Page 1 of 1

Login Page

Posted: Sat Jun 07, 2008 10:04 am
by lostprophetpunk
I think I might have a problem with my login page, as it gives me an error when I am logging in to my system.

I get the following error when I login...
Warning: Cannot modify header information - headers already sent by (output started at /home/a4334033/public_html/project/login.php:6) in /home/a4334033/public_html/project/login.php on line 262
Then below that I get the same but on line 263 and line 265.

Below is the code for my login.php...

Code: Select all

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Mini-Antiques > Login</title>
<style type='text/css'>
* html{
margin: 0;
padding: 0;
border: 0;
}
 
body {
  background-color: #000000;
}
 
#container {
  margin: 0 auto;
  width: 800px;
}
#hcontainer {
  margin: 0 auto;
  width: 800px;
}
#header {
  width: 800px;
  height: 254px;
  background-image: url(images/w_header.png);
  background-repeat: no-repeat;
}
 
#mcontainer {
  margin: 0 auto;
  width: 560px;
  background-color: #ba9f6d;
}
#main {
  width: 550px;
  height: auto;
  margin: 0 auto;
  background-color: #ba9f6d;
  color: #000000;
  font-family: helvetica, sans-serif;
  font-weight: bold;
  font-size: 12px;
}
 
#nav {
  width: 800px;
  height: 48px;
  background-image: url(images/w_nav.png);
  background-repeat: no-repeat;
  font-family: helvetica, sans-serif;
  font-size: 14px;
  font-weight: 900;
  color: #000000;
  text-align: center;
  padding-top: 6px;
}
#fcontainer {
  margin: 0 auto;
  width: 800px;
}
#footer {
  width: 800px;
  height: 68px;
  color: #000000;
  background-image: url(images/w_footer.png);
  background-repeat: no-repeat;
  padding-top: 8px;
  text-align: center;
  font-family: helvetica, sans-serif;
  font-weight: bold;
  font-size: 12px;
}
 
h1 {
  font-size: 25px;
  font-family: "tebuchet ms", sans-serif;
  font-weight: 900;
  color: #4679aa;
}
 
a:link {
  color: #ffffff;
  font-family: helvetica, sans-serif;
  font-weight: bold;
  font-size: 14px;
}
 
a:visited {
  color: #ffffff;
  font-family: helvetica, sans-serif;
  font-weight: bold;
  font-size: 14px;
}
 
a:hover {
  color: #ffffff;
  font-family: helvetica, sans-serif;
  font-weight: bold;
  font-size: 14px;
}
 
a:active {
  color: #ffffff;
  font-family: helvetica, sans-serif;
  font-weight: bold;
  font-size: 14px;
}
 
.name {
    font: 11px Verdana, Arial, Helvetica, sans-serif;
    color: #000000;
        font-weight: 900;
}
.textfield {
    font-size: 11px;
    color: #ffffff;
    background-color: #333333;
    border: 1px solid #555555;
}
</style>
</head>
<body>
 
<div id='container'>
 <div id='header'></div>
 <?php include'nav.php'; ?>
<div id='main'>
 
<?php 
 
/*
* login.php
* ---------------------
* Description:
*   This file logs the user in and creates a session in the database.
* 
*/
 
include 'global.php';
 
$username = mysql_real_escape_string( trim($_POST['username']) );
$password = mysql_real_escape_string( $_POST['password'] );
$submit = $_POST['submit'];
 
if( isset( $_COOKIE['session_id'] ) || isset ( $_COOKIE['user_id'] ) ){
// Already logged in so cancel script.
    
    $safeSessionId = mysql_real_escape_string( $_COOKIE['session_id'] );
    $query = mysql_query("SELECT * FROM sessions WHERE session_id='$safeSessionId'");
    $data = mysql_fetch_array( $query );
    
    if($data['session_id'] == ''){
    // Session Doesn't Exist
    
    setcookie('session_id','',time()-3600,'');
    setcookie('user_id','',time()-3600,'/');
    
    } else {
    
    //User Is Already Logged In. Kill Script.
    echo 'You are alreay logged in.';
    return;
    }
    
}
 
if( isset( $submit ) ){
// The user submitted the login form
 
    if( $username == '' ){
    // Username Field is Blank
    $error[0] = 'Username Field Is Blank';
    echo $username;
    } else {
    
        $query = mysql_query("SELECT * FROM members WHERE username='$username'");
        $data = mysql_fetch_array($query);
        
        if( $data['id'] == '' ){
        
        $error['top'] = 'Username and/or password do not match.';
        
        } else {
        
        $error['top'] = '';
        $error[0] = FALSE;
        
        }
        
    }
    
    if( $password == '' ){
    // Password Field Was Blank
    
    $error[1] = 'Password Field Is Blank';
    
    } else {
        
        $MD5password =  md5( $password );
        
        $query = mysql_query("SELECT * FROM members WHERE username='$username'");
        $data = mysql_fetch_array($query);
        
        if( $data['password'] == $MD5password ){
        
        $error[1] = FALSE;
        $user_id = $data['id'];
        
        } else {
        
        $error['top'] = 'Username and/or password do not match.';
        $error[1] = '-';
        
        }
    
    }
    
    if( $error[0] == '' && $error[1] == ''){
    // Everything is alright
    
    $session_id = mt_rand();
    $loop = TRUE;
    $timeStamp = time();
    $location = 'Loggin In';
        
        // Makes sure there aren't duplicate session ids    
        
        $query = mysql_query("SELECT * FROM sessions WHERE session_id='$session_id'");
        $data = mysql_fetch_array($query);
        
        if($data['id'] == ''){
        
        $loop = false;
        
        }
        
        while($loop){
            
            $session_id = mt_rand();
            
            $query = mysql_query("SELECT * FROM sessions WHERE session_id='$session_id'");
            $data = mysql_fetch_array($query);
            
            if($data['id'] == ''){
            
            $loop = false;
            
            }
            
        }
    
    // Create Session
    
    mysql_query("INSERT INTO sessions
        (session_id,time,user_id,location)
        values
        ('$session_id','$timeStamp','$user_id','$location')");
    
    setcookie('session_id',$session_id,time() + $TimeOutFormula,'/');
    setcookie('user_id',$user_id,time() + $TimeOutFormula,'/');
    
    header('Location: '.$LandingPage);
    
    return; // Kills script so login form wont show up.
    
    } else {
    // Something went wrong
    }
    
} else {
// The user has not submitted the login form
 
}
 
?>
 
 
 
<form action="" method="POST">
<?php echo $error['top'] ?>
<table align='center'>
 
    <tr>
        <td class='name'> Username </td>
        <td class='textfield'> <input type="text" name="username" value="<?php echo $_POST['username'] ?>"><?php echo $error[0] ?></td>
    </tr>
    
    <tr>
        <td class='name'> Password </td>
        <td class='textfield'> <input type="password" name="password"></td>
    </tr>
    
    <tr>
        <td colspan="2"> <input name="submit" type="submit" value="Login"> </td>
    </tr>
    
</table>
 
</form><br />
</div>
<div id='footer'></div>
</div>
 
</body>
</html>
I have tried googling it and searching within this forum, but found no answers, so I thought I would post the problem.

It would be great if anyone could help me on this.

Re: Login Page

Posted: Sat Jun 07, 2008 10:14 am
by dbemowsk
This issue has been covered a MILLION times in the forum. Do a search in the forum on the error you are getting.

Re: Login Page

Posted: Sat Jun 07, 2008 10:28 am
by Benjamin
You need to process the login code before you send any data. In your case your sending html and then processing the login. You'll need to move your code up so that it processes the login request before sending html. You cannot send a single space before sending the location header, or any headers for that matter.

Re: Login Page

Posted: Sat Jun 07, 2008 10:57 am
by lostprophetpunk
Thanks for the help.

I have a new problem in the following script which is added.php...

The problem is the 'Parse error: unexpected T_STRING etc' one.

I have looked over the code below, and found that there are no missing brackets, so what could be causing the error?

Code: Select all

<?php
 
include 'protect.php';
 
activate('Added')
 
?>
<?php
 
*connection code*
*has been removed*
 
$book_new=$_POST['bookt'];
$author_new=$_POST['authorl'];
$price_new=$_POST['pricen'];
$year_new=$_POST['yearn'];
$origin_new=$_POST['originn'];
$condition_new=$_POST['conditionn'];
 
if( trim( $book_new ) == ''){
$book_new = "--NULL--";
}
 
if( trim( $author_new ) == ''){
$author_new = "--NULL--";
}
 
if( $price_new == 'nothing'){
$price_new = "--NULL--";
}
 
if( $year_new == 'nothing1'){
$year_new = "--NULL--";
}
 
if( $origin == 'nothing2'){
$origin = "--NULL--";
}
 
if( $condition == 'nothing3'){
$condition = "--NULL--";
}
 
$query = "INSERT INTO books (ID,Book_Title,Author,Price,Publication_Year,Origin_Country,Condition)
VALUES ('','$book_new','$author_new','$price_new','$year_new','$origin_new','$condition_new');
 
echo "Hello there";
 
mysql_close($con)
 
?>

Re: Login Page

Posted: Sat Jun 07, 2008 11:01 am
by Benjamin
Your missing a " at the end of your database query string.