when trying to log-in at this site (user:polopolo,pass:samara) the result is a blank page. I know that the problem is with the sending of headers and the ouput_buffering in the php.ini file. I had the same problem on another host but the problem was fixed when I changed output_buffering= On. It doesn't work on the current host and I wonder why? Any suggestions?
-the phpinfo of the current site.
Edit: Problem solved. I reverse-engineered the code and found some additional spaces after the php closing tag, before the sending of the headers. The code wasn't written by me and I instinctively ignored this option as the whole system worked already on another server. But my colleague did some changes I was unaware of...The lesson learned: teamwork is important and don't let anybody do the thinking for you. Still it is a mystery to me how come after trying everything to display errors and especially the "Cannot modify headers" they didn't display properly. I did everything you advised me to do- display errors, log them and so on...anyway thanks.
Presumably, the page you hit immediately after logging in does a redirect.
Doing a redirect requires outputting an HTTP header with the response. The problem is, if PHP has already begun outputting the body of the document, it cannot then output a header because they headers ended when the body started.
Output buffering prevents PHP from outputting any part of the body of the document until the output buffer is flushed (or PHP exits). This allows you to output headers at any time.
Now, if turning output buffering on fixed the problem on own site/server, but not on another, that's a clear indication that it isn't actually the same problem - you are encountering a different problem.
You should be logging PHP errors, so check your PHP error log. If (and only if) you are viewing this on a restricted developers-only site (which you aren't), you may turn on display_errors in your PHP configuration, which will display errors on the page as it is rendered. This is generally considered an unsafe setting on publicly accessible servers, because of the potential for attackers to try and cause an error for which the error message reveals some private information.