Is ob_start/ob_end_flush a "crutch" for bad code?

[chronister]

Hi all,

I wanted to find out what you guys think about this. I use the standard header/footer way of designing pages. Like so...  (yes, I use table layout... I know CSS is better before anyone says it  :P)

[code]
<html>
<head>
<?php include('includes.php') ?>
<!-- The includes file has a bunch of stuff I want accessible on all pages, or several pages and did not feel like manually adding it to those pages including the function mentioned below.  -->
<title>Page Title</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body>
<table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
  <tr>
    <td height="69" colspan="2">
Header w/ possible menu nav
</td>
  </tr>
  <tr>
    <td width="17%" height="294">
menu nav
</td>
    <td width="83%">

<!--  All pages end up right here -->

<?php function footer(){ ?>

      </td>
  </tr>
  <tr>
    <td colspan="2">Footer</td>
  </tr>
</table>
</body>
</html>
<?php }//end footer  ?>

[/code]

This allows me to have 1 layout page, and then on each content page I call this file like so...

[code]
        <?php include('header.php'); ?>

<!-- all my pages start and end like this with my content here -->

        <?php footer(); ?>
[/code]

By doing this, I found an issue with a check login function I created which is at the top of my protected pages and redirects to the login page if my user is not logged in.
[code]
function checklogin(){
  if (!$_SESSION['login']) {
  header('Location:../../../content/login.php');
  }
 
  }
[/code]

I did not want to use a javascript redirect as it can be turned off easily, so I decided a header() redirect is more secure...but as you can see, my output has already begun no matter what page I am on because of the above method and the oh so wonderful Cannot Modify Headers.. blah blah blah... we all know the rest error message occurs.

I simply wrapped the header.php file in an ob_start and ob_end_flush to prevent the output from starting as this was the easiest and quickest method I could come up with.

So the question is Do you feel ob_start is/could be a crutch for poor code/logic or is it designed for this type of thing?

What Say Ye PHP Gurus??

Nate

[chronister]

*bump*

I appreciate your input on this folks.

[matto]

does you header.php script have any white space - this can generate the headers already sent error.....any chance you can post you header.php

[chronister]

No header does not have whitespace... the reason for the header error is that I am calling checklogin() on the pages I want protected e.g. page1.php, page2.php

Those pages load like so.

< code from header here - with output started>

<code from pages here> // I call the check login function here and output started in header
<footer function here... which is part of header.php >

Take a look at the example above. This is exactly what I have going for header.php  I use 1 layout page, and make the bottom half of the code a function  I can call (I got tired of using 2 includes and 2 files) By putting the check login code in the content pages, my output has already started by the time the code parses the content pages.

My exact header.php file is attached.

<note: $root is defined in includes.php as is $pagetitle>



[attachment deleted by admin]

[matto]

would it be an idea to call the checklogin() first thing at the top of the pages ?

[code]
session_start();
<-- check login function here
<--code from header here - with output started>
<--code from pages here>
<--footer function here... which is part of header.php>
[/code]

[chronister]

My check login function is only called on protected pages, which start loading after half of the html code in header.php begins loading. So by calling it in header.php would make it so that all pages are protected and a person would have to be logged in to view anything on my site, and that is not what I want. Here is the checklogin function

[code]function checklogin(){
  if (!$_SESSION['login']) {
  header('Location:../../../content/login.php');
  }
 
  }[/code]

It is simple and only checks for a session variable called login. I may put a little more in place to beef up security, but this seems to work just fine for now.

So by virtue of having the standard header and footer on every page, my output starts before the content actually loads which is why I wrapped header.php in the ob_start / ob_end_flush.

This is why I asked the question, is ob_start being used as a crutch for poor code/logic , or am I doing this the correct way?

Thanks for all the responses.

[matto]

Lets just say I have never had to use it and yes it could be seen as a 'crutch for poor code/logic' depending on how it's used - but I am sure you will get differences of opinion here...personally I would try to avoid it unless there was a valid reason doing something with the buffered output.

:)

[Daniel0]

I think it would perfectly fine to use output buffering (the ob_* functions).

[obsidian]

I would agree with matto on this one. As with any functions in PHP, there are good uses for it, but many can be used as a crutch for bad coding practices. the "ob_" functions are one of the most widely misused function set that I know of, but there are others as well. But again, as with anything, there are also very valid and valuable uses for them as well.

[Daniel0]

A way to avoid using it here is to put it all in (and append to) a variable called something like $output. Then echo $output at the end.