PHP Warning : cannot modify header information

Question

I have an php login function. When I try to logged in with correct user, it show the error like this :

Warning: Cannot modify header information - headers already sent by (output started at /home/hapshou1/public_html/index.php:15) in /home/hapshou1/public_html/index.php on line 150

-

include "config.php";

if($_SERVER["REQUEST_METHOD"] == "POST")
{
    function antiinjection($data)
    {
        $filter_sql = mysql_real_escape_string(stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES))));
        return $filter_sql;
    }

    $username = antiinjection($_POST['username']);
    $pass = antiinjection($_POST['password']);

    $login=mysql_query("SELECT username, password FROM user WHERE (username='$username' OR email='$username') AND password='$pass'");
    $found=mysql_num_rows($login);
    $r=mysql_fetch_array($login);

    if
    ((!empty($username)) &&
    (!empty($pass)))
    {
        if ($found > 0)
        {
            session_register("username");
            session_register("password");

            $_SESSION[username]     = $r[username];
            $_SESSION[password]     = $r[password];

            date_default_timezone_set("Asia/Jakarta");
            $date_log = date("j-F-Y, G:i ");

            mysql_query("update user set status='online', date_logged_in='$date_log' WHERE username='$_SESSION[username]'");
            header('location:home');
        }
        else
        {
            echo '<div class="error_log">
                    <p>Wrong username or password. Please try again.</p>
                </div>';
        }
    }
    else
    {
        echo '
            <div class="error_log">
                <p>Username and password are required.</p>
            </div>
        ';
    }
}

What's wrong with my code?

Maybe you have printed out some text before the `header()` function? This should have caused the error. — Stefan Fandler, Oct 11 '12 at 08:54
Line 15 of index.php is producing output. What is at that line? — slugonamission, Oct 11 '12 at 08:54
`session_register` is deprecated since 2009, and has been replaced by it's alternative, the `$_SESSION` superglobal, since 2006. You might want to update the script accordingly. — Berry Langerak, Oct 11 '12 at 09:03

Ja͢ck · Accepted Answer · 2012-10-11T09:02:54.523

3

Well, then look at what's on line 15.

The most likely scenario is that this statement caused the output:

$found=mysql_num_rows($login);

Which in turn is caused by the fact that your mysql_query returns false.

You could consider this to report any errors:

if (false === ($login=mysql_query("SELECT username, password FROM user WHERE (username='$username' OR email='$username') AND password='$pass'"))) {
    die(mysql_error());
}

It's not advisable to use die() statements like this in a production environment, so consider using a logger instead

Btw, learn how to use PDO / mysqli; PDO has a mode in which all errors can be turned into exceptions which helped me find bugs much faster.

edited Oct 11 '12 at 09:02

answered Oct 11 '12 at 08:56

Ja͢ck

170,779
38
263
309

so, what can I do with your statement ? – Naga Botak Oct 11 '12 at 09:01
Nothing. You need to find what is at line 15 of index.php (as I said in the comments) and figure out why it's creating output. Because in your post, line 15 is what @Jack wrote, `mysql_num_rows` could be generating an error. Check if `$login` is FALSE. – slugonamission Oct 11 '12 at 09:03
@NagaBotak Updated the answer with a possible rewrite of your query. – Ja͢ck Oct 11 '12 at 09:03
@Jack Thanks anyway for your answer... – Naga Botak Oct 11 '12 at 09:11

score 0 · Answer 2 · answered Oct 11 '12 at 08:54

0

Put ob_start(); at top of the code and put ob_flush(); at end

Always put exit(); after header redirect

answered Oct 11 '12 at 08:54

iLaYa ツ

3,941
3
32
48

1

While that works, it's it a bit overkill? Surely it's better for the OP to find what's actually causing the issue without putting a massive band-aid over it? – slugonamission Oct 11 '12 at 08:56
1

-1. This is just bad advice; hiding the error ain't going to help anyone. – Ja͢ck Oct 11 '12 at 08:57

score 0 · Answer 3 · answered Oct 11 '12 at 08:54

Enclose your code within

 ob_start();

...



ob_flush();

The reason this error occurs is that some part of the body of the web page has been sent to the user already when a request is made to set a header value.

Also always put exit(); after header() statement so that rest of code on current page after the header() call doesn't get executed.

score 0 · Answer 4 · answered Oct 11 '12 at 09:13

Exemple: header('Location: http://www.example.com/');

Naga, try this code:

   session_start();
date_default_timezone_set("Asia/Jakarta");
include "config.php";

if(isset($_POST['username']) && isset($_POST['password']))
{
    function antiinjection($data)
    {
        $filter_sql = mysql_real_escape_string(stripslashes(strip_tags($data)));
        return $filter_sql;
    }

    $username = antiinjection($_POST['username']);
    $pass     = antiinjection($_POST['password']);

    $login = mysql_query("SELECT username, password FROM user WHERE (username='$username' OR email='$username') AND password='$pass'");
    $r     = mysql_fetch_array($login);

    if((!empty($username)) && (!empty($pass)) && is_array($r))
    {
        if (count($r) > 0)
        {
            $_SESSION['username'] = $r['username'];
            $_SESSION['password'] = $r['password'];
            $date_log = date("j-F-Y, G:i");
            mysql_query("UPDATE user SET status = 'online', date_logged_in = '$date_log' WHERE username = '$_SESSION[username]'");
            header('Location: http://domen.com/');
        }
        else
        {
            echo '<div class="error_log">
                    <p>Wrong username or password. Please try again.</p>
                </div>';
        }
    }
    else
    {
        echo '
            <div class="error_log">
                <p>Username and password are required.</p>
            </div>
        ';
    }
} else {
    // do some action
}

PHP Warning : cannot modify header information

4 Answers4