0

Recently I finished my first website that is mainly built on php. After a few teething problems with the database I managed to open a back door and create the first user. So the site went live late last evening. But when I tried logging in a huge headache of an error stuck its head out in the form of the following message: Warning: Cannot modify header information - headers already sent by. This error did not occur on my localhost Apache with the following error settings :

ini_set('display_errors', 1); 
ini_set('log_errors',1); 
error_reporting(E_ALL); 
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

After 9 hours of reading all the posts on this forum and a few elsewhere, removing white space, ensuring that "Raw output areas" follow after headers and trying to exit or removing a header already sent (did not work), I decided that there must be something wrong with my php logic.
Can someone please help on what is the right logic for session sets, header calls and redirects?

Code info - Header on index page:

<?php
session_start();
include_once __DIR__.'/paths/config.php'; //defined paths
include_once RELATIVE_PATH_UTILS.'/sessioncont.php'; //session redirects
?>
<!DOCTYPE html> //the line which the error message says output started

On the index page: there is a login form with an action call to the index.php page. This action call leads to a $_POST['login'] if block in the following php included script that is embedded just below the navbar:

<?php
    //include alert message class
    include_once RELATIVE_PATH_UTILS.'/message.php'; 
?>

In the message file the following If block checks the post:

//test login input forms
if (isset($_POST["login"])) {
    include_once RELATIVE_PATH_UTILS.'/verifylogin.php';
}

In the verifylogin.php file on line 57 is a header call to the home page which gives the WARNING error. If I remove this call there is no error, BUT an user does not redirect to the home page.

Can someone please give me a clue on where the flaw is in my sites logic?

Hmerman6006
  • 1,622
  • 1
  • 20
  • 45
  • 1
    In a nutshell, apply MVC separation, specifically separation between the Controller and the View. Basically, put code which decides *what* is going to happen first (Controller, e.g. check login status, gather data etc.), and *then* start anything do to with output (i.e. HTML). Preferable in separate files even, but that's optional. Headers only need to be set in the "what's going to happen" part or the start of the view part, not once HTML has started. You *appear* to be doing that, we can't tell where you're not. – deceze Sep 25 '19 at 08:39
  • @deceze The ```session_start()``` header is right at the beginning in the index.php file and after that on line 6 the html output begins. Everything is in one file, which means the header will execute before the html. Or am I wrong? How do I delay the html output? – Hmerman6006 Sep 25 '19 at 08:48
  • Yeah, again, you *appear* to be doing this correctly. You need to read and interpret the full error message you get correctly. It tells you what line produced the error and at what line the output started. – deceze Sep 25 '19 at 08:53
  • @deceze Thank you for your patience. For the first time I have not received the error after clicking login. The following comment I believe summarises the cause of my error: "```all work with session, cookies, header() etc(everything that modifies http headers) must be done before first output of the script```", which also denotes what you said. So within my message script is the include statement to the verifylogin code that contains the header call. Because I embedded it just below my navbar after the html output began, it caused the error. – Hmerman6006 Sep 25 '19 at 09:38

0 Answers0