Would someone explain this error message to me and suggest how I might solve it?

[acid_lee]

I have created a register and login script that uses cookies. The registeration script works perfectly, but everytime I test the login these errors appear on the screen.

Warning: Cannot modify header information - headers already sent by (output started at /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php:7) in /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php on line 102

Warning: Cannot modify header information - headers already sent by (output started at /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php:7) in /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php on line 103

Warning: Cannot modify header information - headers already sent by (output started at /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php:7) in /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php on line 106

What does this means, and how do I go about solving it?

Here's the PHP script that's producing the error:

PHP Code:

<?php

// Connects to your Database 
include 'db.inc.php';


//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))


//if there is, it logs you in and directes you to the intro page
{ 
    $username = $_COOKIE['ID_my_site']; 
    $pass = $_COOKIE['Key_my_site'];
    
    $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

    while($info = mysql_fetch_array( $check ))     
        {

        if ($pass != $info['password']) 
            {
            
            }

        else
            {
            header("Location: intro.php");

            }

        }

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

    if(!$_POST['username'] | !$_POST['pass']) {
        die('You did not fill in a required field.');
    }

    // checks it against the database

    if (!get_magic_quotes_gpc()) {
        $_POST['email'] = addslashes($_POST['email']);
    }

    $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user doesn't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
        die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
                }


while($info = mysql_fetch_array( $check ))     
{

$_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

    if ($_POST['pass'] != $info['password']) {
        die('Incorrect password, please try again.');
    }

else
{
// if login is ok then we add a cookie 
    
$_POST['username'] = stripslashes($_POST['username']);
    

$hour = time() + 3600; 
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);    

//then redirect them to intro page
header("Location: intro.php");
}

}

} else {    

// if they are not logged in
?>

<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>

[wheeler]

The header() function will not work if there has been any output to the page unless you
a) write ob_start() at the top of your script
b) restructure the script so that header() occurs before anything is output

[pompopom]

be carefull not to put any white spaces before

<?php

on the first line of your code, as those whitespaces are output also.

I usually put my complete webpage output in a variable
and do an echo of that variable at the end of my code

greetz,
koen

[acid_lee]

Good news - I've got it working. Thanks for your help. I see where I was going wrong.

Bad news - I have only one little niggly problem which may be easily solved.

When you log in, the page doesn't automatically go straight to the intro.php page like it's supposed to. In fact, you have to refresh the page a couple of times before it does this, but after that it works the way it's supposed to.

The pages are found here: http://www.cynicalmatrix.com/webquest/

If you register for an account and try to login in with it, you'll see what I mean. Don't worry. I'll be clearing the database before this goes live.

Any suggestions as how I could solve this? I really need the page to go straight to intro.php immediately after login. I don't want people to have to refresh the page.

Here's the revised code that I'm using on the page:

PHP Code:

<?php
// Designed and coded by G. Morris 2007

ob_start();

include 'db.inc.php';

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the intro page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];

$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

while($info = mysql_fetch_array( $check ))
{

if ($pass != $info['password'])
{

}

else
{
header("Location: intro.php");

}

}

}


//if the login form is submitted

if (isset($_POST['submit'])) { // if form has been submitted


// makes sure they filled it in

if(!$_POST['username'] | !$_POST['pass']) {
die('<div id=index content align=center><p><img src=images/logo.gif alt=Newcastle College logo width=125 height=69 /></p><p>You did not fill in a required field.</p></div>');
}

// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}

$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user doesn't exist

$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('<div id=index content align=center><p><img src=images/logo.gif alt=Newcastle College logo width=125 height=69 /></p><p>That user does not exist in our database. <a href=register.php>Click Here to Register</a></p></div>');
}


while($info = mysql_fetch_array( $check ))
{

$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong

if ($_POST['pass'] != $info['password']) {
die('<div id=index content align=center><p><img src=images/logo.gif alt=Newcastle College logo width=125 height=69 /></p><p>Incorrect password, please try again.</p></div>');
} else {
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
}
}

} else {

// if they are not logged in
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Web Quest :: Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" href="style.css" type="text/css" />
</head>

<body>
<!-- Page Layout -->
<div id="index content" align="center"><p><img src="images/logo.gif" alt="Newcastle College logo" width="125" height="69" /></p>
<h1>Welcome to the Art & Design Web Quest!</h1>
<p>Make your way around the coloured zones and complete the tasks to gather letters. Crack the code in the Final Zone to enter into our draw prize draw!</p>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<p>If you have never played before, you need to create a new account in order to save the letters that you have gathered. <a href="register.php">Click here</a> to go to the Register page.</p></div>
<?php
    }
?>
</body>
</html>

<?php ob_end_flush(); ?>

[wheeler]

your coding is not really structured logically, but that doesn't explain why header doesn't work - make sure there is absolutely no output before ob_start() is used, like other include files... I recommend you read this post regarding cookie security before going any further.

here is a suggested format for what you are trying to achieve.

PHP Code:

ob_start();

include 'db.inc.php';

//Checks if there is a login cookie

if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the intro page
{
  $username = mysql_real_escape_string($_COOKIE['ID_my_site']);
  $pass = mysql_real_escape_string($_COOKIE['Key_my_site']);

  $check = mysql_result(mysql_query("SELECT COUNT(id) FROM users WHERE username = '$username' AND password = '$pass'"),0);

  if ($check == 1)
  {
    header("Location: intro.php");
  } else {
    echo 'an error';
  }

} 


[acid_lee]

I read through the article and went back and had a look over my code. I ende dup restructuring the code further and including an authenticate page - just something with the main login script on and a little message saying "log in sucess!" on it (if sucessful obviously). It now seems to work perfectly, including detecting missing/incorrect passwords and unrecognosed users. I'll get someone to alpha test it for me later.

I iz happy!

Thanks very much for your help. You've been wonderfully patient.