timmah1 Posted March 6, 2016 Share Posted March 6, 2016 Can anybody tell me why this is not working? session_start(); if (!isset($_SESSION['user'])) { header('Location: admin-login.php'); } No session is set, yet I can still view the page. I get no errors or anything. I'm at a loss because I've used this same thing for a lot of sites, and all of those work Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted March 6, 2016 Share Posted March 6, 2016 The whole approach is suicidal. When you don't stop the script, it happily keeps running and will in fact render the entire page (or take any action the user has requested). This obviously defeats the purpose of authentication checks. The only reason why your code seemingly “works” on your other sites is that a successful redirect makes a standard browser discard the original content and jump to the new page. Appearently the header() call has failed this time (I assume you have prior output), so the problem which has always existed now becomes visible. Long story short: Always stop the script if authentication failed. A redirect alone doesn't do anything but advise the client to visit another URL. Check if there's output prior to the header() call. This is not allowed. Turn error reporting all the way up and make sure you actually see the errors (you only do this on your development machine, of course!) Quote Link to comment Share on other sites More sharing options...
timmah1 Posted March 6, 2016 Author Share Posted March 6, 2016 (edited) ok, I have this now I get on error on Line 9 that headers were already sent (which is header('Location:admin-login.php') Nothing is output before my session_start() session_start(); include 'assets/config.php'; error_reporting(E_ALL); ini_set('display_errors', '1'); if(empty($_SESSION['user'])) { header('Location: admin-login.php'); exit; } Edited March 6, 2016 by timmah1 Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted March 6, 2016 Share Posted March 6, 2016 I get on error if you read the whole error message, it's also telling you where the output is occurring at that is preventing the header() from working. Quote Link to comment Share on other sites More sharing options...
timmah1 Posted March 6, 2016 Author Share Posted March 6, 2016 Your right, it says Warning: Cannot modify header information - headers already sent by (output started at index.php:1) in /index.php on line 9 Line 9 is the redirect. I don't understand what else to do Quote Link to comment Share on other sites More sharing options...
Jacques1 Posted March 6, 2016 Share Posted March 6, 2016 (edited) You have some kind of output in line 1 before the opening PHP tag. That may be whitespace or a byte order mark or whatever. When in doubt, open the file in a hex editor. There mustn't be a single byte before the PHP tag. Edited March 6, 2016 by Jacques1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.