Jump to content

redirecting in included php file

boozelclark

By boozelclark
in PHP Coding Help

 Share

Recommended Posts

boozelclark Newbie

boozelclark

Posted
Posted

I understand that this is a header error but i still do not know how to fix it.

I am trying to create a login box that is in the top right corner of my site. Once the user uses it to log in they need to be redirected to the account page. i include the login_box.php file in the appropriate div. however the file uses header("Location: account.php"); to redirect the user. because this file is included after the header i receive Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\index.php:17) in C:\xampp\htdocs\layout_inc\login_box.php on line 76

What would be the correct way to do this. My code is bellow. Thank you in advance

<?php 
//Forms posted

if(!empty($_POST))
{
	$errors = array();
	$username = trim($_POST["username"]);
	$password = trim($_POST["password"]);
	$remember_choice = trim($_POST["remember_me"]);

	//Perform some validation
	//Feel free to edit / change as required
	if($username == "")
	{
		$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
	}
	if($password == "")
	{
		$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
	}

	//End data validation
	if(count($errors) == 0)
	{
		//A security note here, never tell the user which credential was incorrect
		if(!usernameExists($username))
		{
			$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
		}
		else
		{
			$userdetails = fetchUserDetails($username);

			//See if the user's account is activation
			if($userdetails["Active"]==0)
			{
				$errors[] = lang("ACCOUNT_INACTIVE");
			}
			else
			{
				//Hash the password and use the salt from the database to compare the password.
				$entered_pass = generateHash($password,$userdetails["Password"]);

				if($entered_pass != $userdetails["Password"])
				{
					//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
					$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");

				}
				else
				{
					//Passwords match! we're good to go'

					//Construct a new logged in user object
					//Transfer some db data to the session object
					$loggedInUser = new loggedInUser();
					$loggedInUser->email = $userdetails["Email"];
					$loggedInUser->user_id = $userdetails["User_ID"];
					$loggedInUser->hash_pw = $userdetails["Password"];
					$loggedInUser->display_username = $userdetails["Username"];
					$loggedInUser->clean_username = $userdetails["Username_Clean"];
					$loggedInUser->remember_me = $remember_choice;
					$loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true));
					//Update last sign in
					$loggedInUser->updateLastSignIn();		

					if($loggedInUser->remember_me == 0)
					$_SESSION["userCakeUser"] = $loggedInUser;
					else if($loggedInUser->remember_me == 1) {
					$db->sql_query("INSERT INTO ".$db_table_prefix."Sessions VALUES('".time()."', '".serialize($loggedInUser)."', '".$loggedInUser->remember_me_sessid."')");
					setcookie("userCakeUser", $loggedInUser->remember_me_sessid, time()+parseLength($remember_me_length));
					}

					//Redirect to user account page

					header("Location: account.php");
					die();
				}
			}
		}
	}
}

if(!isUserLoggedIn()) {?><form name="newUser" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
                <table>
			<tr>
			<td>
			<label>Username:</label>
			</td>
			<td>
	<input type="text" name="username" />
			</td>
			</tr>
			<tr>
			<td>
			<label>Password:</label>
			</td>
			<td>
	<input type="password" name="password" />
			</td>
			</tr>
			<tr>
			<td>
			<label> </label>
			<input type="submit" value="Login" class="submit"/>
			</td>
			<td>
			<input type="checkbox" name="remember_me" value="1" /> <label style="font-size:12px">Remember Me?</label>
			</td>
			</tr>
			</table>
			<div style="text-align:center;">
			<a href="register.php" class="info">Register</a> | <a href="forgot-password.php" class="info">Forgot Password?</a>
			</div>
</form><?php }
			else{?><h1>Welcome <?php echo $loggedInUser->display_username; ?> </h1>
			 <br/>

			<a href="account.php" class="info">Dashboard</a> | <a href="logout.php" class="info">Logout</a><?php }

			?>

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

You can't allow anything, not even whitespace, to be output to the browser before attempting to send headers. You should rework the logic to send any headers first.

 

Also, you should not use action="<?php echo $_SERVER['PHP_SELF'] ?>" as a form action as it presents a known XSS vulnerability. Instead, use action="", or explicitly name the script.

Link to comment
Share on other sites
elmas156 Regular Member

elmas156

Posted
Posted

I recently had the same problem and it was really a pain because I had written several pages incorrectly and I had to go back and basically rearrange the code to make it correct.  What you have to do is take the part of the code that is processing your sign in form, including the header that is redirecting the user to the account page, and move it all to the top of the code, before the <html> tag.  If you do this, everything should work fine.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.