Page 1 of 1

redirecting in included php file

Posted: Mon Nov 01, 2010 6:13 am
by boozelclark
I am trying to create a login box that is in the top right corner of my site. Once the user uses it to log in they need to be redirected to the account page. i include the login_box.php file in the appropriate div. however the file uses header("Location: account.php"); to redirect the user. because this file is included after the header i receive Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\index.php:17) in C:\xampp\htdocs\layout_inc\login_box.php on line 76
What would be the correct way to do this. My code is bellow. Thank you in advance
[syntax=php}]<?php
//Forms posted

if(!empty($_POST))
{
$errors = array();
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
$remember_choice = trim($_POST["remember_me"]);

//Perform some validation
//Feel free to edit / change as required
if($username == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
}
if($password == "")
{
$errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
}

//End data validation
if(count($errors) == 0)
{
//A security note here, never tell the user which credential was incorrect
if(!usernameExists($username))
{
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
}
else
{
$userdetails = fetchUserDetails($username);

//See if the user's account is activation
if($userdetails["Active"]==0)
{
$errors[] = lang("ACCOUNT_INACTIVE");
}
else
{
//Hash the password and use the salt from the database to compare the password.
$entered_pass = generateHash($password,$userdetails["Password"]);

if($entered_pass != $userdetails["Password"])
{
//Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
$errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");

}
else
{
//Passwords match! we're good to go'

//Construct a new logged in user object
//Transfer some db data to the session object
$loggedInUser = new loggedInUser();
$loggedInUser->email = $userdetails["Email"];
$loggedInUser->user_id = $userdetails["User_ID"];
$loggedInUser->hash_pw = $userdetails["Password"];
$loggedInUser->display_username = $userdetails["Username"];
$loggedInUser->clean_username = $userdetails["Username_Clean"];
$loggedInUser->remember_me = $remember_choice;
$loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true));
//Update last sign in
$loggedInUser->updateLastSignIn();

if($loggedInUser->remember_me == 0)
$_SESSION["userCakeUser"] = $loggedInUser;
else if($loggedInUser->remember_me == 1) {
$db->sql_query("INSERT INTO ".$db_table_prefix."Sessions VALUES('".time()."', '".serialize($loggedInUser)."', '".$loggedInUser->remember_me_sessid."')");
setcookie("userCakeUser", $loggedInUser->remember_me_sessid, time()+parseLength($remember_me_length));
}

//Redirect to user account page

header("Location: account.php");
die();
}
}
}
}
}

if(!isUserLoggedIn()) {?><form name="newUser" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
<table>
<tr>
<td>
<label>Username:</label>
</td>
<td>
<input type="text" name="username" />
</td>
</tr>
<tr>
<td>
<label>Password:</label>
</td>
<td>
<input type="password" name="password" />
</td>
</tr>
<tr>
<td>
<label>&nbsp;</label>
<input type="submit" value="Login" class="submit"/>
</td>
<td>
<input type="checkbox" name="remember_me" value="1" /> <label style="font-size:12px">Remember Me?</label>
</td>
</tr>
</table>
<div style="text-align:center;">
<a href="register.php" class="info">Register</a> | <a href="forgot-password.php" class="info">Forgot Password?</a>
</div>
</form><?php }
else{?><h1>Welcome <?php echo $loggedInUser->display_username; ?> </h1>
<br/>

<a href="account.php" class="info">Dashboard</a> | <a href="logout.php" class="info">Logout</a><?php }

?>[/syntax]