16

I have a header.php file, which includes all important info, as well has the banner of the page. This header.php is included on every page.

I have it checking the session value to make sure user is allowed to be at a certain page. If user is not allowed to be there, I kick them back to login page

This is where the error comes up though. This is what I have:

include_once ("header.php");
                
if ($_SESSION['uid']!='programmer')
{                        
header('Location: index.php');
echo 'you cannot be here';
exit;
}

The index that it is redirecting to also has the header. So is having these multiple header references giving me this error?

Improve this question
5
  • 2
    What is in "header.php" file? Commented Nov 24, 2009 at 22:49
  • banner, config include to connect me to db, and some jquery. Very important file. Commented Nov 24, 2009 at 23:13
  • 1
    Why's it called 'header.php' then? Why not 'init.php' or something? Commented Nov 24, 2009 at 23:28
  • I always learned to include the redundant stuff into the header file, and include that into all pages. This header file doesn't contain the session stuff, that is included though. This has never been a problem before though. Commented Nov 24, 2009 at 23:53
  • ~~~~~~~~~~ Your file ENCODING should not be UTF-8, but UTF-8 (Without BOM)~~~~~~~~~~~ Commented Sep 19, 2014 at 8:01

5 Answers 5

Reset to default
36

You cannot use header() once text has been output to the browser. As your header.php include presumably outputs HTML, header() cannot be used.

You can solve this in a couple ways:

  • Move the if statement above the header include (this won't work, as you've indicated in comments that header.php sets the uid session and other vital stuff).
  • Call ob_start() at the top of the script to buffer the output.
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Also note that unless you're buffering output, this error can be encountered by having even a single blank line (or space?) before the starting php tag, because even whitespace counts as output for the purposes of determining whether you can send headers.
alright, so I added the include header AFTER the if statement, and that got rid of the error, however, now when I log in properly, I get redirected to the index.php no matter what.. why is that? URL: nait.jtlnet.com/~fpkj5v0r/index.php User: programmer Password: prog123 -this is now my code: <? if ($_SESSION['uid']!='programmer') { header('Location: index.php'); echo 'you cannot be here'; exit; } include_once ("header.php"); ?>
And ya, thanks for the heads up Dathan, I read about the white space bug, and it doesn't appear to be that. I wish it were that easy!
Is header.php responsible for the logic that authenticates the user and assigns the $_SESSION["uid"] value? If so, then your if statement is always interrogating the value of uid before it's set.
6

If the header.php file "has the banner", then it is presumably outputting some HTML content to the page.

You can't issue HTTP headers after you have outputted content.

Improve this answer

Comments

6

You cannot send any headers after sending any other content. A very likely culprit is extra whitespace after your closing ?> tag in your header.php. It's generally a good practice to omit the closing tag entirely in any script-only php files.

Your error should tell you exactly what line (and what file) is sending the output.

Improve this answer

Comments

2

I ran into a similar error (also seemingly out of nowhere) with respect to a Redirect function which used to be as follows: 

function Redirect($url) {
        flush(); // Flush the buffer
        header("Location: $url"); // Rewrite the header
        die;
    }

Apparently, you also need to add ob_flush(); to fully flush out the old header. The new function is:

function Redirect($url) {
        flush(); // Flush the buffer
        ob_flush();
        header("Location: $url"); // Rewrite the header
        die;
    }

Hope this helps someone else having this problem!

Improve this answer

1 Comment

I don't see how this would work unless ob_start() was used... which you did not indicate in your code. According to PHP: flush() attempts to push current output all the way to the browser with a few caveats. Once the content data is sent to the browser there is no way to go back and edit the headers. php.net/manual/en/function.flush.php
1

Alright, so it's fixed...... not sure how though, maybe somebody can explain why this works all of a sudden.

This is my code:

include_once ("header.php");

if ($_SESSION['uid']!='programmer') {  
    if(isset($_SESSION['uid'])) {
        echo $_SESSION['uid'];
    }                           

    header('Location: index.php');
    exit;
}

Let me repeat, it all works now! PHP... why do you work now?

Improve this answer

2 Comments

That won't work is $_SESSION['uid'] is set. Then the echo will happen before the call to header, which is a bad thing! So unless you're switching on output buffering in header.php this will only work when $_SESSION['kid'] is not set.
@PeterBagnall is correct, the logic there is flawed; first, you are checking the value $_SESSION['uid'] when you believe there's a possibility it might not be set, and THEN you check if it is set... if(isset($_SESSION['uid'])) { should go in the first if statement instead. second: the reason it might work is if $_SESSION['uid'] = NULL; therefore no data gets sent to the browser.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.