Warning: Cannot modify header information - headers already sent by ERROR

I've been struggling with this error for a while now.

To start with, I just thought it was white space, but after further research I think it might be a problem similar to this:

> Look for any statements that could send output to the user before this header statement. If you find one or more, change your code to move the header statement before them. Complex conditional statements may complicate the issue, but they may also help solve the problem. Consider a conditional expression at the top of the PHP script that determines the header value as early as possible and sets it there.

I'm guessing the include header is causing the problem along with the header(), but I'm not sure how to rearrange the code to get rid of this error.

How do I remove the error?

<?php
    $username = $password = $token = $fName = "";

    include_once 'header.php';

    if (isset($_POST['username']) && isset($_POST['password']))
        $username = sanitizeString($_POST['username']);

    $password = sanitizeString($_POST['password']); //Set temporary username and password variables
    $token    = md5("$password"); //Encrypt temporary password

    if ($username != 'admin')
    {
        header("Location:summary.php");
    }
    elseif($username == 'admin')
    {
        header("Location:admin.php");
    }
    elseif($username == '')
    {
        header("Location:index.php");
    }
    else
        die ("<body><div class='container'><p class='error'>Invalid username or password.</p></div></body>");

    if ($username == "" || $token == "")
    {
        echo "<body><div class='container'><p class='error'>Please enter your username and password</p></div></body>";
    }
    else
    {
        $query = "SELECT * FROM members WHERE username='$username'AND password = '$token'"; //Look in table for username entered
        $result = mysql_query($query);
        if (!$result)
            die ("Database access failed: " . mysql_error());
        elseif (mysql_num_rows($result) > 0)
        {
            $row = mysql_fetch_row($result);
            $_SESSION['username'] = $username; //Set session variables
            $_SESSION['password'] = $token;

            $fName = $row[0];
        }
    }
?>

The long-term answer is that all output from your PHP scripts should be buffered in variables. This includes headers and body output. Then at the end of your scripts do any output you need.

The very quick fix for your problem will be to add

ob_start();

as the very first thing in your script, if you only need it in this one script. If you need it in all your scripts add it as the very first thing in your header.php file.

This turns on PHP's output buffering feature. In PHP when you output something (do an echo or print) it has to send the HTTP headers at that time. If you turn on output buffering you can output in the script but PHP doesn't have to send the headers until the buffer is flushed. If you turn it on and don't turn it off PHP will automatically flush everything in the buffer after the script finishes running. There really is no harm in just turning it on in almost all cases and could give you a small performance increase under some configurations.

If you have access to change your php.ini configuration file you can find and change or add the following

output_buffering = On

This will turn output buffering out without the need to call ob_start().

To find out more about output buffering check out http://php.net/manual/en/book.outcontrol.php

Check something with echo, print() or printr() in the include file, header.php.

It might be that this is the problem OR if any MVC file, then check the number of spaces after ?>. This could also make a problem.

There are some problems with your header() calls, one of which might be causing problems

• You should put an exit() after each of the header("Location: calls otherwise code execution will continue
• You should have a space after the : so it reads "Location: http://foo"
• It's not valid to use a relative URL in a Location header, you should form an absolute URL like http://www.mysite.com/some/path.php

You are trying to send headers information after outputing content.

If you want to do this, look for output buffering.

Therefore, look to use ob_start();