header function trouble in hosting

Question

I'm programming a simple login system. It runs very good in local, but when i run in my hosting i'm getting troubles with the header function.

Heres my login form:

<form method="post" action="auth.php">
                User:<br />
                <input type="text" name="name" required><br /><br />
                Password:<br />
                <input type="password" name="pass" class="input" required><br /><br />
                <button>LOGIN</button>

</form>

And the "auth.php":

include '../conection.php';

$user = $mysqli->real_escape_string($_POST['name']);
$pass = sha1($mysqli->real_escape_string($_POST['pass']));

if(isset($user)){

$users = $mysqli->query("select * from admins where admin_user='".$user."' and admin_pass='".$pass."' ");

if($users->fetch_object()){
        session_start();
        $_SESSION['user'] = $user;
        //Im having troubles with this function
        header('Location:control.php');
        exit;

}else{
    echo 'Sorry no access<br /><br />';
    //if i remove the "//" to the next header function works in local and hosting
    //header('Location:index.php');
} 

}else{
echo 'Sorry no access<br /><br />';
 }

$mysqli->close();

WARNINGS: 1st: session_start(): Cannot send session cache limiter. 2nd: Cannot modify header information.

Whats wrong in the code? Or what i'm not considering? Also if you have any advice to improve this code, I really appreciate.

For your help, thanks.

you should consider using prepared statements http://php.net/manual/en/mysqli.prepare.php, and use [password hashing](http://php.net/manual/en/ref.password.php) of PHP — Kevin, Sep 27 '14 at 02:55
try changing the name of your file. instead of auth.php make it a authenticate.php. I got this weird problem also before — Robert Dean Pantino, Sep 27 '14 at 02:56
@RobertDeanPantino i dont think file name makes any difference — NullPoiиteя, Sep 27 '14 at 02:57
did you try? delete your auth.php and change your action into authenticate.php or if you want you can use `` instead of header — Robert Dean Pantino, Sep 27 '14 at 03:03
@RobertDeanPantino The "auth.php" it's just an example. Thanks. — Christian, Sep 27 '14 at 03:17
*"i'm getting troubles with the header function."* - Define "troubles". Add error reporting to the top of your file(s) right after your opening ` — Funk Forty Niner, Sep 27 '14 at 03:50
This variable `$us` in `if($us = $users->fetch_object())` is sitting in limbo, you're not doing anything with it. Which is why your header's not working. Try `if($users->fetch_object())` — Funk Forty Niner, Sep 27 '14 at 03:51
@Fred-ii- You're totally right, i Have 2 warnings: **1st: "session_start(): Cannot send session cache limiter". 2nd: Cannot modify header information**. And the variable $us you're right too. Now I only fetch the $users variable. — Christian, Sep 27 '14 at 04:07

score 0 · Answer 1 · answered Sep 27 '14 at 04:08

0

The header() function sends a raw HTTP header to a client.

It is important to notice that header() must be called before any actual output is sent

answered Sep 27 '14 at 04:08

alagu

586
1
4
12

score 0 · Accepted Answer · edited May 23 '17 at 11:51

Use the code that follows, I've put the code to run all on its own, by changing the action to action="" and adding an isset() to a new submit button. You can split them up afterwards.

Don't use <button>LOGIN</button> with the if(isset($_POST['submit'])) conditional statement, it won't work. It is based on the new submit button I've included below.

To first outline the errors:

if($us = $users->fetch_object()) - $us is a stray variable that is not doing anything; it needs to be removed.

The line needs to read as if($users->fetch_object())

The following also needs to be removed; there isn't a corresponding if condition for it:

else{
echo 'Sorry no access<br /><br />';
 }

You're already stating it in: (but don't use echo with header)

else{
    echo 'Sorry no access<br /><br />';
    //if i remove the "//" to the next header function works in local and hosting
    header('Location:index.php');
}

In regards to headers already sent that is caused by the echos and header, plus check to see if you may have a space before your opening <?php tag, or a byte order mark (save your files as UTF-8 without BOM). That could be a contributing factor, should you still get that error after removing the echos.

Make sure there is nothing above it. You can probably get away using ob_start(); following your opening <?php tag.

The echo $user is causing this, so just remove it and use the header. Keep echo to TEST with only, but comment out the header when doing so. You should not be echoing anything above header, HTML, etc.

This echo 'Sorry no access<br /><br />'; is where you should remove it. It's either echo or header, you can't use both.

You can read up on the headers already sent here:

How to fix "Headers already sent" error in PHP

Code: (see comments in code)

<?php

include '../conection.php';

$user = $mysqli->real_escape_string($_POST['name']);
$pass = sha1($mysqli->real_escape_string($_POST['pass']));

    if(isset($_POST['submit'])){

    $users = $mysqli->query("select * from admins where admin_user='".$user."' and admin_pass='".$pass."' ");

    if($users->fetch_object()){
            session_start();
            $_SESSION['user'] = $user;
            //Im having troubles with this function
            header('Location:control.php');
              exit;

    // echo $user; // don't use this with header

    }else{
        // echo 'Sorry no access<br /><br />'; // don't use this with header
        //if i remove the "//" to the next header function works in local and hosting
        header('Location:index.php');
        exit;
    } 


} // brace for if(isset($_POST['submit']))

$mysqli->close();

?>

<form method="post" action="">
                User:<br />
                <input type="text" name="name" required><br /><br />
                Password:<br />
                <input type="password" name="pass" class="input" required><br /><br />
                <input type="submit" name="submit" value="Submit">
<br>

</form>

Puuum! Fred I really appreciate all your help, your answer was very helpful and works. I hope someday return this favor. Just another little bit question: what do you recommend me to continue learning? Regards. — Christian, Sep 27 '14 at 04:46
@Christian You're very much welcome Christian. You can read up on [**prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO with prepared statements**](http://php.net/pdo.prepared-statements), *they're much safer*. They're a bit more work, but well worth the effort, *believe me*. Plus, if you've something particular in mind, Stack is a good place to go through the many questions and *accepted* answers. You can Google too, which many a time, will most likely lead you back here on Stack :) — Funk Forty Niner, Sep 27 '14 at 04:48
@Christian Another thing I recommend you use is [**CRYPT_BLOWFISH**](http://security.stackexchange.com/q/36471) or PHP 5.5's [`password_hash()`](http://www.php.net/manual/en/function.password-hash.php) function. For PHP < 5.5 use the [`password_hash() compatibility pack`](https://github.com/ircmaxell/password_compat). `sha1` isn't the best hashing method; many don't like using it anymore. — Funk Forty Niner, Sep 27 '14 at 04:50
Thanks for all the advice and for taking the time to respond. We read soon. — Christian, Sep 27 '14 at 04:55

score -1 · Answer 3 · answered Sep 27 '14 at 03:04

-1

To start with use prepared statements Here

Second do this:

header('Location: control.php');
exit;

answered Sep 27 '14 at 03:04

Anthony Gainor

1,149
2
10
9

header function trouble in hosting

3 Answers3