HTTP Redirect / Header... When to call it

Question

on my website, at the top of every php page, I have an

include_once 'header.php';

This file contains HTML.

In my file, 'authenticate.php', I want to have a redirect after logging in back to the index.

My code is the following: header('Location: http://www.URLHERE.com/index.php');

However after submitting, the page just refreshes. It doesn't redirect. The redirect worked properly on my localhost dev server, but as soon as I uploaded it online, it stopped working.

Is this because my header contains HTML, which is called before the header() function? Note that all HTML in the 'header.php' file is in HEREDOC tags.

Here is my code:

<?php // login.php
include_once 'header.php';
include_once 'functions.php';
require_once 'login_users.php';

$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to database:" . mysql_error());
mysql_select_db($db_database)
    or die("Unable to find database:" . mysql_error());

if (isset($_POST['username']) &&
    isset($_POST['pw_temp']))
{
    $username = sanitizeString($_POST['username']);
    $pw_temp = sanitizeString($_POST['pw_temp']);
    $pw_temp = md5($pw_temp);
    $query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
    if (mysql_num_rows(mysql_query($query)) == 0)
    {
    die("Wrong info");
    }
    else
    {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $pw_temp;
            $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
            header('Location: http://www.URLHERE.com/index.php');
        }       
}

...more code down here

possible duplicate of [Headers already sent by PHP](http://stackoverflow.com/questions/8028957/headers-already-sent-by-php) — deceze, Jul 31 '13 at 13:44

score 0 · Answer 1 · edited May 23 '17 at 12:11

on my website, at the top of every php page, I have an include_once 'header.php';

This is what you are doing wrong.

What it have to be

<?php // login.php
include_once 'functions.php';
require_once 'login_users.php';

// some code

include 'output.php'; // ONLY HERE output starts.

Here you can see a concise but complete example with some explanations and reasoning. But the main reason for getting rid of your header.php and start using templates is the very question you asked.

score -1 · Answer 2 · answered Jul 31 '13 at 13:46

-1

Maybe it's because of code that you're executing after setting header? Add die after that line (header is not stopping execution!).

answered Jul 31 '13 at 13:46

Elon Than

9,603
4
27
37

score -1 · Accepted Answer · answered Jul 31 '13 at 13:46

You can do the include in else, remove the include_once 'header.php'; from the top file lines an do it like this:

if (isset($_POST['username']) &&
    isset($_POST['pw_temp']))
{
    $username = sanitizeString($_POST['username']);
    $pw_temp = sanitizeString($_POST['pw_temp']);
    $pw_temp = md5($pw_temp);
    $query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
    if (mysql_num_rows(mysql_query($query)) == 0)
    {
    die("Wrong info");
    }
    else
    {
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $pw_temp;
            $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
            header('Location: http://www.URLHERE.com/index.php');
        }       
}
else
{
include_once 'header.php';
//..... now your code!!!!!

}

This worked perfectly. Thanks so much! I gotta understand how this works but for now, thank you so much! Regards — SteelyDan, Jul 31 '13 at 13:51

HTTP Redirect / Header... When to call it

3 Answers3