-1

Across my site I have wanted to implement a redirection if my statements were run correctly - in this case, if the login details are correct, take the user to the home page.

Now, I have read multiple forums and questions about problems with possibly GoDaddy, but i have had no joy, so perhaps someone else looking at the code briefly could identify why I cannot redirect? My redirection is near the very bottom- if user account is found I want them to be redirected to header("Location: index.php"); any ideas?

I have started getting the error Warning: Cannot modify header information - headers already sent by (output started at /home/accountname/public_html/login.php:2) in /home/accountname/public_html/login.php on line # which is (location header index.php)

Login page:

 <?php
    session_start();
    require("includes/connect.php");
    ?>

    <!DOCTYPE html>
    <html lang="en">
        <head>
            <meta charset="utf-8">
            <meta http-equiv="X-UA-Compatible" content="IE=edge">
            <meta name="viewport" content="width=device-width, initial-scale=1">
            <title>Login</title>
            <link rel="stylesheet" type="text/css" href="css/login.css">

            <!--Cited Bootstrap: Responsive web design-->
            <link href="css/bootstrap-theme.css" rel="stylesheet" type="text/css">
            <link rel="stylesheet" type="text/css" href="css/bootstrap.css">
        </head>
        <body>
            <div class="container">
                <form class="form-signin" role="form" action="login.php" method="post">
                    <h2 class="form-signin-heading">Please sign in</h2>
                    <input type="text" class="form-control" placeholder="Username" name="username_login" required autofocus>
                    <input class="form-control" type="password"  placeholder="Password" name="user_password" required>
                    <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
                    <label class="forgotten"><a href="forgottenpass.php">Forgotten password?</a></label>
                </form>

    <?php

    //if an admin or user session is already in progress then dont let them log in, redirect to 'index.php'
    if (isset($_SESSION['admin']) && ($_SESSION['admin'] == true) || isset($_SESSION['user']) && ($_SESSION['user'] == true)) {
        header ("Location: index.php");     
        //if use not logged in then
     }else
        if ( trim($_POST['username_login']) AND trim($_POST['user_password']))
        {
        //if username and password are entered, blank before user fills form
        $usr = (isset($_POST['username_login'])? $_POST['username_login']:null);
        $pwd = (isset($_POST['user_password'])? $_POST['user_password']:null);

        $usr = mysqli_escape_string($usr); //Prevent against SQL Injection by avoiding "\" being executed
        $pwd = mysqli_escape_string($pwd); //Prevent against SQL Injection by avoiding "\" being executed

        if ($usr && $pwd){  
            $epwd = $pwd;
            $q = "SELECT * FROM users WHERE UName='$usr' LIMIT 1;";
            $resultset = mysqli_query($conn,$q);
            $rowcount = mysqli_num_rows($resultset);

            if ($rowcount==1){ 
                while ($userRow = mysqli_fetch_assoc($resultset)){
                    //Get the DB username and password to compare
                    $dataBaseEmail = $userRow['UName'];
                    $dataBasePass = $userRow['Password'];   
                    $userGroup = $userRow['UserLevelID'];
                }

            mysqli_free_result($resultset);
            unset($q);

            //Compare DB user and pass to those entered
            if ($usr == $dataBaseEmail && $epwd == $dataBasePass){
                //Now that we know they are activated ect, we can create a session based on their privlidges 
                if ($userGroup ==1){ //ADMIN load the console 
                    header("Location: index.php");
                    $_SESSION['admin'] = true;
                }else{ //Normal User
                    header ("Location: index.php");
                    $_SESSION['user'] = true;
                    $_SESSION['user'] = $dataBaseEmail;
                    }  
                }else{//user and pass do not match DB
                    echo '<div class="login-error">Incorrect Password, try again</div>';     
                }
            }else{
                echo '<div class="login-error">Error: There is no such user registered on the system. Please check the username and password entered.</div>';
            }
        }
    }
    ?>

Index.php page:

<?php
session_start();
include "includes/header.php";
include "includes/connect.php";
?>

<div class="jumbotron">
    <h1>Apps for <?php echo $os?></h1>
    <p>Text</p>

<?php echo $os?>
<?php 

if(isset($_SESSION['user'])){
  echo "Hello " .$_SESSION['userEmail'];
}
?>

</div>

<div class="row">

<?php
   $current_url = $_SERVER['REQUEST_URI'];
   $current_url = substr($current_url, 1);

    $results = $conn->query("SELECT * FROM apps A INNER JOIN device D ON D.DeviceID = A.DeviceID WHERE D.DeviceName = '$os'");
        if ($results) { 
        //output results from database
        while($obj = $results->fetch_object())
        {

            echo "<div class=\"col-6 col-sm-6 col-lg-4\">";
            echo '<form method="post" action="cart_update.php">';
            echo '<h2>'.$obj->ApplicationName.'</h2>';
            echo '<p>'.$obj->ApplicationDescription.'</p>';
            echo '<button class="add_to_cart">Add To Cart</button>';
            echo '<input type="hidden" name="product_code" value="'.$obj->ApplicationID.'" />';
            echo '<input type="hidden" name="type" value="add" />';
            echo '<input type="hidden" name="return_url" value="'.$current_url.'" />';
            echo '</form></div>';
         }

        }
 ?>



</div><!--/row-->
</div><!--/span-->




<?php
include "includes/sidebar.php";
?>

<?php
include "includes/footer.php";
?>

After enabling the error log as suggested the following errors were documented: line 24 is my submit button.

[15-Mar-2014 21:06:57 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:07:09 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:16:04 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:16:06 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:16:08 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:16:55 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:16:56 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:20:36 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[15-Mar-2014 21:24:47 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount9/public_html/index.php on line 24

[15-Mar-2014 21:25:30 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24

[16-Mar-2014 05:32:41 UTC] PHP Fatal error:  Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24
Sam
  • 7,252
  • 16
  • 46
  • 65
Kiwi
  • 143
  • 2
  • 5
  • 12
  • are you getting any error like headers are already sent? – ɹɐqʞɐ zoɹǝɟ Mar 23 '14 at 11:31
  • No nothing, it just does not redirect. yet on local host it appears fine – Kiwi Mar 23 '14 at 11:53
  • But your script is not well coded. Because as you can see now, you have to use ugly `ob_start()` function due to sent headers. You should write your application where you will have application logic in one file and output (template) in second. Also output will be printed at the end of this whole script. – Lkopo Mar 23 '14 at 12:27
  • Your problem lies in the fact you add an Header while you should define first your session variables. As @Mr.Smith states below, your get's in the index.php will become empty because you try to define AFTER the header has been pushed, thus becoming blank, cause the code never comes there. – Dorvalla Mar 24 '14 at 07:47
  • ok @Dorvalla can you advise how to avoid this issue – Kiwi Mar 24 '14 at 08:17
  • Well, it's adressed below. However, your fatal error is a different kind of error. It is caused by your query function, as you can see in your error message. query() is non-object. Check here for some background. You need to initialize your object. http://stackoverflow.com/questions/54566/call-to-a-member-function-on-a-non-object – Dorvalla Mar 24 '14 at 09:10

1 Answers1

0

You cannot write code after the headers have been sent.. Rewrite your code like this..

        if ($userGroup ==1){ //ADMIN load the console 
            $_SESSION['admin'] = true;      //Moved it here from below 
            header("Location: index.php");
            exit;                          //<--- Add an exit here
            //$_SESSION['admin'] = true;  //<--- Commented this and moved before header function
         }
         else{ //Normal User
                 $_SESSION['user'] = true;            //<-- Moved Up  
                 $_SESSION['user'] = $dataBaseEmail; //<-- Moved Up
                 header ("Location: index.php");
                 exit;                             //<--- Add an exit here
             }
Shankar Narayana Damodaran
  • 68,075
  • 43
  • 96
  • 126
  • I implemented this. however, when running on godaddy hosting I still get nothing. – Kiwi Mar 23 '14 at 11:47
  • Can you [`enable error reporting`](http://stackoverflow.com/a/6575502/1003917) and give a try ? – Shankar Narayana Damodaran Mar 23 '14 at 12:05
  • @ShankarDamodaran I have updated my post copying and pasting the error log – Kiwi Mar 23 '14 at 12:39
  • @Mr.Smith apologises I dont quite understand – Kiwi Mar 23 '14 at 12:39
  • @Kiwi, The code I gave you works fine.. It is getting redirected to `index.php` and that's why you see those errors there. `Call to a member function query() on a non-object in /home/godaddyaccount/public_html/index.php on line 24` You need to show your **index.php** on the question. – Shankar Narayana Damodaran Mar 23 '14 at 15:33
  • @Shankar but he can get error about sent headers. You are sending new header (location), but output was already printed (code above) – Lkopo Mar 23 '14 at 17:40
  • @ShankarDamodaran i have included the index page code now – Kiwi Mar 24 '14 at 07:38