Error in my PHP code.

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
teksys
Forum Commoner
Posts: 34
Joined: Tue May 14, 2002 6:58 pm
Location: Denmark

Error in my PHP code.

Post by teksys »

Hello, i have a slight problem in my code, and i do not know how to resolve it. Can anyone help?

Warning: Cannot add header information - headers already sent by (output started at C:\www\Apache\htdocs\inc\functions.lib.php:869) in c:\www\apache\htdocs\login.php on line 30

Warning: Cannot add header information - headers already sent by (output started at C:\www\Apache\htdocs\inc\functions.lib.php:869) in c:\www\apache\htdocs\login.php on line 31

Warning: Cannot add header information - headers already sent by (output started at C:\www\Apache\htdocs\inc\functions.lib.php:869) in c:\www\apache\htdocs\login.php on line 32


That's what i get from login.php which looks like this:

Code: Select all

<?php

/* login.php - written by micke andersson (root@g33k.net/system33@hackermail.net)
   
   unavoidable information about this script...eeew.
*/

// requries.
require 'C:\www\Apache\htdocs\inc\global.inc';
require 'C:\www\Apache\htdocs\inc\counter.php';

// check if the user is already logged in.
//if(user($uid, $upass) == true) header("Location: $main_file.$PHP_ext");

if($login == "Submit")
&#123;
        // BEGIN simple error checkings.
        if(empty($username))&#123;tekerror("Please Enter a Username!");&#125;
        if(empty($pass))&#123;tekerror("Please Enter a Password!");&#125;
        // END simple error checkings.
	//db_connect();
	$query = mysql_query("select id,password from users where name = '$username' and password = password('$pass')");
        //$query = mysql_query("select id from users where id = $username and password = password('$pass')");
	if(mysql_num_rows($query) == 1)
	&#123;
                $lifetime = time() + 86400 * 356;
                setcookie("uid", mysql_result($query, 0, 0), $lifetime);
                setcookie("upass", mysql_result($query, 0, 1), $lifetime);
		header("Location: $main_file.$PHP_ext");
		exit;
	&#125;
	else
	&#123;
		$login = "";
		header("Location: $login_file.$PHP_ext");
	&#125;
&#125;

// let's load the initial form.
FrmLogin();

?>

and the function &#1111;b]FrmLogin();&#1111;/b] looks like this:

function FrmLogin() &#123;
?>
<br>
<b>DEVnet login prompt</b>
<br>
<body>
<form name="login" method="post">
<p>Username: <input type="text" name="username"></p>
<p>Passsword: <input type="password" name="pass">
<input type="submit" name="login" value="Submit">
</form>
</body>
<?
&#125;
Hope this post wasn't too big...anyway, please help me you gurus!
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

rats
Forum Newbie
Posts: 21
Joined: Fri May 31, 2002 5:55 am

Post by rats »

Yes SetCookies is a real fussy little bitch that is useless for anything that needs security.

Because you need to put the setcookie first it basically has to go at the top of the script. So anyone can come along pass a variable to your script and login.
User avatar
teksys
Forum Commoner
Posts: 34
Joined: Tue May 14, 2002 6:58 pm
Location: Denmark

aha

Post by teksys »

aha! so that is the problem. mmmm...would anyone know how to set cookies in a better way?
User avatar
mikeq
Forum Regular
Posts: 512
Joined: Fri May 03, 2002 3:33 am
Location: Edinburgh, Scotland

Post by mikeq »

Hi,

I doesn't need to go at the top of your script, it just needs to happen before any output is sent to the browser.

Mike
jason
Site Admin
Posts: 1767
Joined: Thu Apr 18, 2002 3:14 pm
Location: Montreal, CA
Contact:

Post by jason »

rats: That has nothing to do with cookies, and everything to do with not knowing how to code properly. It is very easy to use cookies and prevent what you describe.
User avatar
oz
Forum Newbie
Posts: 11
Joined: Sun May 26, 2002 7:15 am
Location: Michigan
Contact:

Post by oz »

Ok I'm confused..
Is this forum to help people or ridicule them? Or something else?
Oz
jacomac
Forum Newbie
Posts: 2
Joined: Tue Jun 04, 2002 10:24 am
Location: Stuttgart, Germany

Just in case you haven't soved the problem yet...

Post by jacomac »

Just in case you haven't soved the problem yet:
Mike from schottland was quite right: setcookie() and header() are functions that have to be called before any output ist generated. the typical mistake in this case is that you have a whitespace or carriage return character in your code (which you can anly see in a good editor). It is very likely that this mistake happened in functions.lib.php at line 869 (look a little closer).
User avatar
cwcollins
Forum Commoner
Posts: 79
Joined: Thu May 16, 2002 3:51 pm
Location: Milwaukee, WI, USA

Post by cwcollins »

i'm pretty sure you can get around this sort of problem by using output buffering. you still have to be careful, but it does add some flexibility.

c.w.collins
User avatar
Kriek
Forum Contributor
Posts: 238
Joined: Wed May 29, 2002 3:46 am
Location: Florida
Contact:

Post by Kriek »

jason wrote:rats: That has nothing to do with cookies, and everything to do with not knowing how to code properly. It is very easy to use cookies and prevent what you describe.
haha that error is exactly what I get from your site Jason (Login.php) whenever I try to login to NN.
User avatar
zorka
Forum Newbie
Posts: 9
Joined: Fri May 24, 2002 8:29 am
Contact:

Drop the .inc extension

Post by zorka »

Unless you have modified your apache settings you will probably want to drop the .inc extension and rename those files to .php or .inc.php. This will stop us from getting your database user name / password and actually seeing your code (not good).

Several people answered the question but rather quickly so let me detail a little further.

1. You have to send any header information before you send any cookie information. This is the biggest thing to get around when you start playing with sessions. I find that a lot of early PHP developers work themselves into a hole of sorts with how they are taught PHP. This can however be avoided with a good design methodology. For example, do all of your logical processing before you send output. Setup your includes and other pieces before you start getting into the core logic of your page. Try to achieve as much separation of logic and code as you can. With the right design you can achieve about 90-95%.

2. Output buffering - Lookup on the PHP.net site ob_start(); and read about this function. These set of functions will buffer the output before sending it down and "re-shift" the headers around for you before sending output thereby circumventing the problem of poor design. You can also use this set of functions to gzip your data before sending it down as well. A common trick to speed up downloads for users and speed up the server.

Good luck,

--ZorKa
User avatar
teksys
Forum Commoner
Posts: 34
Joined: Tue May 14, 2002 6:58 pm
Location: Denmark

Re: Drop the .inc extension

Post by teksys »

Ok, thanks alot for the pointers...I shall gather some more information on ob_start();

thanks.
zorka wrote:Unless you have modified your apache settings you will probably want to drop the .inc extension and rename those files to .php or .inc.php. This will stop us from getting your database user name / password and actually seeing your code (not good).

Several people answered the question but rather quickly so let me detail a little further.

1. You have to send any header information before you send any cookie information. This is the biggest thing to get around when you start playing with sessions. I find that a lot of early PHP developers work themselves into a hole of sorts with how they are taught PHP. This can however be avoided with a good design methodology. For example, do all of your logical processing before you send output. Setup your includes and other pieces before you start getting into the core logic of your page. Try to achieve as much separation of logic and code as you can. With the right design you can achieve about 90-95%.

2. Output buffering - Lookup on the PHP.net site ob_start(); and read about this function. These set of functions will buffer the output before sending it down and "re-shift" the headers around for you before sending output thereby circumventing the problem of poor design. You can also use this set of functions to gzip your data before sending it down as well. A common trick to speed up downloads for users and speed up the server.

Good luck,

--ZorKa
Post Reply