0

Hi Stackoverflow members!

Problem
Main file:

<?php
    $privileges = $_SESSION['privileges'];
    switch ($privileges) {
        case "admin":
            echo '';
            break;
        case "user":
            echo '';
            break;
        default:
            header("location: nologon.php");
    }
?>

"head.php" file:

<?php
error_reporting(0);
include('connect.php');
session_start();
?>
<head>
    <meta charset="utf-8">
    <!--<?php include('./assets/js/block_mouse.min.js') ?>
    <?php include('./assets/js/block_ctrl.min.js') ?>-->
    <link href="assets/img/soccer.ico" rel="icon" type="image/x-icon" />
    <link rel="stylesheet" href="./assets/css/stylesheet.css">
    <script type="text/javascript" src="./assets/js/jquery.min.js"></script>
    <script type="text/javascript" src="./assets/js/bootstrap.min.js"></script>
</head>

The server wont redirect clients to the "nologon.php" page when they aren't logged in. All the other pages and PHP codes works perfectly, but this don't? Screenshots:
Main file:

http://gyazo.com/cc7836bfddaceff4d1f4c27cbb05d67e

head.php file:

http://gyazo.com/b1f67ad03081e4e958b2d673ac7e3316
  • Thanks in advance!
bilbodog
  • 231
  • 1
  • 5
  • 15
  • `header("location: nologon.php"); exit;` – Mark Baker Mar 08 '15 at 13:44
  • Okay now people dosen't load the page (In the default case), but it's still not redirecting people to the page i want, which is "nologon.php". I can't seem to find the logic in this case. – bilbodog Mar 08 '15 at 13:47
  • Have you tested if the switch calls the default when the user is not logged in? Like putting a `var_dump` or `echo` there just to see if all is good? – Mikolaj Mar 08 '15 at 14:02
  • It shouldn't really make a difference in this case, but try change the double quotes to single quotes for the header location – Michael Doye Mar 08 '15 at 14:10
  • Yes, I've tried that, Mikolaj. – bilbodog Mar 08 '15 at 14:20
  • @ErwinBolwidt What're you talking about? – bilbodog Mar 08 '15 at 14:21
  • @Mikolaj I tried, still nothing. – bilbodog Mar 08 '15 at 14:21
  • Have you tried adding the full URL to the Location: header? You should also try replacing the header statement to just a simple echo or die to check if the code is executed properly. Then you can determine whether the issue lies with the header you are trying to send or the logic. – shrmn Mar 08 '15 at 14:35
  • @shrmn Yes, already tried that. – bilbodog Mar 08 '15 at 15:19

3 Answers3

0

Not totally sure, but I think location: needs to be Location:

Also, just in case:

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

(From php.net)

Also, exit;, like header('Location: nologin.php'); exit;

After looking at your screenshot(s), put all this at the beggining of your head.php file (move it around however you want, but the header needs to be before the <head> tag that is in head.php) like after session_start();:

<?php
    include 'head.php';

    $privileges = $_SESSION['privileges'];
    switch ($privileges) {
        case "admin":
            echo '';
            break;
        case "user":
            echo '';
            break;
        default:
            header("location: nologon.php");
            exit;
    }
?>
<html>
...
Mikolaj
  • 688
  • 8
  • 19
  • I've tried to change "header("location: nologon.php");" to "header("Location: nologon.php");". Still nothing. – bilbodog Mar 08 '15 at 13:49
  • @bilbodog Ok, is your `header` called before any other output? I also added to my answer. – Mikolaj Mar 08 '15 at 13:52
  • And then a screenshot of the head.php file if you want to know what's in there: http://gyazo.com/bb310bbfb76b2f0c126b6eb10dc3dd97 – bilbodog Mar 08 '15 at 13:54
  • @bilbodog Ok, try putting your whole switch statement above all the html. – Mikolaj Mar 08 '15 at 13:55
  • If I do that, then the "session_start();" command and my defines variables wont be loaded. Then it will just do the default case even if it is users or admins reaching the page. The "head.php" is the file that loads the connection, session_start, styles and what so ever. – bilbodog Mar 08 '15 at 14:01
  • Then put ALL of that before the ``. – Mikolaj Mar 08 '15 at 14:03
  • I've tried it anyways and gives me this warning: "Warning: Cannot modify header information - headers already sent by (output started at /home/xxx/public_html/product.php:3) in /home/xxx/public_html/product.php on line 13" – bilbodog Mar 08 '15 at 14:03
  • I tried put all the PHP stuff before the and still nothing happens when supposed in the default case. – bilbodog Mar 08 '15 at 14:05
  • please replace index.php with nologon.php and let us know if you are able to see a page?? – Ashutosh Nigam Mar 08 '15 at 14:07
  • @bilbodog Maybe we need to see what head.php is doing. Care to put some examples in your question of that code? – Mikolaj Mar 08 '15 at 14:08
  • @bilbodog, what is the value of $_SESSION['privileges'] ? – Ashutosh Nigam Mar 08 '15 at 14:11
  • @bilbodog ok, i see what the problem is here and i put it in my answer. but you need to have the `header` *before* the `` tag for sure. – Mikolaj Mar 08 '15 at 14:15
  • check my answer's last line for solution. Add that at the top of your code. – Ashutosh Nigam Mar 08 '15 at 14:18
  • @AshutoshNigam The only variables possible is: http://gyazo.com/b29b5bfc5c4b9e4d72ddd290b97bdba7 and then nothing. – bilbodog Mar 08 '15 at 14:23
  • @Mikolaj It's not required. I already tried and it still dosen't work if I do that anyways. – bilbodog Mar 08 '15 at 14:24
  • @bilbodog there can be null also one of the option, I am trying to take care of that. – Ashutosh Nigam Mar 08 '15 at 14:26
  • @AshutoshNigam I've tried upload my website to www.hostinger.com and there all my coding works fine without ANY problems. But why dosen't it work on my server provider's system, where I'm hosting my .dk domain and my server? – bilbodog Mar 08 '15 at 14:27
0

Updated code

  <?php
    if(isset($_SESSION['privileges'])
        $privileges = $_SESSION['privileges'];
    else 
         header("location: ./nologon.php");

    switch ($privileges) {
        case "admin":
            echo '';
            break;
        case "user":
            echo '';
            break;
        default:
            header("location: nologon.php");
    }
?>

History: if the nologin.php is in same folder then use as follows:

header("location: ./nologon.php");

It would be good to check isset for the session var.

If nologon.php is not in website's root folder then please move it there.

AS your seesion variable is not set please use following code:

if(!isset($_SESSION['privileges']) header("location: nologon.php');
Ashutosh Nigam
  • 868
  • 8
  • 27
0

I think you have something wrong on session data because it work fine, anyway try add echo before it

echo header("Location: nologon.php");
rami-yrm
  • 57
  • 1
  • 11