0

The following code, for some odd reason, works without error when the condition is true. I would like to know why, contrary to the expected error, it works.

include('includes/header.html');
echo "<div class = 'col-sm-6'>";
if (!ISADMIN && !(isset($_SESSION['id']) && isset($_GET['id']) && $_SESSION['id'] == $_GET['id'])) {
  @require('includes/login_functions.inc.php');     
  redirect_user(''); // Redirects successfully
}

The function above, redirect_user(), is in an includes file, and I call the function at the top of the most of my PHP files. Mainly, the function calls 

header("Location: $url")

where $url is a local function scope variable.

The headers have already been sent, and HTML has already been both dynamically through PHP and statically through HTML printed to the page. However, as per the conditional, the user is still redirected if the conditional returns true. The reason this is a problem is when I try to reproduce it in a new file, I get the error I expect,

Warning: Cannot modify header information - headers already sent by (output started at

Additionally, I get this error as expected without the conditional, just calling redirect_user().

The includes directory is located on the repository's GitHub. The page on the live site is http://www.bforborum.com/test

Edit

I have found that output_buffering was on, and I turned it off to no avail. With this set to 0, everything redirects whether or not headers are sent.

Marvin
  • 853
  • 2
  • 14
  • 38
  • Are you saying sometimes calling `header()` will throw the warning and sometimes it will not? You're concerned about the cases when that warning is not thrown, correct? – waterloomatt Oct 22 '19 at 00:04
  • _>> Additionally, I get this error without the conditional, just calling redirect_user()_. So, when it goes into your if statement then the error is thrown? If so, that is exactly what is supposed to happen. You have already output content with the `echo` so any call to `header(...)` will throw that warning. – waterloomatt Oct 22 '19 at 00:06
  • @waterloomatt In the first script I made, the warning is not thrown. In the second script I made when trying to reproduce this, it throws the warning. – Marvin Oct 22 '19 at 00:06
  • @waterloomatt I know why it is throwing the error when it does...when it doesn't is where I am confused – Marvin Oct 22 '19 at 00:08
  • I suspect it is not going into your if statement therefor not issuing the header. Your if statement logic seems to contradict itself. How can `session['id'] == get['id']` if `!session['id'] && get['id']`? Hope that's clear. – waterloomatt Oct 22 '19 at 00:13
  • @waterloomatt No, it _is_ redirecting when the condition returns true. – Marvin Oct 22 '19 at 00:13
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/201235/discussion-between-marvin-and-waterloomatt). – Marvin Oct 22 '19 at 00:18
  • I really don't have enough information to go on here. Can you provide something for me to reproduce it? Are you sure you're not buffering output with `ob_start`? – waterloomatt Oct 22 '19 at 00:18

1 Answers1

0

Note: I did not find this answer by myself. waterloomatt helped me, but at the time the question was closed.

The reason for all of this was that output_buffering was turned on, on the live site, while turned off on the localhost. Alternatively, display_errors was off, on the live site while turned on on the localhost. This caused inconsistent results.

Output buffering meant that it redirected even though the headers were already sent. I used .htaccess to set output_buffering to off for both the live site and localhost. Also, I used ob_start because using it this way was actually working better for me.

What's the use of ob_start() in php?

Marvin
  • 853
  • 2
  • 14
  • 38