0

HI All,
I'm developing a security system for a CMS but it appears that my redirect does not work.

I'm using sessions and I know that the session is being created since I did an echo on session_id().

<?php if($count==1)
{
	$_SESSION['loggedin']=1;
	print "logged in";
	header('Location: edit.php');
	print "no";
}
else {
echo "Wrong Username or Password";
}
?>

What's wrong, and how do I fix it to redirect after the user is authenticated?

Cheers,

5
Contributors
7
Replies
12
Views
7 Years
Discussion Span
Last Post by Virtualbase
0

Hey guys, thanks for the fast responses!

Do you have

<?php session_start(); ?>

at the top of your pages?

Yes, it is right at the top of the page for authenticate.php (the page I'm having issues with) and edit.php. Do I need one for login.php?

exit after redirection

header('location: edit.php');	
exit;

I've added it on but it doesn't seem to make a difference.

Looking through the error log, I found this:

[13-May-2010 12:47:09] PHP Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/authenticate.php:26) in /Applications/MAMP/htdocs/authenticate.php on line 28
[13-May-2010 12:49:10] PHP Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/authenticate.php:26) in /Applications/MAMP/htdocs/authenticate.php on line 27

All I'm doing is getting the login and password contents from login.php, checking against sql injection attacks and then running a query to authenticate the user before producing output.

Cheers,

Edited by bsewell: n/a

0

so u r not redirecting to edit.php. right...
ok then paste this on top of ur code.

ob_start();

and after header paste

ob_end_flush();

i think it works..

dont forget to mark as solved if it is done.

0

I just fixed it. The clue was that the log said output started at line 26. I just had a look at the code, and I was echo'ing the session variable to check whether it had been changed. I removed it and it's all working now :)

0

Nice solution. That'll definitely help us :)

Mike,

Edited by Ezzaral: Snipped &quot;fake sig&quot; link. Please restrict such links to your site-wide user signature, which can be edited from the user control panel.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.