php redirect does not work - output header issues

Question

I am trying to figure out why my php code does not seem to redirect after user has successfully entered a password and downloaded a file. I have tried to understand php header's already sent issues but I'm not a good enough programmer how to figure a work around. Btw, this code below is modified from Zubrag's login php script. I added a file download section so when a user successfully types in pwd, file downloads. I just want to be able to tell the user that they have been successful (or some thank you msg).

Current implementation avail here: http://bnatyam.com/password_protect.php

<?php

    error_reporting(E_ALL);  //trying to catch output errors but nothing shows up
    ini_set("display_errors", 1);

###############################################################
# Page Password Protect 2.13
###############################################################
# Visit http://www.zubrag.com/scripts/ for updates
############################################################### 
#
# Usage:
# Set usernames / passwords below between SETTINGS START and SETTINGS END.
# Open it in browser with "help" parameter to get the code
# to add to all files being protected. 
#    Example: password_protect.php?help
# Include protection string which it gave you into every file that needs to be protected
#
# Add following HTML code to your page where you want to have logout link
# <a href="http://www.example.com/path/to/protected/page.php?logout=1">Logout</a>
#
###############################################################

/*
-------------------------------------------------------------------
SAMPLE if you only want to request login and password on login form.
Each row represents different user.

$LOGIN_INFORMATION = array(
  'zubrag' => 'root',
  'test' => 'testpass',
  'admin' => 'passwd'
);

--------------------------------------------------------------------
SAMPLE if you only want to request only password on login form.
Note: only passwords are listed

$LOGIN_INFORMATION = array(
  'root',
  'testpass',
  'passwd'
);

--------------------------------------------------------------------
*/

##################################################################
#  SETTINGS START
##################################################################

// Add login/password pairs below, like described above
// NOTE: all rows except last must have comma "," at the end of line
$LOGIN_INFORMATION = array(
  'root0',
  'root1'
);

// request login? true - show login and password boxes, false - password box only
define('USE_USERNAME', false);

// User will be redirected to this page after logout
define('LOGOUT_URL', 'http://www.bnatyam.com/signupthanks.php');

// time out after NN minutes of inactivity. Set to 0 to not timeout
define('TIMEOUT_MINUTES', 1);

// This parameter is only useful when TIMEOUT_MINUTES is not zero
// true - timeout time from last activity, false - timeout time from login
define('TIMEOUT_CHECK_ACTIVITY', false);

##################################################################
#  SETTINGS END
##################################################################


///////////////////////////////////////////////////////
// do not change code below
///////////////////////////////////////////////////////

// show usage example
if(isset($_GET['help'])) {
  die('Include following code into every page you would like to protect, at the very beginning (first line):<br>&lt;?php include("' . str_replace('\\','\\\\',__FILE__) . '"); ?&gt;');
}

// timeout in seconds
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);

// logout?
if(isset($_GET['logout'])) {
  setcookie("verify", '', $timeout, '/'); // clear password;
  header('Location: ' . LOGOUT_URL);
  exit();
}

if(!function_exists('showLoginPasswordProtect')) {

// show login form
function showLoginPasswordProtect($error_msg) {
?>


<?php include('includes/top.php');
    $pageName = basename($_SERVER['SCRIPT_NAME'], ".php");?>

<body id="<?php echo $pageName; ?>">

<!-- wrap starts here -->
<div id="wrap">

<div id="header"><!--header -->
<?php include('includes/nav.php'); ?>
</div> <!--header ends-->


<!-- content-wrap starts -->
<div id="content-wrap">

<div id="main">


    <?php include('includes/pw-form.php');?>

<!-- main ends -->
</div>

<!-- sidebar starts -->


<!-- content-wrap ends-->
</div>

<!-- footer starts here -->
<?php include('includes/footer.php'); ?>


<!-- footer ends here -->

<!-- wrap ends here -->





</body>
</html>

<?php
  // stop at this point
  die();
}
}

// user provided password
if (isset($_POST['access_password'])) {

  $login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
  $pass = $_POST['access_password'];
  if (!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
  || (USE_USERNAME && ( !array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass ) ) 
  ) {
    showLoginPasswordProtect("Incorrect password.");
  }
  else {
    // set cookie if password was validated
    setcookie("verify", md5($login.'%'.$pass), $timeout, '/');

    // Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
    // So need to clear password protector variables
    unset($_POST['access_login']);
    unset($_POST['access_password']);
    unset($_POST['Submit']);


    //Add AD custom code here
      $file = "private2/MaangiMaineKhushiyan-BNatyam.mp3";


      if (file_exists($file)) {
          header('Content-Description: File Transfer');
          header('Content-Type: application/octet-stream');
          header("Content-Type: application/force-download");
          header('Content-Disposition: attachment; filename=' . urlencode(basename($file)));
          header('Content-Transfer-Encoding: binary');
          header('Expires: 0');
          header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
          header('Pragma: public');
          header('Content-Length: ' . filesize($file));
          ob_clean();
          flush();
          readfile($file);


          if ($pass==$LOGIN_INFORMATION[0]) {
              $hit_count = @file_get_contents('countmsy.txt'); // read the hit count from file
              $hit_count++; // increment the hit count by 1
              @file_put_contents('countmsy.txt', $hit_count);} // store the new hit count


          if ($pass==$LOGIN_INFORMATION[1]) {
              $hit_count = @file_get_contents('countsurvey.txt');
          // echo $hit_count; //  display the hit count
          $hit_count++; // increment the hit count by 1
          @file_put_contents('countsurvey.txt', $hit_count); // store the new hit count
          }

          header("Location: signupthanks.php"); //this statement does NOT seem to work

          exit;}
  }

}

else {

  // check if password cookie is set
  if (!isset($_COOKIE['verify'])) {
    showLoginPasswordProtect("");
  }

  // check if cookie is good
  $found = false;
  foreach($LOGIN_INFORMATION as $key=>$val) {
    $lp = (USE_USERNAME ? $key : '') .'%'.$val;
    if ($_COOKIE['verify'] == md5($lp)) {
      $found = true;
      // prolong timeout
      if (TIMEOUT_CHECK_ACTIVITY) {
        setcookie("verify", md5($lp), $timeout, '/');
      }
      break;
    }
  }
  if (!$found) {
    showLoginPasswordProtect("");
  }

}

?>

Answer 1

The first tip, may be a bit silly, is to use

header('Location: http://www.bnatyam.com/signupthanks.php');

instead of

header('Location: ' . LOGOUT_URL);

Usually error with redirect are connected with some output. Check if something is displaying before redirect.

Answer 2

perhaps you should let javascript do the redirect?

<script>
var redirect = 0;
var redirect = <?php echo redirect; ?> ;
if(redirect==1) {
    window.location.href = "http://website.com/page";
}


 </script>