Page 1 of 1

Cookie() Header() problem

Posted: Thu Jan 13, 2005 10:45 pm
by crc
Hello,

First post here. I am having trouble with my member login page. I've thrown together some code that shows basically how I'm doing stuff. POST data is put through a couple data checks, and if the user gives good data the data is compared to my database.

What I am having problems with is this. If the POST data matches my database I want to set a cookie, and then redirect the user to the member home page.

When I try to set a cookie or use header() I get the output already started error. The thing is I can't figure out why I'm getting the error. Please look at my code and let me know if you see what I'm doing wrong. Thank you.

Code: Select all

<?php

if (isset($_POST&#1111;'submitted'])) &#123;
	$cv = count($HTTP_POST_VARS);
	if ($cv === 3) &#123;
		if ($_POST&#1111;'submitted'] === "true") &#123;
			$tampered = "false";
			if (!isset($_POST&#1111;'username'])) &#123;
				$tampered = "true";
			&#125;
			if (!isset($_POST&#1111;'password'])) &#123;
				$tampered = "true";
			&#125;
			if ($tampered === "false") &#123;
				$proceed = "true";
				$username = str_replace(" ", "", $_POST&#1111;'username']);
				$password = str_replace(" ", "", $_POST&#1111;'password']);
				if (empty($username)) &#123;
					$proceed = "false";
				&#125;
				if (empty($password)) &#123;
					$proceed = "false";
				&#125;
				if ((strlen($username) < 3) || (strlen($username) > 15)) &#123;
					$proceed = "false";
				&#125;
				if ((strlen($password) < 8) || (strlen($password) > 12)) &#123;
					$proceed = "false";
				&#125;
				if ($username === $password) &#123;
					$proceed = "false";
				&#125;
				$alphanum_c = "aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ0123456789";
				$unlen = strlen($username);
				$pwlen = strlen($password);
				for ($i=0; $i<$unlen; $i++) &#123;
					if (!strstr($alphanum_c, $username&#1111;$i])) &#123;
						$proceed = "false";
					&#125;
				&#125;
				for ($i=0; $i<$pwlen; $i++) &#123;
					$len = strlen($password);
					if (!strstr($alphanum_c, $password&#1111;$i])) &#123;
						$proceed = "false";
					&#125;
				&#125;
				if ($proceed === "true") &#123;
					$go = "true";
				&#125; else &#123;
					$go = "false";
				&#125;
			&#125;
		&#125;
	&#125;
&#125;

class db_ops &#123;
	function db_ops() &#123;
		$this->db_host = "localhost";
		$this->db_user = "user";
		$this->db_pw   = "password";
		$this->db_name = "dbname";
		$this->link = mysql_connect($this->db_host, $this->db_user, $this->db_pw);
	&#125;

	function connect() &#123;
		if (!$this->link) &#123; 
			print "<b>&#1111;-]</b> Could not connect to database server..<br>\n";
		&#125;
		if (!mysql_select_db($this->db_name)) &#123;
			print "<b>&#1111;-]</b> Could not select the $this->db_name database..<br>\n";
		&#125;
	&#125;

	function disconnect() &#123;
		if (!mysql_close($this->link)) &#123;
			print "<b>&#1111;-]</b> Could not disconnect from database, was connection made?<br>\n";
		&#125;
	&#125;

	function validate($username, $password) &#123;
		$this->query = mysql_query("SELECT password FROM members WHERE username = "$username"");
		$valid = mysql_fetch_array($this->query);
		if ((md5($password) == $valid&#1111;'0'])) &#123;

			/* THIS IS WHERE I'M HAVING PROBLEMS.. */

		&#125; else &#123;
			print "Credentials Failed Validation..<br>\n";
		&#125;
	&#125;
&#125;

?>
<html>
<head>
<title>Login</title>
</head>
<body>
<form method="post" action="/login.php">
<input type="textbox" name="username" size="20" maxlength="15">
<input type="password" name="password" size="20" maxlength="12">
<input type="hidden" name="submitted" value="true">
<input type="submit" value="Login">
</form>
<?php
if (isset($go)) &#123;
	if ($go === "true") &#123;
		$db_op = new db_ops();
		$db_op->connect();
		$db_op->validate($username, $password);
		$db_op->disconnect();
	&#125;
&#125;
?>
</body>
</html>

Posted: Thu Jan 13, 2005 11:06 pm
by feyd
I don't see where you set a cookie or call header anywhere in this code. :?

Posted: Thu Jan 13, 2005 11:23 pm
by rehfeld
looks like he had it in there but replaced it w/ this:

Code: Select all

/* THIS IS WHERE I'M HAVING PROBLEMS.. */

crc-

about the header problems:
viewtopic.php?t=1157


also, where you use a for() loop to make sure the username and password is only letters or numbers,
there is a function for that. ctype_alnum()

you also might wanna change this
$cv = count($HTTP_POST_VARS);
to this
$cv = count($_POST);

Posted: Thu Jan 13, 2005 11:27 pm
by feyd
:? serves me right, I guess, for not being able to read the stupid code "highlight".. I miss my php tags.. :(

The tutorial is the thing to read for sure.


for the quick answer, the html output before the function in the class is called is the culprit.

Posted: Fri Jan 14, 2005 12:03 am
by crc
Thank you both very much. I'm all set now :D

, crc

Posted: Fri Jan 14, 2005 2:00 am
by rehfeld
feyd wrote:I miss my php tags.. :(

then get on it and put your regex skills to work!

we all miss those tags too! :)