by (output started at /handlers/login_handler.php:2) in /handlers/login_handler.php on line 70

The line 70 is header("location: ../MyAccount.php");

 

FYI the login_handler.php does not contain any html tags. It is exactly what I posted. MyAccount.php deos containt html tags.

I did not output anything before using Header. I'm getting confused here. Help please.

You need to make sure there are no spaces before or after your PHP tags, and if the script is UTF-8 encoded, make sure there is no BOM (byte-order-mark) at the beginning of the page.  PHP see's all of that as output.

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.