"Cannot modify header information - headers already sent by" Issue validating, submitting then redirecting

Question

First of all i'm really new to PHP and really tired so I apologise if the solution is simple. Basically i'm learning PHP at college and my tutor gave me some code to paste into a document to test which should validate a login form which should then take the user to another page and echo "welcome $username"

I already have a working functional database (phpMYADMIN) which I can successfully link to using this code which I insert as an include.

<?php //Connect to phpMYADMIN database`enter code here`
    $db_hostname = 'localhost'; 
    $db_database = 'CollegeUsername_DB'; 
    $db_username = 'CollegeUsername'; 
    $db_password = 'password';  
    $db_status = 'not initialised'; 
    $str_result = ''; 

    $db_server = mysqli_connect($db_hostname, $db_username, $db_password); 
    $db_status = "connected"; 

    if (!$db_server){ 
        die("Unable to connect to the database: " . mysqli_connect_error()); 
    }
?>

Anyway my problem is with the login validation code and more specifically the header function. Here is the code with the login validation and login form.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

    <?php 

     require_once("functions.php"); 

 $username = trim($_POST['username']); 

 $password = trim($_POST['password']); 

 if ($username&&$password){ 

 session_start(); 

 require_once("db_connect.php"); 

mysqli_select_db($db_server, $db_database) or 

die("Couldn't find db"); 

 $username = clean_string($db_server, $username); 

 $password = clean_string($db_server, $password); 

$query = "SELECT * FROM users WHERE username='$username'"; 

$result = mysqli_query($db_server, $query); 

if($row = mysqli_fetch_array($result)){ 

 $db_username = $row['username']; 

 $db_password = $row['password']; 

 if($username==$db_username&&salt($password)==$db_password){ 

 $_SESSION['username']=$username; 

 $_SESSION['logged']="logged"; 

 header('Location: home.php');

 }else{

 $message = "<h1>Incorrect password!</h1>"; 

 } 

 }else{ 

 $message = "<h1>That user does not exist!</h1>" . 

 "Please <a href='index.php'>try again</a>"; 

 } 

 mysqli_free_result($result); 

 require_once("db_close.php"); 

 }else{ 

 $message = "<h1>Please enter a valid username/password</h1>"; 

 }  

?> 

<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>
 <?php echo $message; //Place within HTML body ?>

<h1>Login</h1> 

<form action='login.php' method='POST'> 

 Username: <input type='text' name='username'><br /> 

Password: <input type='password' name='password'><br /> 

<input type='submit' name='submit' value='Login'> 

 <input name='reset' type='reset' value='Reset'> 

</form> <h4><a href='register.php'>Register</a></h4> 


</body>
</html>

When I click the login button this is the error message I get:

Warning: Cannot modify header information - headers already sent by 
(output started at /home/cs12k2s/public_html/Dynamic Website/functions.php:28) 
in /home/cs12k2s/public_html/Dynamic Website/login.php on line 31

I still don't fully understand how the header function works so any help would be great.

Answer 1

You've got the output

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

before your header() call

header('Location: home.php');

There must not be output before a header() call.

Part of manual page:

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP.