1

I am trying to redirect a login page using PHP to the profile.php page. I have tested that the code pulls out the information form the database using the sessions. Everything works fine up until the final If statement. It isn't giving me any errors but it comes back blank and doesn't move away from the login.php file( where the script is running).

session_start();
//print_r($_POST);

if(isset($_POST['email'], $_POST['password'])){
    require 'php_includes/db_connect.php';

    $query = $dtb->prepare("SELECT * FROM users WHERE email=:email AND password=:password");
    //$query->bindParam('ss', $_POST['email'], $_POST['password']);
    $query->bindParam(':email', $_POST['email'],PDO::PARAM_STR);
    $query->bindParam(':password', $_POST['password'],PDO::PARAM_STR);
    $query->execute();
    //die('Connection error, because: '.$query->errorInfo());

    //echo 'hi';

    //$query->close();
    if($row = $query->fetch()){
        echo 'hi';
        $_SESSION['email'] = $row['email'];
        header("location: profile.php");
    }
}
random_user_name
  • 25,694
  • 7
  • 76
  • 115
user3080734
  • 93
  • 9
  • You say you have tested that the code loads the information from the database. Did the echo after the ->execute() show on the page. What are you error reporting settings? – Dan Apr 11 '14 at 22:28

2 Answers2

7

Remove the echo. There must be no output before a header redirect.

This includes any type of accidental white space so whenever you include another file before the redirect you have to be sure there was no output before calling the redirect.

Usual approach:

Most coding frameworks will use the ob_* functions -- meaning they will capture all outputs to the browser into a buffer and they will decide if/when the output should be sent.

With an output buffering solution in place on the entire application (such as the init/bootstrap file) it becomes much easier to ensure that cookies, sessions and header redirects occur correctly because you control the exact point in the application where the output is sent.

Small & hard to find issues:

Because of this files which do not output anything such as files containing only function definitions or class files should not end with a ?> because a white space after the ?> is considered output.

Files must also all be saved in the same format such as ASCII or UTF-8 with BOM or UTF-8 without BOM otherwise, the differences between formats might be misinterpreted as outputs (usually 1-2 characters of output) very hard to find indeed.

Debuging:

Set your error_reporting() to E_ALL and ini_set('display_errors', true). This will echo various notices an warnings that you might not otherwise see. One of those warnings will be something like "headers already sent" mentioning a particular file/line where the first output occurred.

If the file/line of output looks familiar then you can remove that output. If you can't find the place the first output occurred you may have one of the "small & hard to find issues".

Mihai Stancu
  • 15,848
  • 2
  • 33
  • 51
  • I had the echo statement in there to try and see where the code stopped working. Sorry I should have taken this out before I put it up. It still isn't working after I have removed this. – user3080734 Apr 11 '14 at 22:25
  • @user3080734 did you get it working or at least find something with the `error_reporting`? – Mihai Stancu Apr 11 '14 at 23:05
  • @user3080734 So what notices/warnings do you see after activating error_reporting ? – Mihai Stancu Apr 12 '14 at 09:10
2

Along with removing the echo 'hi'; and whitespace as Mihai Stancu stated

it's recommended to put an exit(); after a header location, like this:

if($row = $query->fetch()){
    $_SESSION['email'] = $row['email'];
    header("location: profile.php");
    exit();
}

Just using header() does not mean the code stops executing. Whenever using header() to redirect you need to explicitly call exit() to stop execution of the script.

Arian Faurtosh
  • 17,987
  • 21
  • 77
  • 115
  • @user3080734 you probably have white space.... Go to your browser and do a view source, and see if there are any white spaces in there – Arian Faurtosh Apr 11 '14 at 22:29
  • 1
    Exiting will not help the redirect go through it will just help you identify pages where a redirect should have occurred. – Mihai Stancu Apr 11 '14 at 22:29
  • @MihaiStancu I've experienced times where my redirect didn't go through... http://stackoverflow.com/questions/22462924/behavior-of-header-in-if-statement and http://stackoverflow.com/questions/2747791/why-i-have-to-call-exit-after-redirection-through-headerlocation-in-php – Arian Faurtosh Apr 11 '14 at 22:30
  • 2
    @Arian perhaps if you were setting up another header redirect before the end of the script. It is indeed useful to use `exit` but what I'm saying is that the app should not be doing other redirects before the end of script. – Mihai Stancu Apr 11 '14 at 22:34
  • @MihaiStancu ahhh okay, yes I agree! – Arian Faurtosh Apr 11 '14 at 23:03