How can I redirect a not logged in person to the index page?

Question

I would like a person who is not logged in be redirected to the index page.

on my onlymembers.php I put this code:

if(!$user->is_logged_in()){ 
echo "you are not logged in";
header("Location: index.php");
}

It is printing out "you are not logged in" which indicates that the login check is working. But I will not be redirected to the index page. Do you know why?

Update:

I used this code now and it is working:

if(!$user->is_logged_in()){ 
header("Location: index.php"); 
}

I have actually NO idea why. I just removed some whitespaces :-/

Update again: I know now the problem: I just removed the whitespace infront my <?php at the beginning of my page....

http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php No output before headers — Michael Kunst, Sep 04 '15 at 09:53
The reason it's failing is as @DanishEnam and @MichaelKunst says, the cause is that `header('Location;');` cannot have any "browser" visible output before it, if you have any error reporting turned on you'd see a error with "Warning: Cannot modify header information - headers already sent by (output started at .... " — Epodax, Sep 04 '15 at 09:56
don't share man.. but please can you remove 'echo' before header and see.. — Nana Partykar, Sep 04 '15 at 09:56
Place `error_reporting(E_ALL); ini_set("display_errors", 1);` at the top of your code, just below the ` — Epodax, Sep 04 '15 at 10:00
put ob_start() as the first and ob_flush() as last line of your code. — 6339, Sep 04 '15 at 10:01
@Epodax I placed the error message, but still nothing happens when I lot the page — peace_love, Sep 04 '15 at 10:02
error_reporting(E_All); ini_set("display_errors",1); if(!$user->is_logged_in()){ header("Location: index.php"); EXIT; } //Uncomment All Code ?> — Nana Partykar, Sep 04 '15 at 10:06
Yes I had html code before it. But I deleted now all code. It is now only `is_logged_in()){ header("Location: index.php"); } ` — peace_love, Sep 04 '15 at 10:09
place ob_start(); php error_reporting(E_ALL); ini_set("display_errors", 1); session_start(); if(!$user->is_logged_in()){ header("Location: index.php"); ob_flush(); } — 6339, Sep 04 '15 at 10:10
Remove the `ob_flush();` part and `ob_start();` - It sounds like you are getting some serious errors that aren't getting displayed as they should, are you on a shared host? — Epodax, Sep 04 '15 at 10:18
@Epodax without op_flush and ob_start I see my page again, but no redirecting (no not a shared host) — peace_love, Sep 04 '15 at 10:21
place ob_start(); just before header("Location: index.php"); — 6339, Sep 04 '15 at 10:22
@6339 placed ob_start before header.., I see my page but no redirecting — peace_love, Sep 04 '15 at 10:24

score 4 · Accepted Answer · answered Sep 04 '15 at 09:58

4

You can't send the content of a page before using an HTTP redirection (you should have a PHP error like "headers already sent" with your code). You either have to redirect using javascript or remove the "echo" :

if(!$user->is_logged_in()){ 
    header("Location: index.php");
}

answered Sep 04 '15 at 09:58

Derek

1,826
18
25

Thank you, I wrote the code like you suggested, but still it is not redirecting. How can I make the "headers already sent" error message? – peace_love Sep 04 '15 at 10:00
Jarla, you need to make sure your check happens before any echos. If you do as you have shown, and you look at the logs (or increase your log level), you'll see the "headers already sent" message – Ruan Mendes Sep 04 '15 at 10:37

J0ker98 · Answer 2 · 2015-09-04T10:34:55.337

You cannot send an HTTP header after you've sent a visual output to the user. You could instead use an header with a refresh condition that will allow you to send an output to the user.

if(!$user->is_logged_in()){ 
header("Refresh: 5; url=./index.php");
//after 5 seconds the user gets redirected. To change the period of time just change the number after "Refresh"
echo "you are not logged in";
exit();
}

P.S. Is always suggested that you use an exit() function (like I did) when you want force redirect an user for security prouposes.

You could also put a variable on the redirect link and then parse it on index.php to display a message, like this...

Redirect

if(!$user->is_logged_in()){ 
$msg = "you are not logged in";
    header("Location: index.php?reply=$msg");
exit();
    }

Additional index.php code

if(!empty($_GET['reply'])) {
$reply = $_GET['reply'];
}

Then you have the $reply variable that contain the message you can display in your index.

I tried the first code you suggested, but I get an empty page with the message: you are not logged in. No redirection — peace_love, Sep 04 '15 at 10:26
Try to change the path of the url from "index.php" to "./index.php". I've also edited the answer. — J0ker98, Sep 04 '15 at 10:35

score 0 · Answer 3 · answered Sep 04 '15 at 09:53

0

there with location redirect not working then you may use javascript for this.

<script>
 window.location = "http://www.redirecturl.com/"
</script>

answered Sep 04 '15 at 09:53

jasbir singh

71
5

but is it more secure then header(location:...) ? – peace_love Sep 04 '15 at 10:16
`header('Location:...');` is not client side, although I cannot tell you whether it's "secure" as I don't know, but I'm fairly positive that it is more secure. – Epodax Sep 04 '15 at 10:18
you mean javascript is more secure? – peace_love Sep 04 '15 at 10:19
No, the `header('Location'); ` is more secure, although I'm not certain. – Epodax Sep 04 '15 at 10:20
@epodax, how is that more secure? You still ends up with the same result,. The reason you should avoid JavaScript is in case the user has it turned off – Ruan Mendes Sep 04 '15 at 10:41
@JuanMendes Because the JavaScript can be manipulated by the user without the server having a say about it, a `header('Location: index.php);` is static, and they can't change the URL, although I'm not sure if one can alter the headers after they are sent from the server. But again, I'm far from certain. – Epodax Sep 04 '15 at 10:43
@epodax but the JavaScript could be run by the client anyway. The problem is when you generate JavaScript and you have unsanitized input, it could run with the user's credentials. I don't see any risk here. – Ruan Mendes Sep 04 '15 at 11:58

score 0 · Answer 4 · answered Sep 04 '15 at 10:17

Move the if statement above the header file include.

ob_start() at the top of the script to buffer the output.

if(!$user->is_logged_in()){    
    echo "you are not logged in";    
    ob_start();    
    header("Location: index.php");    
}

OR

<script>                
    var url = "http://yoururl.com";    
    window.location.href = url;
</script>

Golden_flash · Answer 5 · 2015-09-04T10:25:12.423

-1

Header function should be used before html tag.

Example:

<html>
<?php
/* This will give an error. Note the output
 * above, which is before the header() call */
header('Location: http://www.example.com/');
exit;
?>

edited Sep 04 '15 at 10:25

answered Sep 04 '15 at 10:03

Golden_flash

492
1
6
14

How can I redirect a not logged in person to the index page?

5 Answers5