Trouble getting login page to redirect to secure page

StackOverflow https://stackoverflow.com/questions/20945749

Domanda

I have a login page I created using php, and I'm having an issue getting it to take me to the admin page after I've logged in correctly. I know the login I'm using is correct, since I just created it, and if it's wrong, it's supposed to tell me. However, once I login, the whole page just goes blank and the web address says I'm still on the login page instead of the admin one.

I checked the error log and it says "PHP Warning: Cannot modify header information - headers already sent by (output started at /admin/login.php:6) in /admin/includes/functions.php on line 4"

This is the code the error log is referring to:

    function redirect_to($new_location) {
    header("Location: " . $new_location);
    exit;
}

I don't understand what the error is pointing out. I've used this exact code before when I was learning how to create a login and admin pages, and I didn't have any problems when I tested it out then using WAMP on my computer. Now that I've put it on my website's server, this error is popping up. I'm not sure where to begin troubleshooting because if I take out that function, then it won't redirect at all. Any help would be super appreciated!!

Here is the main code I'm using for the login page, if that helps:

<?php require_once("includes/session.php"); ?>
<?php require_once("includes/db_connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php require_once("includes/validation_functions.php"); ?>

<?php
$username = "";
if (isset($_POST['submit'])) {
// Process the form

// validations
$required_fields = array("username", "password");
validate_presences($required_fields);

if (empty($errors)) {
    // Attempt Login

    $username = $_POST["username"];
    $password = $_POST["password"];

    $found_admin = attempt_login($username, $password);

    if ($found_admin) {
            // Success
            // Mark user as logged in
            $_SESSION["admin_id"] = $found_admin["id"];
            $_SESSION["username"] = $found_admin["username"];
            redirect_to("http://thehummingbirdplace.com/admin/admin.php");
    } else {
            // Failure
            $_SESSION["message"] = "Username/password not found.";
    }
}
} else {
// This is probably a GET request

}   // end: if (isset($_POST['submit']))

?>

<?php $layout_contect = "admin"; ?>
<?php include("includes/layouts/header.php"); ?>
<div id="main">
<div id="navigation">
    &nbsp;
</div>
<div id="page">
    <?php echo message();  ?>
    <?php echo form_errors($errors); ?>

    <h2>Login</h2>
    <form action="login.php" method="post">
        <p>Username:
            <input type="text" name="username" value="<?php echo htmlentities($username); ?>" />
        </p>
        <p>Password:
            <input type="password" name="password" value="" />
        </p>
        <input type="submit" name="submit" value="Submit" />
    </form>
 </div>
</div>

<?php include("includes/layouts/footer.php"); ?>
È stato utile?

Soluzione

The thing is, the header function should be called before any output is sent to the browser.

Try using this in place of the header():

echo '<meta HTTP-EQUIV="REFRESH" content="0; url='.$new_location.'">';

Altri suggerimenti

Your code is sending blank lines, which qualify as browser renderable text.

It is a requirement that header information be sent before any text to be rendered, and a redirect instruction is sent in the header.

Look at this code.

<?php require_once("includes/session.php"); ?>
<?php require_once("includes/db_connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php require_once("includes/validation_functions.php"); ?>

<?php
$username = "";
if (isset($_POST['submit'])) {
// Process the form
  :
{
?>

There is a blank line on line 5 of the code segment. You must delete that to pass the header.

Be careful of output in the included files as well. If you are unsure or not in control, move the require_once() calls to after the redirect.

You passed empty lines every time you closed your php code and enter new line this what cause it to consider as string that was echo, In case you don't echo anything in your rest of the include files this should work I will also recommend to add exit(); after redirect.

<?php
require_once("includes/session.php"); 
require_once("includes/db_connection.php");
require_once("includes/functions.php");
require_once("includes/validation_functions.php");


$username = "";
if (isset($_POST['submit'])) {
// Process the form

// validations
$required_fields = array("username", "password");
validate_presences($required_fields);

if (empty($errors)) {
    // Attempt Login

    $username = $_POST["username"];
    $password = $_POST["password"];

    $found_admin = attempt_login($username, $password);

    if ($found_admin) {
            // Success
            // Mark user as logged in
            $_SESSION["admin_id"] = $found_admin["id"];
            $_SESSION["username"] = $found_admin["username"];
            redirect_to("http://thehummingbirdplace.com/admin/admin.php");
    } else {
            // Failure
            $_SESSION["message"] = "Username/password not found.";
    }
}
} else {
// This is probably a GET request

}   // end: if (isset($_POST['submit']))


$layout_contect = "admin"; 
include("includes/layouts/header.php");
?>
<div id="main">
<div id="navigation">
    &nbsp;
</div>
<div id="page">
    <?php echo message();  ?>
    <?php echo form_errors($errors); ?>

    <h2>Login</h2>
    <form action="login.php" method="post">
        <p>Username:
            <input type="text" name="username" value="<?php echo htmlentities($username); ?>" />
        </p>
        <p>Password:
            <input type="password" name="password" value="" />
        </p>
        <input type="submit" name="submit" value="Submit" />
    </form>
 </div>
</div>

<?php include("includes/layouts/footer.php"); ?>
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top