SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Member
    Join Date
    Feb 2007
    Location
    UK
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Would someone explain this error message to me and suggest how I might solve it?

    I have created a register and login script that uses cookies. The registeration script works perfectly, but everytime I test the login these errors appear on the screen.

    Warning: Cannot modify header information - headers already sent by (output started at /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php:7) in /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php on line 102

    Warning: Cannot modify header information - headers already sent by (output started at /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php:7) in /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php on line 103

    Warning: Cannot modify header information - headers already sent by (output started at /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php:7) in /home/.yankee/cynical/cynicalmatrix.com/webquest/index.php on line 106


    What does this means, and how do I go about solving it?

    Here's the PHP script that's producing the error:

    PHP Code:
    <?php

    // Connects to your Database 
    include 'db.inc.php';


    //Checks if there is a login cookie

    if(isset($_COOKIE['ID_my_site']))


    //if there is, it logs you in and directes you to the intro page

        
    $username $_COOKIE['ID_my_site']; 
        
    $pass $_COOKIE['Key_my_site'];
        
        
    $check mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

        while(
    $info mysql_fetch_array$check ))     
            {

            if (
    $pass != $info['password']) 
                {
                
                }

            else
                {
                
    header("Location: intro.php");

                }

            }

    }


    //if the login form is submitted

    if (isset($_POST['submit'])) { // if form has been submitted


    // makes sure they filled it in

        
    if(!$_POST['username'] | !$_POST['pass']) {
            die(
    'You did not fill in a required field.');
        }

        
    // checks it against the database

        
    if (!get_magic_quotes_gpc()) {
            
    $_POST['email'] = addslashes($_POST['email']);
        }

        
    $check mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user doesn't exist

    $check2 mysql_num_rows($check);
    if (
    $check2 == 0) {
            die(
    'That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
                    }


    while(
    $info mysql_fetch_array$check ))     
    {

    $_POST['pass'] = stripslashes($_POST['pass']);
        
    $info['password'] = stripslashes($info['password']);
        
    $_POST['pass'] = md5($_POST['pass']);

    //gives error if the password is wrong

        
    if ($_POST['pass'] != $info['password']) {
            die(
    'Incorrect password, please try again.');
        }

    else
    {
    // if login is ok then we add a cookie 
        
    $_POST['username'] = stripslashes($_POST['username']);
        

    $hour time() + 3600
    setcookie(ID_my_site$_POST['username'], $hour);
    setcookie(Key_my_site$_POST['pass'], $hour);    

    //then redirect them to intro page
    header("Location: intro.php");
    }

    }

    } else {    

    // if they are not logged in
    ?>

    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1>Login</h1></td></tr>
    <tr><td>Username:</td><td>
    <input type="text" name="username" maxlength="40">
    </td></tr>
    <tr><td>Password:</td><td>
    <input type="password" name="pass" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <?php
    }
    ?>
    Meep.
    Cynical Matrix - dumping ground for a self-confessed geek

  2. #2
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The header() function will not work if there has been any output to the page unless you
    a) write ob_start() at the top of your script
    b) restructure the script so that header() occurs before anything is output
    Studiotime - Time Management for Web Developers
    to-do's, messages, invoicing, reporting - 30 day free trial!
    Thomas Multimedia Web Development

  3. #3
    SitePoint Evangelist pompopom's Avatar
    Join Date
    Feb 2004
    Location
    Huldenberg (Belgium)
    Posts
    426
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    be carefull not to put any white spaces before

    <?php

    on the first line of your code, as those whitespaces are output also.

    I usually put my complete webpage output in a variable
    and do an echo of that variable at the end of my code

    greetz,
    koen
    The Path of excess leeds to the tower of wisdom (W. Blake)

  4. #4
    SitePoint Member
    Join Date
    Feb 2007
    Location
    UK
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Good news - I've got it working. Thanks for your help. I see where I was going wrong.

    Bad news - I have only one little niggly problem which may be easily solved.

    When you log in, the page doesn't automatically go straight to the intro.php page like it's supposed to. In fact, you have to refresh the page a couple of times before it does this, but after that it works the way it's supposed to.

    The pages are found here: http://www.cynicalmatrix.com/webquest/

    If you register for an account and try to login in with it, you'll see what I mean. Don't worry. I'll be clearing the database before this goes live.

    Any suggestions as how I could solve this? I really need the page to go straight to intro.php immediately after login. I don't want people to have to refresh the page.

    Here's the revised code that I'm using on the page:

    PHP Code:
    <?php
    // Designed and coded by G. Morris 2007

    ob_start();

    include 
    'db.inc.php';

    //Checks if there is a login cookie

    if(isset($_COOKIE['ID_my_site']))
    //if there is, it logs you in and directes you to the intro page
    {
    $username $_COOKIE['ID_my_site'];
    $pass $_COOKIE['Key_my_site'];

    $check mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());

    while(
    $info mysql_fetch_array$check ))
    {

    if (
    $pass != $info['password'])
    {

    }

    else
    {
    header("Location: intro.php");

    }

    }

    }


    //if the login form is submitted

    if (isset($_POST['submit'])) { // if form has been submitted


    // makes sure they filled it in

    if(!$_POST['username'] | !$_POST['pass']) {
    die(
    '<div id=index content align=center><p><img src=images/logo.gif alt=Newcastle College logo width=125 height=69 /></p><p>You did not fill in a required field.</p></div>');
    }

    // checks it against the database

    if (!get_magic_quotes_gpc()) {
    $_POST['email'] = addslashes($_POST['email']);
    }

    $check mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

    //Gives error if user doesn't exist

    $check2 mysql_num_rows($check);
    if (
    $check2 == 0) {
    die(
    '<div id=index content align=center><p><img src=images/logo.gif alt=Newcastle College logo width=125 height=69 /></p><p>That user does not exist in our database. <a href=register.php>Click Here to Register</a></p></div>');
    }


    while(
    $info mysql_fetch_array$check ))
    {

    $_POST['pass'] = stripslashes($_POST['pass']);
    $info['password'] = stripslashes($info['password']);
    $_POST['pass'] = md5($_POST['pass']);

    //gives error if the password is wrong

    if ($_POST['pass'] != $info['password']) {
    die(
    '<div id=index content align=center><p><img src=images/logo.gif alt=Newcastle College logo width=125 height=69 /></p><p>Incorrect password, please try again.</p></div>');
    } else {
    // if login is ok then we add a cookie
    $_POST['username'] = stripslashes($_POST['username']);
    $hour time() + 3600;
    setcookie(ID_my_site$_POST['username'], $hour);
    setcookie(Key_my_site$_POST['pass'], $hour);
    }
    }

    } else {

    // if they are not logged in
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
    <head>
    <title>Web Quest :: Login</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <link rel="stylesheet" href="style.css" type="text/css" />
    </head>

    <body>
    <!-- Page Layout -->
    <div id="index content" align="center"><p><img src="images/logo.gif" alt="Newcastle College logo" width="125" height="69" /></p>
    <h1>Welcome to the Art & Design Web Quest!</h1>
    <p>Make your way around the coloured zones and complete the tasks to gather letters. Crack the code in the Final Zone to enter into our draw prize draw!</p>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr><td colspan=2><h1>Login</h1></td></tr>
    <tr><td>Username:</td><td>
    <input type="text" name="username" maxlength="40">
    </td></tr>
    <tr><td>Password:</td><td>
    <input type="password" name="pass" maxlength="50">
    </td></tr>
    <tr><td colspan="2" align="right">
    <input type="submit" name="submit" value="Login">
    </td></tr>
    </table>
    </form>
    <p>If you have never played before, you need to create a new account in order to save the letters that you have gathered. <a href="register.php">Click here</a> to go to the Register page.</p></div>
    <?php
        
    }
    ?>
    </body>
    </html>

    <?php ob_end_flush(); ?>
    Meep.
    Cynical Matrix - dumping ground for a self-confessed geek

  5. #5
    SitePoint Wizard wheeler's Avatar
    Join Date
    Mar 2006
    Location
    Gold Coast, Australia
    Posts
    1,369
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    your coding is not really structured logically, but that doesn't explain why header doesn't work - make sure there is absolutely no output before ob_start() is used, like other include files... I recommend you read this post regarding cookie security before going any further.

    here is a suggested format for what you are trying to achieve.
    PHP Code:
    ob_start();

    include 
    'db.inc.php';

    //Checks if there is a login cookie

    if(isset($_COOKIE['ID_my_site']))
    //if there is, it logs you in and directes you to the intro page
    {
      
    $username mysql_real_escape_string($_COOKIE['ID_my_site']);
      
    $pass mysql_real_escape_string($_COOKIE['Key_my_site']);

      
    $check mysql_result(mysql_query("SELECT COUNT(id) FROM users WHERE username = '$username' AND password = '$pass'"),0);

      if (
    $check == 1)
      {
        
    header("Location: intro.php");
      } else {
        echo 
    'an error';
      }


    Studiotime - Time Management for Web Developers
    to-do's, messages, invoicing, reporting - 30 day free trial!
    Thomas Multimedia Web Development

  6. #6
    SitePoint Member
    Join Date
    Feb 2007
    Location
    UK
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I read through the article and went back and had a look over my code. I ende dup restructuring the code further and including an authenticate page - just something with the main login script on and a little message saying "log in sucess!" on it (if sucessful obviously). It now seems to work perfectly, including detecting missing/incorrect passwords and unrecognosed users. I'll get someone to alpha test it for me later.

    I iz happy!

    Thanks very much for your help. You've been wonderfully patient.
    Meep.
    Cynical Matrix - dumping ground for a self-confessed geek


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •