Redirect works offline but not online?

Question

On my offline dev server, I have the following code:

<?php //submit_build.php

include_once 'header.php';
require_once 'login_users.php';
include_once 'functions.php';

if(empty($_SESSION['username']))
die ("You must be logged in to use this page");

$choice = $_GET['choice'];

$db_server = mysql_connect($db_hostname, $db_username, $db_password);

mysql_select_db($db_database)
    or die("Unable to select database: " . mysql_error());


if (isset($_POST['buildname']) &&
    isset($_POST['weapon']) &&
    isset($_POST['mod1']) &&
    isset($_POST['description']) &&
    isset($_POST['category']) &&
    isset($_POST['hidden']) &&
    isset($_POST['password']))
{
$buildname = clean(sanitizeString($_POST['buildname']));
$buildurl = urlencode($buildname);
$section = $choice;
$weapon =   sanitizeString($_POST['weapon']);
$modcap = sanitizeString($_POST['modcap']);
$mod1 =     sanitizeString($_POST['mod1']);
$mod2 =     sanitizeString($_POST['mod2']);
$mod3 =     sanitizeString($_POST['mod3']);
$mod4 =     sanitizeString($_POST['mod4']);
$mod5 =     sanitizeString($_POST['mod5']);
$mod6 =     sanitizeString($_POST['mod6']);
$mod7 =     sanitizeString($_POST['mod7']);
$mod8 =     sanitizeString($_POST['mod8']);
$polarity1 =    sanitizeString($_POST['polarity1']);
$polarity2 =    sanitizeString($_POST['polarity2']);
$polarity3 =    sanitizeString($_POST['polarity3']);
$polarity4 =    sanitizeString($_POST['polarity4']);
$polarity5 =    sanitizeString($_POST['polarity5']);
$polarity6 =    sanitizeString($_POST['polarity6']);
$polarity7 =    sanitizeString($_POST['polarity7']);
$polarity8 =    sanitizeString($_POST['polarity8']);
$description =  sanitizeString($_POST['description']);
$category =     sanitizeString($_POST['category']);
$hidden =       sanitizeString($_POST['hidden']);
$pw_check =     sanitizeString($_POST['password']);

$pw_check = md5($pw_check);
if ($pw_check == ($_SESSION['password']))
{
$add_build = "INSERT INTO weapons VALUES(NULL,'$username', '$buildname', '$section', '$weapon', '$modcap', '$mod1', '$mod2', '$mod3', '$mod4', '$mod5', '$mod6', '$mod7', '$mod8', '$polarity1', '$polarity2', '$polarity3', '$polarity4', '$polarity5', '$polarity6', '$polarity7', '$polarity8', '$category', '$hidden', '$description', NULL, '{$_SESSION['ipaddress']}', '$buildurl')";
mysql_query($add_build);
header("Location: account.php");
}
else{
die("Incorrect password.");


}
}

Followed by some more PHP, and HTML later on in the document.

NOTE The file header.php contains HTML.

My code works perfectly offline. I can click submit, and I will be redirected to account.php.

However as soon as I upload the files to my remote server, the code still works perfectly but the redirect does not. Instead of redirecting, it just brings me back to the same page. The data that was entered DOES however get submitted to MySQL, so it's just the redirect that isnt working.

Can someone tell me how I would get this

header(Location: account.php);

to work? Where should I place it? Or where should I move

include_once 'header.php';

to make it work?

Thanks so much!

EDIT:

Here is my authenticate.php file.. up to where the html begins. Maybe you can see an issue here.

<?php // authenticate.php
include_once 'functions.php';
require_once 'login_users.php';

$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to database:" . mysql_error());
mysql_select_db($db_database)
    or die("Unable to find database:" . mysql_error());

if (!empty($_POST['username']) &&
    (!empty($_POST['pw_temp'])))
{
    $username = sanitizeString($_POST['username']);
    $pw_temp = sanitizeString($_POST['pw_temp']);
    $pw_temp = md5($pw_temp);
    $query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
    if (mysql_num_rows(mysql_query($query)) == 0)
    {
    die("Wrong info");
    }
    else
    {
            session_start();
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $pw_temp;
            $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
            header('Location: index.php');
            exit;
     }      
}else{
include_once 'header.php';


echo <<<_END

<html xmlns="http://www.w3.org/1999/xhtml">

As far as I remember, `header(location:)` will not work if data has already been sent. It's always good to [read the manual](http://php.net/manual/en/function.header.php). — Daedalus, Aug 01 '13 at 23:41
As a side note, this won't change your problem, but mysql_* is deprecated. It's highly recommended that you switch ASAP, for security and performance reasons: [Why shouldn't I use mysql_* functions in PHP?](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php) — Luke Shaheen, Aug 01 '13 at 23:44
You could always move header.php right before the other html on the page, after the call to header() at least. — shxfee, Aug 01 '13 at 23:45
I tried moving it just before my HTML, but if I do that, for SOME reason, it doesn't save any of my session data. For example this page in question requires you to enter your password, and shows you your IP address from $_SESSION['password'] and $_SERVER['REMOTE_ADDR'] .... these become empty if I move my header file. Weirdly my header file doesn't contain any of this information. — SteelyDan, Aug 01 '13 at 23:50
possible duplicate of [Headers already sent by PHP](http://stackoverflow.com/questions/8028957/headers-already-sent-by-php). Whether it's displayed or not - the reason you can't redirect on the server is due to this very common error. — AD7six, Aug 01 '13 at 23:56

RiggsFolly · Answer 1 · 2013-08-01T23:53:12.810

0

Its a good idea to exit; after a header() as otherwise your code will continue in the current script. Which probably means it will send itself again. So you may well be running account.php but this page is then being sent and overwriting account.php making it look like account.php is not being run.

edited Aug 01 '13 at 23:53

answered Aug 01 '13 at 23:46

RiggsFolly

93,638
21
103
149

I tried this -- instead of refreshing the page, it just gives a blank white page with my header at the top :( – SteelyDan Aug 01 '13 at 23:52
@SteelyDan Did you also read `Daedalus` comment. If you have sent any html the header will not work. – RiggsFolly Aug 01 '13 at 23:55
Indeed, I have moved my header to the very end of my PHP, just before my HTML begins, and it causes me an error whereby none of my session data is saved. – SteelyDan Aug 01 '13 at 23:57
@SteelyDan Are you sure there is no white space. Actually if it work on a test server then this is probably not relevant. – RiggsFolly Aug 01 '13 at 23:58

Redirect works offline but not online?

1 Answers1