This question already has an answer here:
I have a question... I've developed a php safe login page, now when I run a check to redirect the user with "<?php header('location: home.php'); ?>" It doesn't work while on the actual domain for whatever reason.
However I thought of this code
<?php
if (login_check($mysqli) == true) {
echo "<meta http-equiv='refresh' content='0;URL=home.php'>";
}
?>
Would that code be safe and functional? I am most concerned with the privacy one could exploit. It seems to work while I am on my local server, I have not uploaded it yet.
Is there another way that would be better than what I have currently?
</div>
I would look into why header() isn't working on your remote server.
The call is triggered within a condition block, maybe the condition is failing (login_check($mysqli) == true). Have you checked that?
Another common cause for issues with header() is when the application outputs non-header data before calling header(). When you start to output data from a PHP script, PHP will automatically flush the headers. This means you cannot output any data before calling header(), as the header data will have already been flushed (so basically make sure you're not using echo, print, etc before your header() call.).
See http://php.net/manual/en/function.header.php
Also, I've noticed that you're not killing the script after printing the meta refresh. I would kill the script after printing the meta refresh code to prevent any other content being served to the user. So perhaps:
if (login_check($mysqli) == true) {
echo "<meta http-equiv='refresh' content='0;URL=home.php'>";
die;
}