Absolutely cannot figure out header issue

Question

I have literally been trying to figure this out all day.

Here is my sequence of events:

I have a bunch of .php pages, and I want my site header to be at the top of them all. So naturally, I include header.php

However, since my header.php file contains HTML at line 81, and I want to do a redirect after the submission of a form, I can't include my header.php until all headers have been sent.

So I started and got this error message:

Warning: Cannot modify header information - headers already sent by (output started at header.php:81) in submit_build.php on line 47

So naturally I moved my

include header.php;

further down the page, to a position JUST above when all HTML starts.

I do this, and get this error message:

Notice: Undefined variable: _SESSION in /home6/warfram2/public_html/submit_build.php on line 49

ALL of my other files which have a submission form, the header.php file, and require a redirect work.

For some reason, this ONE file doesn't work.

This is the code for my header.php file:

<?php //header.php
session_start();

include_once 'login_users.php';

if (isset($_SESSION['username']))
{
    $username = $_SESSION['username'];
    $loggedin = TRUE;
}
else $loggedin = FALSE;

if ($loggedin == TRUE)
{

$usr = urlencode($username);

    echo <<<_END
.... HTML down here

I have already read all stackoverflow threads on headers including the following:

How to fix "Headers already sent" error in PHP PHP - Cannot modify header information Headers Already Sent, cannot find issue

I have also occasionally gotten the error:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent

My website flow is:

Login [just a snippet of code]:

if (!empty($_POST['username']) &&
    (!empty($_POST['pw_temp'])))
{
    $username = sanitizeString($_POST['username']);
    $pw_temp = sanitizeString($_POST['pw_temp']);
    $pw_temp = md5($pw_temp);
    $query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
    if (mysql_num_rows(mysql_query($query)) == 0)
    {
    die("Wrong info");
    }
    else
    {
            session_start();
            $_SESSION['username'] = $username;
            $_SESSION['password'] = $pw_temp;
            $_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
            header('Location: index.php');
            exit;
     }      
}else{
include_once 'header.php';

And you get redirected to the index. When you want to visit this page I'm having so much difficulty with, ALL OF THE PHP LOADS, AND INCLUDE HEADER.PHP is the LAST thing to load.

Inside the PHP there are absolutely NO echos, prints, or anything else. There are no spaces before my php tags, no BOM character, nothing.

Here is my code for the first few lines of this awfully frustrating page:

<?php //submit_build.php
require_once 'login_users.php';
include_once 'functions.php';


$db_server = mysql_connect($db_hostname, $db_username, $db_password);

mysql_select_db($db_database)
    or die("Unable to select database: " . mysql_error());

$choice = $_GET['choice'];


if (isset($_POST['buildname']) &&
    isset($_POST['weapon']) &&
    isset($_POST['mod1']) &&
    isset($_POST['description']) &&
    isset($_POST['category']) &&
    isset($_POST['hidden']) &&
    isset($_POST['password']))
{
$buildname = clean(sanitizeString($_POST['buildname']));
$buildurl = urlencode($buildname);
$weapon =   sanitizeString($_POST['weapon']);
$modcap = sanitizeString($_POST['modcap']);
$section = $choice;
$mod1 =     sanitizeString($_POST['mod1']);
$mod2 =     sanitizeString($_POST['mod2']);
$mod3 =     sanitizeString($_POST['mod3']);
$mod4 =     sanitizeString($_POST['mod4']);
$mod5 =     sanitizeString($_POST['mod5']);
$mod6 =     sanitizeString($_POST['mod6']);
$mod7 =     sanitizeString($_POST['mod7']);
$mod8 =     sanitizeString($_POST['mod8']);
$polarity1 =    sanitizeString($_POST['polarity1']);
$polarity2 =    sanitizeString($_POST['polarity2']);
$polarity3 =    sanitizeString($_POST['polarity3']);
$polarity4 =    sanitizeString($_POST['polarity4']);
$polarity5 =    sanitizeString($_POST['polarity5']);
$polarity6 =    sanitizeString($_POST['polarity6']);
$polarity7 =    sanitizeString($_POST['polarity7']);
$polarity8 =    sanitizeString($_POST['polarity8']);
$description =  sanitizeString($_POST['description']);
$category =     sanitizeString($_POST['category']);
$hidden =       sanitizeString($_POST['hidden']);
$pw_check =     sanitizeString($_POST['password']);

$pw_check = md5($pw_check);
if ($pw_check == $_SESSION['password'])
{
header("Location: account.php");
$add_build = "INSERT INTO weapons VALUES(NULL,'$username', '$buildname', '$section', '$weapon', '$modcap', '$mod1', '$mod2', '$mod3', '$mod4', '$mod5', '$mod6', '$mod7', '$mod8', '$polarity1', '$polarity2', '$polarity3', '$polarity4', '$polarity5', '$polarity6', '$polarity7', '$polarity8', '$category', '$hidden', '$description', NULL, '{$_SESSION['ipaddress']}', '$buildurl')";
mysql_query($add_build);

exit;
}
else{
die("Incorrect password.");


}
}

//Set Dropdown Menu HTML Variables

And if I decide to include a function such as;

if(isset($_SESSION['username']))
{
code here
}else{die("Not logged in");}

or

if(!empty($_SESSION['username']))
{
code here
}else{die("Not logged in");}

To verify the user is logged in, I will immediately get the die message, even though EVERY OTHER PAGE ON MY WEBSITE sees me as logged in.

What is wrong with me and my website? I feel like I'll never solve this without the help of a pro.

Thanks for any help.

I'll provide any additional code if you think you might know what's wrong.

Cheers

You start the session both in `header.php` and in `login.php`. — Blender, Aug 02 '13 at 03:10
It's good that you've read over the official answer to this. You are _certain_ you don't even have a humble little linebreak after the closing `?>` in _any_ of your included files? — Michael Berkowski, Aug 02 '13 at 03:11
To echo things to the browser, you need to use `htmlentities`, not `urlencode`. — Mike, Aug 02 '13 at 03:13
@Blender In my O'Reilly book, it says to start the session in header and after login............ Michael Berkowski; yes, there are NO linebreaks after functions.php, or login_users.php. The problem must be elsewhere — SteelyDan, Aug 02 '13 at 03:14
@SteelyDan it is good practice to do `session_regenerate_id` after login to prevent session fixation, but you only have to call `session_start` once. — Mike, Aug 02 '13 at 03:15
Lets fix one by one. You listed three errors/notices in the question. What is the first one you are getting? — Sasidhar Vanga, Aug 02 '13 at 03:15
View the page source of whatever is sent down to the browser. Look for a linebreak or whitespace at the very beginning of it. View it in a hex editor if you cannot spot anything visually. — Michael Berkowski, Aug 02 '13 at 03:17
@MichaelBerkowski that's a lot of work. Why not just send a header... any header? The error message will tell you exactly which line you need to look at. — Mike, Aug 02 '13 at 03:18
@Mike Indeed it's already there - line 81 of header.php. I was just looking back through the reported errors for that. — Michael Berkowski, Aug 02 '13 at 03:19
@SteelyDan Can you please point out what is line 81 of headers.php? — Michael Berkowski, Aug 02 '13 at 03:20
@MichaelBerkowski I assumed that was for a separate error, but I'm not sure. — Mike, Aug 02 '13 at 03:20
Woah, wait a minute -why are you sending a `Location` header in submit_build.php and then executing a query right after it? That's unreliable. _Always_ explicitly `exit()` right after a `Location` redirect. Do the query first, then redirect. — Michael Berkowski, Aug 02 '13 at 03:22
Sorry, I was afk for a bit. The reason the header is above there is because I was getting an error whereby it was telling me I was outputting on "line 52" (If i recall correctly) which was my query line. It made no sense. As soon as I moved the header call above the query line it worked. — SteelyDan, Aug 02 '13 at 03:39
That is why you can see a space after the query-- because my header was originally there, haha. — SteelyDan, Aug 02 '13 at 03:39

score 0 · Answer 1 · answered Aug 02 '13 at 03:13

0

Totally off the top of my head because I've had this issue before, but double check your include files for white space. This could be a space or a newline before or after your php tags. If you have any white space in these files then it gets sent to the browser, at which point you can not set sessions or headers.

answered Aug 02 '13 at 03:13

Crackertastic

4,958
2
30
37

Indeed, must have come in as I was typing my response. I just got enough reputation about 60 seconds ago to start leaving comments. Hence why I had to make my own answer. – Crackertastic Aug 02 '13 at 03:16

score 0 · Answer 2 · answered Aug 02 '13 at 03:23

0

Got it working with ob_start(); and ob_end_flush(); surrounding my PHP.

I have absolutely NO idea what it was that was outputting data.

Maybe the $_GET array thing. Still doesn't make sense that I would get other errors like undefined variable _SESSION....

Whatever... I feel like this is a makeshift fix for my program but I'll take it for now.

Cheers.

answered Aug 02 '13 at 03:23

SteelyDan

61
7

It still would be better to get to the bottom of it. Look at the comments below your question. Surely something there would be of use. – Mike Aug 02 '13 at 03:24
That _is_ a makeshift fix and a hack. You really should figure out what is causing this rather than resorting to manipulating the output buffer. Start with line 81 of headers.php as your error informs... – Michael Berkowski Aug 02 '13 at 03:24

Absolutely cannot figure out header issue

2 Answers2