Page 1 of 1

header function

Posted: Mon Sep 04, 2006 6:16 pm
by PastorHank
In my script I use the header function to move the user to a menu type of page (after a successful login...)

Code: Select all

// check user
		if($num_rows < 1){
			header("Location: http://www.thunderhillranch.com/sorry.htm");
			exit();
			}
	
		while ($row = mysql_fetch_array($result1)) {
		  		extract($row);
				// set username and password into session vars
				$_SESSION[user] = username;
				$_SESSION[pass] = password;
				$_SESSION[auth] = "Yes";
			}	
				header("Location: http://www.thunderhillranch.com/ranchmain.htm");
				exit();
That seems to work and it sends me to ranchmain.htm

however, I would like to be able to verify that the user got to the menu page by logging in, so in the script ranchmain calls, I check for whether the user is authorized

Code: Select all

if (@$_SESSION['auth'] !="Yes")
	{
	header("location:http://www.thunderhillranch.com/ranchmain.htm");
	exit();
	}
What's happening is that I get the following error message
"Warning: Cannot modify header information - headers already sent by (output started at /home/thunde9/public_html/cgi-bin/lookup.php:6) in /home/thunde9/public_html/cgi-bin/lookup.php on line 11"

From my research I've discovered that the error is generated because I've already used the header function once during this session, I can't seem to find how to clear it, so I can reuse it, or is there a better way to accomplish what I'm trying to do.

Thanks


[/quote]

Posted: Mon Sep 04, 2006 6:20 pm
by feyd
The error indicates that you have textual output five lines above this header() call. I'll guess that it's some HTML.

viewtopic.php?t=1157

Posted: Mon Sep 04, 2006 6:36 pm
by PastorHank
Found where I had messed that up, thank you....is there a better way to check that someone has logged in and has permission to visit the page?

Posted: Mon Sep 04, 2006 6:42 pm
by Ollie Saunders
PastorHank wrote:Found where I had messed that up, thank you....is there a better way to check that someone has logged in and has permission to visit the page?
Not one that comes to mind at the moment.

Oh while you are here. Add this to your code whilst you are developing (remove it during production):

Code: Select all

ini_set('display_errors', 'On');
error_reporting(E_ALL | E_STRICT);
and you will come to realise that this:

Code: Select all

$_SESSION[user] = username;
is probably not doing what you want it to. I think you want this:

Code: Select all

$_SESSION['user'] = $username
but php is currently doing this:

Code: Select all

$_SESSION['user'] = 'username';
Unless of course those are constants in which case they should be in uppercase.

Posted: Mon Sep 04, 2006 6:56 pm
by PastorHank
Thank you....slowly but surely, I'm beginning to understand this...

Posted: Mon Sep 04, 2006 7:22 pm
by RobertGonzalez
Also take note that you can use the header() function repeatedly for setting header information throughout the script.

... but obviously not for redirecting. :D