Can I use the header after echoing a statement?

PHP
1

Hey guys!

Can I use the header function after doing an echo statement? I noticed that if I added the header function after the echo statement, it won’t show the echo statement… I have tried the following and it will straight away go into my header:


if($resultCheck > 0) {
	while ($row = mysqli_fetch_assoc($result)) {
		$token1 = $row['token1'];
		$token2 = $row['token2'];
		if ($token1 == $token2) {
           $sql = "UPDATE users
	        SET user_activate = '1', token1='', token2=''";
            mysqli_query($conn, $sql);
            echo 'You have successfully activated your account';
            header('Location: login.php');

		} else {
			echo 'Please make sure that you received the correct token';
			
		}
2

No. You will get an error message for using header() after any output.

1 Like
3

Try this and see if it works :slight_smile:

<?php 
  header( "refresh:5;url=wherever.php" ); 
  echo 'You\'ll be redirected in about 5 secs. If not, click <a href="wherever.php">here</a>.';

http://php.net/manual/en/function.header.php

4

Display the message on the login page. Add a Get name to the URL and check for that on the login page to display the message.

login.php?activated

5

Thanks… It is now working but I am having another problem… I am trying to check to see if the username that they are supplying is matching the username in their database and have added the following codes:


?php

include_once 'dbh.php';

$token2 = $_POST['token2'];

$sql = "UPDATE users
        SET token2='$token2'";
mysqli_query($conn, $sql);

$sql = "SELECT * FROM users WHERE user_uid='".$_POST['userid']."'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);

if($resultCheck > 0) {
	while ($row = mysqli_fetch_assoc($result)) {
		$token1 = $row['token1'];
		$token2 = $row['token2'];
		$userid = $row['user_uid'];

		if ($token1 == $token2 && $_POST['userid'] == $userid) {
           $sql = "UPDATE users
	        SET user_activate = '1', token1='', token2=''";
            mysqli_query($conn, $sql);
           
           header("refresh:5;url=login.php"); 
            echo 'You have successfully activated your account and will be directed to the login screen in 5 seconds... <a href="login.php">here</a>.';


           

		} else {
			echo 'Credentials do not match';
		}
		
	}
}

I am not getting any errors but I think this line of code is not working

if ($token1 == $token2 && $_POST[‘userid’] == $userid)

1 Like
6

For the initial activation there’s no need to mess with a user ID, I am assuming that is a username and not the actual ID number. The token should be a unique ID in the database. You just need to match that.

Edit* You need to kill the script after your redirect or the script will keep running.

7

There’s some redundant code there. Look at your query:

$sql = "SELECT * FROM users WHERE user_uid='".$_POST['userid']."'";

which will only return rows where the user_uid column matches the $_POST variable. Your comparison line, though:

if ($token1 == $token2 && $_POST['userid'] == $userid) {

checks again whether the user id matches. It will, always, because of the condition in your query.

I think you should really be checking for user id matching, and user_activate not already being set to 1. I also think your method of checking whether the tokens match is a bit clunky, though you might have a reason for doing it that way. As, on a successful activation, you just clear those tokens, why not just run the query and check if $token1 is the same as the $_POST variable?

1 Like
8

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.