[RESOLVED] header problem

[Justa Lol]

my site wont redirect using header("Location: whatever");
i don't really know what i'm doing wrong here...
code:

Code:

<?php
$host="localhost"; 
$username="root";
$password=""; 
$db_name="admin"; 
$tbl_name="admin"; 

mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);

if($count==1){
$_SESSION["myusername"] = $myusername;
$_SESSION["mypassword"] = $mypassword;
header("location: login_success.php"); //error here line 26
}
else {
echo "Wrong Username or Password";
}

?>

error:

Code:

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\xampp\htdocs\tp\checklogin.php:1) in C:\xampp\xampp\htdocs\tp\checklogin.php on line 26

[SambaNeko]

The error means you tried to output something prior to using header(). Are there any blank lines in the file before your PHP code?

Also, don't you need to use session_start() prior to setting $_SESSION vars? And if you're going to set $_SESSION vars and then use header() afterwards, it's a good idea to use session_write_close() before header(), or else the session vars you tried to set won't be saved (at least I've had this happen to me - don't know if it's a universal problem).

[Justa Lol]

nothing before the php code.. i'll try to see what i can do with this but i can't do it tonight, i'll update on it tomorrow.

[kows]

like Samba said, you definitely do need to make a call to session_start() before you start assigning session variables. this is most likely the issue, as assigning session variables without a session being initiated may echo out some kind of error, or.. something. as always, I'd also make sure you don't have any whitespace before your opening PHP tags, and make sure you didn't create the PHP file in a rich-text editor.

Samba, I've never had problems setting a session and then redirecting (I do this for every login-type-system that I make, actually), so the problem you've had might be related to something else. if you run into it again, I'd like to see, though!

[SambaNeko]

if you run into it again, I'd like to see, though!

It was also a login system and a pain to figure out what was going wrong... There are others talking about the same problem in the comments on PHP.net's session_write_close page though, so I can't be the only one.

From one comment:

This function is essencial when you change $_SESSION[] variables and then, at some poit in the middle of the script, you send an header("Location: http://...") function to the browser, because in this case the session variables may not be saved before the browser change to the new page.

To prevent from lossing session data, allways use session_write_close before this header function. session_write_close will force session data to be saved before the browser change to the new page.

Hope this will help you not to loose 1 day wondering why people could not authenticate or make other changes in session vars in your site.

Maybe it had to do with being on a Windows server - a few people mention that...

[kows]

if that's true, then it's only IIS specific. I've run Apache on Windows servers before (and I do it locally) without a problem. I'll probably try messing around later to see if I can't recreate it.

[SambaNeko]

Yeah, I've got local Apache as well and couldn't recreate it. Probably just an unusual case to keep in mind if one ever runs into the same situation.

[Justa Lol]

i got an excellent idea all..

what my idea is:

make the form post to itself so no need to redirect using php...

[penagate]

Doesn't really matter where you post the data, as long as you redirect after you receive it. If you do not, the user will get the dreaded "This form must be resubmitted" message if they try to go back after posting the form.

What you should do, whenever handling posted data, is use a 303 status code.

PHP Code:

header('Location: http://example.org/NextPage', true, 303); 


Location is an absolute URI.