Header not Redirecting

[MikeKohler]

Hi, I have the following code:
<?php
ob_start();
?>

<body>
<?php // Script 8.8 - login.php
// This page lets people log into the site.

// Address error handling.
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);

// Set the page title and include the header file.
define ('TITLE', 'Login');

// Basic HTML formatting stuff.
print '<div id="leftcontent">
<h1>Login Form</h1>
<p>For Security Reasons it is necessary to log in before uploading your file.</p>';

// Check if the form has been submitted.
if ( isset ($_POST['submit'])) {

// Handle the form.
if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) ) {

if ( ($_POST['username'] == 'test') && ($_POST['password'] == 'test') ) { // Okay.

header ('Location:

http://www.bsstrpa.ca/newpage);

ob_end_clean();

} else { // Not okay.

I don't get any errors, but I don't get the response I was looking for. The page simply turns blank and the address shows as being still on the login page.
Thank you,
Michael Kohler
I changed the url of the page that this code redirects to. newpage doesn't exist, no offense, but I didn't want anybody going to my upload page without there being any security.

 

[jpadie]

you are using output buffering and then you call ob_end_clean after the header redirection. ob_end_clean (as opposed to ob_end_flush()) deletes the output buffer so that the header never gets sent.

put ob_end_clean before the header call, or abandon output buffering altogether.

 

[sleipnir214]

Better still, reorganize your script and you won't have to use output buffering commands at all:

<?php
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
define ('TITLE', 'Login');

function output_login_form ($error_message = '')
{
	print '<html><body>';
	
	if ($error_message != '')
	{
		print $error_message;
	}
	
	print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '">
	<div id="leftcontent">
    <h1>Login Form</h1>
    <p>For Security Reasons it is necessary to log in before uploading your file.</p>
    <input type="text" name="username"';
    
    if(isset($_POST['username'])
    {
    	print ' value="' . $_POST['username'] . '"';
    }
    
    print '><br>
    <input type="password" name="password"><br>
    <input type="submit" name="submit"></form></body></html>';
}
	

if ( isset ($_POST['submit']))
{
    // Handle the form.
	if ( (!empty ($_POST['username'])) && (!empty ($_POST['password'])) )
	{
		if ( ($_POST['username'] == 'test') && ($_POST['password'] == 'test') )
		{
			//Good login.  Redirect.
			header ('Location: [URL unfurl="true"]http://www.bsstrpa.ca/newpage');[/URL]
		}
		else
		{
			//Bad login.  Output form again with error message
			output_login_form('Bad Login');
		}
	}
	else
	{
		//unexpected input.  Display form
		output_login_form();
	}
}
else
{
	//No input.  Display form
	output_login_form();
}
?>

Want the best answers? Ask the best questions! TANSTAAFL!

 

[MikeKohler]

Thanks for the help. i managed to get it to work. I ended up using Output Buffering, but I placed the commands in a header and footer html documents, and it works fine.
In header.html I put the code:
<?php // script 8.11
ob_start();
?>
And in the footer.html I put
<?php
ob_end_flush();
?>
And in the main log in page I used the header command
header ('Location: upload_file.php');
exit();

Michael Kohler

 

[jpadie]

i've changed my view on output buffering over the last couple of years. at first I used it regularly but now I use it for one thing only: capturing the results of an include/require in a string.

the main reason for this change was some concerns i was having about navigation and security which led me to read the paper written at phpsec.org on the dispatch method of coding/navigation.

I pretty much use this method exclusively now. so the landing page has virtually no html on it - all php pointing to external libraries and functions. these functions compile the page on the fly. where there is static html that i want to bring in (like headers and footers) then i either use the output buffer to bring in the content via a string or more usually, I create a template file with the static content in it and a single tag for the dynamic content. eg:

<html>
 <head>
  <title>sometitle</title>
 </head>
 <body>
  <div id="header">
   somecontent
  </div>
   
   <?php echo $maincontent;?>

  <div id="footer"> 
   some content
  </div>
 </body>
</html>

by the time this file is "included()" i have populated the string $maincontent with all necessary data (so it is parsed into the template) and can guarantee that no html at all has hit the browser.

in this structure, you have
* excellent control of the navigation paradigm,
* good security from spoofed page calls (as all files other than the main landing page are kept outside the webroot or in an htaccess protected folder);
* a good paradigm for keeping code and content separate;
* a naturally facile way of logging use
* a friendly url schema (for SEO you can use mod-rewrite if needed).