Warning: Cannot modify header information - headers already sent (PHP)

Question

My issue is somewhat similar to the following post..

PHP error: Cannot modify header information – headers already sent

But in my case I chose to start the session once I determine there is no validation errors from the login form and the user's login info matches that of the database. Here is the following code:

Login page (before any html)

session_name('username');
session_name('ip');
session_name('start');
session_start();    

Login.php snippet (in the body of html)

         } else {
            $user = $_POST['username']; 
            $userpass = md5($_POST['password']); 
            $login_results = statement("select username, password from `$admin` where username='$user' and password='$userpass'");

            if (mysql_num_rows($login_results)!= 1) { 
                $errmsg = "<span id='error'>Login failed: Username or password not on file</span>";
            }else {

                $_SESSION['username'] = "$user"; 
                $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
                header("Location: index.php"); 
            }
        }
    }

}

if you look at the else block of the code above i'm verifying the login and if its good I want to assign the sessions variables and go to my index page. Which has this code at the very beginning:

 //Session Timeout Script -- used to determine the amount of time the user has been idle.  If it the user has been idle for longer then the session time, log the user out.
 //Secondary to the Timeout Script, the username and ip address is checked for validility and if either fails redirect the user to the login page. 
 session_cache_expire( 20 );
 session_start(); 

 $inactive = 1200;     

 if(isset($_SESSION['start']) ) {
      $session_life = time() - $_SESSION['start'];
  if($session_life > $inactive){
        header("Location: logout.php");
   }
}

  $_SESSION['start'] = time();

    $newip = $_SERVER['REMOTE_ADDR']; 
   if (!isset($_SESSION['username']) ||  empty($_SESSION['username']) || $newip!=    $_SESSION['ip']) { 
 header('Location: login.php'); 
} 

Now reading through the question from that previous author, it was mentioned that header() should be the first thing to execute in the code thats sending the redirect, which in my case is login.php. And doing that allows me to login, but when I log out i'm destroying all my sessions and and using the header() to send me back to the login page. Which will in turn make the login page redirect back to the index page because its the first line of code read. Is there a way to avoid this? so I wouldn't need to repeat some of my code logic I already have in place at the top of login.php?

Andre

Answer 1

Yes, header must be called before any other output, it's needed by http itself, no way around it. However, you can call header after session_start().

So you can start session, check the login data from $_POST and than start html output.

Btw, why use three session_name in succession?

Answer 2

I had a kind of similar problem with header function.
First of all make sure there is no white space at the beginning and at the end of your .php file.
Something like this causes these sort of errors sometime:

   <?php
//Codes...

As you can see, the there is a white space before the start of the PHP tag. It causes ridiculous errors when your PHP codes are mixed with HTML.
As far as I can remember, the call to session_start() function has to be the first line of code at the very beginning of the file after opening PHP tag.
I'm pretty sure that caused me some problem a while back.

Answer 3

You may also want to use output buffering. See the PHP manual on OB tasks.