Your LOGIN PAGE contains the problem. It’s NOT the checking to see if anyone is logged in at the beginning. It’s the Menu Generation later on in tje included page of phpAuth_inc.php. This include page also has an ob_start function.
Unfortunately if you removed the ob_start() (and the checking for logged in) at the beginning of the login page, I think you made the problem worse.
I don’t use the output buffering, I try to make sure I have sent all my headers stuff first, but I suspect by removing the ob_start on the login page and then leaving the ob_start on the included page, you have created a different issue.
My logic would be that (as it was before you changed it)
- output buffering enabled/started
- Function checks for login and redirects if user is logged in to login area.
- otherwise login page shown.
- Login page “includes” login menu from phpAuth_inc.php
- phpAuth_inc.php contains ANOTHER ob_start. This ob_start FLUSHES the first ob_start releasing the html already in the buffer. Now no more header info can be sent.
- ob_start in phpAuth_inc.php would seem to indicate that more header information needs be sent. – ERROR!
Now that you have changed it, you get part of the login page (sent as HTML) and then you “Include” phpAuth_inc.php which has an ob_start which would seem to indicate that more header information needs be sent. – ERROR!
I would put your login check BACK in the login page.
Remove the ob_start in phpAuth_inc.php
As a final note, I would actually recommend that you put ALL your session stuff (cookies, login checks, etc), in an included sessions file at the beginning of your page and not nested in to some other page. Then based on some variables set in the session (which are accessible to the other pages) you could then make logic decisions.