14

Possible Duplicate:
Headers already sent by PHP

So I have this output on my page.. not understanding why I have it popping up. I'm new to php though, so maybe it's something easy to fix

-I have a header.php file, which includes all important info, as well has the banner of the page. This header.php is included on every page.

-I have it checking the session value to make sure user is allowed to be at a certain page. If user is not allowed to be there, I kick them back to login page

This is where the error comes up though. This is what I have:

include_once ("header.php");

if ($_SESSION['uid']!='programmer')
{                        
header('Location: index.php');
echo 'you cannot be here';
exit;
}

The index that it is redirecting to also has the header. So is having these multiple header references giving me this error? I see no other way to do this, and it's driving me nuts!

Community
  • 1
  • 1
Marcus
  • 169
  • 1
  • 1
  • 6
  • 2
    What is in "header.php" file? – Ivan Nevostruev Nov 24 '09 at 22:49
  • banner, config include to connect me to db, and some jquery. Very important file. – Marcus Nov 24 '09 at 23:13
  • 1
    Why's it called 'header.php' then? Why not 'init.php' or something? – ceejayoz Nov 24 '09 at 23:28
  • I always learned to include the redundant stuff into the header file, and include that into all pages. This header file doesn't contain the session stuff, that is included though. This has never been a problem before though. – Marcus Nov 24 '09 at 23:53
  • 2
    This is probably the most well-documented error message in PHP. Googling the error message yields 3+ million results. – Mike B Nov 25 '09 at 00:55
  • ~~~~~~~~~~ Your file ENCODING should not be `UTF-8`, but `UTF-8 (Without BOM)`~~~~~~~~~~~ – T.Todua Sep 19 '14 at 08:01

5 Answers5

36

You cannot use header() once text has been output to the browser. As your header.php include presumably outputs HTML, header() cannot be used.

You can solve this in a couple ways:

  • Move the if statement above the header include (this won't work, as you've indicated in comments that header.php sets the uid session and other vital stuff).
  • Call ob_start() at the top of the script to buffer the output.
ceejayoz
  • 176,543
  • 40
  • 303
  • 368
  • 5
    Also note that unless you're buffering output, this error can be encountered by having even a single blank line (or space?) before the starting php tag, because even whitespace counts as output for the purposes of determining whether you can send headers. – Dathan Nov 24 '09 at 22:54
  • alright, so I added the include header AFTER the if statement, and that got rid of the error, however, now when I log in properly, I get redirected to the index.php no matter what.. why is that? URL: http://nait.jtlnet.com/~fpkj5v0r/index.php User: programmer Password: prog123 -this is now my code: if ($_SESSION['uid']!='programmer') { header('Location: index.php'); echo 'you cannot be here'; exit; } include_once ("header.php"); ?> – Marcus Nov 24 '09 at 22:56
  • And ya, thanks for the heads up Dathan, I read about the white space bug, and it doesn't appear to be that. I wish it were that easy! – Marcus Nov 24 '09 at 22:57
  • 1
    Is header.php responsible for the logic that authenticates the user and assigns the $_SESSION["uid"] value? If so, then your if statement is always interrogating the value of uid before it's set. – Dathan Nov 24 '09 at 23:16
6

If the header.php file "has the banner", then it is presumably outputting some HTML content to the page.

You can't issue HTTP headers after you have outputted content.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
6

You cannot send any headers after sending any other content. A very likely culprit is extra whitespace after your closing ?> tag in your header.php. It's generally a good practice to omit the closing tag entirely in any script-only php files.

Your error should tell you exactly what line (and what file) is sending the output.

keithjgrant
  • 12,421
  • 6
  • 54
  • 88
2

I ran into a similar error (also seemingly out of nowhere) with respect to a Redirect function which used to be as follows: 

function Redirect($url) {
        flush(); // Flush the buffer
        header("Location: $url"); // Rewrite the header
        die;
    }

Apparently, you also need to add ob_flush(); to fully flush out the old header. The new function is:

function Redirect($url) {
        flush(); // Flush the buffer
        ob_flush();
        header("Location: $url"); // Rewrite the header
        die;
    }

Hope this helps someone else having this problem!

citizenen
  • 703
  • 6
  • 24
  • I don't see how this would work unless ob_start() was used... which you did not indicate in your code. According to PHP: flush() attempts to **push current output all the way to the browser** with a few caveats. Once the content data is sent to the browser there is no way to go back and edit the headers. http://php.net/manual/en/function.flush.php – Valerie Feb 24 '16 at 04:21
1

Alright, so it's fixed...... not sure how though, maybe somebody can explain why this works all of a sudden.

This is my code:

include_once ("header.php");

if ($_SESSION['uid']!='programmer') {  
    if(isset($_SESSION['uid'])) {
        echo $_SESSION['uid'];
    }                           

    header('Location: index.php');
    exit;
}

Let me repeat, it all works now! PHP... why do you work now?

Peter Bagnall
  • 1,794
  • 18
  • 22
Marcus
  • 169
  • 1
  • 1
  • 6
  • 3
    That won't work is $_SESSION['uid'] is set. Then the echo will happen before the call to header, which is a bad thing! So unless you're switching on output buffering in header.php this will only work when $_SESSION['kid'] is not set. – Peter Bagnall Jun 03 '12 at 18:22
  • @PeterBagnall is correct, the logic there is flawed; first, you are checking the value $_SESSION['uid'] when you believe there's a possibility it might not be set, and THEN you check if it is set... if(isset($_SESSION['uid'])) { should go in the first if statement instead. **second**: the reason it might work is if $_SESSION['uid'] = NULL; therefore no data gets sent to the browser. – Valerie Feb 24 '16 at 04:12