Session header redirection not working

Question

hello I'm doing small loging form when user make wrong user name or password it redirect to login page but in my script header function is not working

this is loging.php page

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" 
                    "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
  <script src="http://code.jquery.com/jquery-latest.js"></script>
  <script type="text/javascript" src="http://jzaefferer.github.com/jquery-validation/jquery.validate.js"></script>
<style type="text/css">
* { font-family: Verdana; font-size: 96%; }
label { width: 10em; float: left; }
label.error { float: none; color: red; padding-left: .5em; vertical-align: top; }
p { clear: both; }
.submit { margin-left: 12em; }
em { font-weight: bold; padding-right: 1em; vertical-align: top; }
</style>
  <script>
  $(document).ready(function(){
    $("#commentForm").validate();
  });
  </script>

</head>
<body>


 <form class="cmxform" enctype="multipart/form-data" id="commentForm" method="post" action="buy.php">
 <fieldset>
   <legend>A simple comment form with submit validation and default messages</legend>
   <p>
     <label for="cname">Name</label>
     <em>*</em><input id="name" name="name" size="25" class="required" minlength="2" />
   </p>
   <p>
     <label for="cemail">Password</label>
     <em>*</em><input id="password" type="password" name="password" size="25"  class="required" />
   </p>
   <p>&nbsp;</p>
  <p>&nbsp;</p>
   <p>
     <input class="submit" type="submit" value="login"/>
   </p>
 </fieldset>
 </form>
</body>
</html>

this is buy.php page after log it goes to this page

<?php
session_start();

$Name = $_POST['name'];
$Pass = $_POST['password'];

//STEP 1 Connect To Database
$host= "localhost";
$dbname= "register";
$user = "root";
$pass = "";

try {  
  # MySQL with PDO_MYSQL  
  $DBH = new PDO("mysql:host=$host;dbname=$dbname", $user, $pass);  
  //$DBH->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION ); 
  $STH = $DBH->query("SELECT username, password from tbl_users");
  $STH->execute();

  //STEP 2 Declare Variables

$Query = $DBH->query("SELECT * FROM tbl_users WHERE username='$Name' AND password='$Pass'");
$Query->execute();
$Query->setFetchMode(PDO::FETCH_NUM); 

$NumRows = $Query->fetch();
$_SESSION['name'] = $Name;
$_SESSION['password'] = $Pass;

//STEP 3 Check to See If User Entered All Of The Information

if(empty($_SESSION['name']) || empty($_SESSION['password']))
{
die("could not connect");
}

if($Name && $Pass == "")
{
die("Please enter  a name and password!");
}

if($Name == "")
{
die("Please enter your name!" . "</br>");
}

if($Pass == "")
{
die("Please enter a password!");
echo "</br>";
}

//STEP 4 Check Username And Password With The MySQL Database

if($NumRows != 0)
{

$STH->setFetchMode(PDO::FETCH_ASSOC); 
while($Row = $STH->fetch())
{
$dname = $Row['username'];
$dpass = $Row['password'];

}

}
else
{
die("Incorrect Username or Password!");

 if( $_SESSION['name']!= $dname || $_SESSION['password'] != $dpass) 
 {
    header("location: login.php");
  } 
  else 
  {
     header("location: http://www.google.com");
  }

}

if($Name == $dname && $Pass == $dpass)
{
// If The User Makes It Here Then That Means He Logged In Successfully
echo "Hello " . $Name . "!";
}
}  

catch(PDOException $e) {  
    echo "I'm sorry, Dave. I'm afraid I can't do that.";  
    $e->getMessage(); 
} 
?>
<html>
<body>
<p>Here is where you can put information for the user to see when he logs on. (Anything inside these html tags!)</p>
</body>
</html>

check for any space before <?php tag, if it is there remove it — Prasanth Bendra
– Prasanth Bendra, Commented Feb 20, 2013 at 13:12
call exit; after your header function. Also make sure your errors are on for better idea. — Rikesh
– Rikesh, Commented Feb 20, 2013 at 13:14
The header name is case sensitive. Should be "Location". Do you get any PHP errors? — marekful
– marekful, Commented Feb 20, 2013 at 13:14
there is no spaces may i know is there any error on session variable checking ? — Fathima Atheeka
– Fathima Atheeka, Commented Feb 20, 2013 at 13:15

Community · Accepted Answer · 2020-06-20 09:12:55Z

1

When you use:

die("Incorrect Username or Password!");

It will output the text: Incorrect Username or Password! and when using headers you mustn't output anything before calling it.

From the doc:

Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include, or require, functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.

EDIT

Actually die is equivalient to exit so the rest of the script will not run once you hit that line. So the call to header() will never made.

edited Jun 20, 2020 at 9:12

CommunityBot

11 silver badge

answered Feb 20, 2013 at 13:15

Daniel Figueroa

10.7k5 gold badges49 silver badges68 bronze badges

Sign up to request clarification or add additional context in comments.

4 Comments

marekful Over a year ago

I noticed this too, but probably he's just using die() to debug. Anyway, NOTHING after die will be executed!

Fathima Atheeka Over a year ago

wow superb Daniel u helped me it works now thank you so much ur wonderful help

Daniel Figueroa Over a year ago

@MarcellFülöp I was just adding that at the same time as you commented :)

عثمان غني Over a year ago

@FathimaAtheeka plz mark this as answer by clicking tick sign below vote on left side

Prasanth Bendra · Accepted Answer · 2013-02-20 13:17:30Z

0

check for any space before <?php tag, if it is there remove it

Change :

if($Name && $Pass == "")

to :

if($Name=="" && $Pass == "")

answered Feb 20, 2013 at 13:17

Prasanth Bendra

33.2k9 gold badges56 silver badges74 bronze badges

Comments

Ahmad Hussein · Accepted Answer · 2013-02-20 13:17:48Z

0

You can't output anything before using the header, it will produce header already sent error. When the user enters wrong username or password, redirect with a flag in the url like ?error=true, and trigger a javascript code that shows an error message that the login was invalid.

answered Feb 20, 2013 at 13:17

Ahmad Hussein

11 bronze badge

Comments

rasvi · Accepted Answer · 2013-02-20 13:22:54Z

0

die("Incorrect Username or Password!"); It will output the text: Incorrect Username or Password! and when using headers you mustn't output anything before calling it. because when you use header always remember to not use before header function

answered Feb 20, 2013 at 13:22

rasvi

196 bronze badges

Comments

Kerem · Accepted Answer · 2013-02-20 13:25:11Z

0

Out of topic, you need to change this line. Because it seems you are getting these variables from post directly and this is not secure.

// wrong
$Query = $DBH->query("SELECT * FROM tbl_users 
    WHERE username='$Name' AND password='$Pass'");
$Query->execute();

// true
$Query = $DBH->query("SELECT * FROM tbl_users 
    WHERE username = :username AND password = :password");
$Query->execute(array(':username' => $Name, ':password' => $Pass));

See for more details here: http://php.net/manual/en/pdostatement.execute.php

answered Feb 20, 2013 at 13:25

Kerem

11.6k5 gold badges61 silver badges58 bronze badges

1 Comment

Fathima Atheeka Over a year ago

Call to a member function execute() on a non-object

Collectives™ on Stack Overflow

Session header redirection not working

5 Answers 5

4 Comments

Comments

Comments

Comments

1 Comment

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

5 Answers 5

4 Comments

Comments

Comments

Comments

1 Comment

Your Answer

Sign up or log in

Post as a guest

Related