Page 1 of 1

Headers

Posted: Wed Apr 01, 2009 7:12 pm
by Burton333
Hi, I'm pretty new to PHP. I am trying to create a site that takes in a person's username and password. Checks to see if the account exists in the database, and then obtains the user's level (fldUserLevel) to determine which website to send them to. Here is the code I have :

Code: Select all

<?php
 
// initialize my variables
 
$userName="";
$passWord="";
 
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// if form has been submitted, validate the information
if (isset($_POST["cmdLogIn"])){
    include ("validation_functions.php");
    $url="http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
    if(!formOK($url)){
        die("<p>I am sorry there has been a problem</p>");
    }
    // initialize my variables to the forms posting    
    $userName = $_POST["userName"]; 
    $passWord = $_POST["passWord"];
 
    // initialize my variables to the forms posting    
    $userName = htmlentities($_POST["userName"], ENT_QUOTES);
    $passWord = htmlentities($_POST["passWord"], ENT_QUOTES);
     
    $errorMsg=array();
    
    //%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
    // begin testing each form element 
  if($userName==""){
      $errorMsg[]="Please enter your username";
  } elseif (!verifyAlphaNum ($userName)){ 
      $errorMsg[]="Your Username must be letters and numbers only.";        
  }
        
    if($passWord==""){
        $errorMsg[]="Please enter your password";
    } elseif (!verifyAlphaNum ($passWord)){
        $errorMsg[]="Your password must be letters and numbers only.";
    } 
 
    //%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
  if($errorMsg){
        echo "<ul>\n";
    foreach($errorMsg as $err){
        echo "<li style='color: #ff6666'>" . $err . "</li>\n";
    }
    echo "</ul>\n";
  } else { 
    //%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
    // form is valid now we need to save information to the database
 
    // encrypt the password and add slashes if needed
    $passWord = md5($passWord);
    if (!get_magic_quotes_gpc()) {
            $userName = addslashes($userName);
            $passWord = addslashes($passWord);
        }
 
        $timeStamp = time();
        $sql = "SELECT fldUserLevel FROM ";
        $sql .="tblUsers WHERE ";
                $sql .= "fldUserName='" . htmlentities($_POST['userName']) . "' and ";
                $sql .= "fldpassWord='" . $passWord . "';";
                
                //print     "<p>SQL: " . $sql;
        //reset values in case we redisplay form
        $passWord=htmlentities($_POST["passWord"], ENT_QUOTES);              
        
        include("connect.inc");
    
        //check to see if you will have any records        
        $results = $myDatabase->select($sql);
                
                if($results){
                            $userLevel = $results[0]['fldUserLevel'];
                            print "<p>userLevel: " . $userLevel;
                            if($userLevel=0){
                                header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
                            }elseif($userLevel=3){
                                header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
                            }elseif($userLevel=6){
                                header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
                            }
                            
                } else {
                    print "<p>The username and password you entered is invalid.</p>";
                    }
        
    }
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Log In</legend>
<label for="userName">Username:</label>
<input type="text" name="userName" maxlength="60" value="<? print $userName; ?>" />
<br />
<label for="passWord">Password:</label>
<input type="password" name="passWord" maxlength="10" value="<? print $passWord; ?>" />
<br />
 
<input type="submit" name="cmdLogIn" value="Log In" />
</fieldset>
</form>
 
However the header function is not working the way I have it. Any ideas?

Re: Headers

Posted: Wed Apr 01, 2009 8:17 pm
by joel24
Try change to
# if($results){
# $userLevel = $results[0]['fldUserLevel'];
# print "<p>userLevel: " . $userLevel;
# if($userLevel=0){
# header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
# }elseif($userLevel=3){
# header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
# }elseif($userLevel=6){
# header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
# }
the items in red should be double = (==). otherwise the $userlevel is becoming 0 on the first if command, rather than checking if its equal to 0.

if the script isn't even getting to that part, try putting in

print_r($results);
exit();

before the if($results);
and if that works put in

exit();

after the print "<p>username...." line and see if you get anything printed...

what exactly is happening when you try and execute the script? is it redirecting to a page, or not?

Re: Headers

Posted: Wed Apr 01, 2009 9:02 pm
by Burton333
In that code it displays the log in menu. When I type in a username and password that are in the database and click log in, depending on the user level(fldUserLevel) it should redirect the user to the assigned page. I had to add =="0" in order for it to enter those if and elseif statements.(Thanks Joel24) Why won't the header methods work though? Should I be entering exit(); somewhere else?

Re: Headers

Posted: Wed Apr 01, 2009 9:49 pm
by Burton333
So my code is now looking like this :
$results = $myDatabase->select($sql);

if($results){
$userLevel = $results[0]['fldUserLevel'];
//print "<p>userLevel: " . $userLevel;
if($userLevel== "0"){
print "<p>I made it! userLevel: " . $userLevel;
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
}elseif($userLevel== "3"){
print "<p>I made it! userLevel: " . $userLevel;
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
}elseif($userLevel== "6"){
print "<p>I made it! userLevel: " . $userLevel;
header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
}
and when I type in a username and password that exists it prints the correct user level assigned to each account. However, I have yet to get the header() method to work. Can I have html code before it all? I have nothing printed, just the !DOCTYPE, title, meta, head and body tags before.

Re: Headers

Posted: Wed Apr 01, 2009 10:08 pm
by requinix
Burton333 wrote:Can I have html code before it all?
Nope.

Re: Headers

Posted: Wed Apr 01, 2009 10:24 pm
by Burton333
Well i changed it and now there is nothing before it I believe but it still doesn't seem to work. This is the entire code :

Code: Select all

 
<?
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// set up files to connect to your database
include("db.inc");
include("error.inc");
include("mydb.inc");
 
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// initialize my variables
 
$userName="";
$passWord="";
 
//%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
// if form has been submitted, validate the information
if (isset($_POST["cmdLogIn"])){
    include ("validation_functions.php");
    $url="http://" . $_SERVER['SERVER_NAME'] . $_SERVER['PHP_SELF'];
    if(!formOK($url)){
        die("<p>I am sorry there has been a problem</p>");
    }
    // initialize my variables to the forms posting    
    $userName = $_POST["userName"]; 
    $passWord = $_POST["passWord"];
 
    // initialize my variables to the forms posting    
    $userName = htmlentities($_POST["userName"], ENT_QUOTES);
    $passWord = htmlentities($_POST["passWord"], ENT_QUOTES);
     
    $errorMsg=array();
    
    //%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
    // begin testing each form element 
  if($userName==""){
      $errorMsg[]="Please enter your username";
  } elseif (!verifyAlphaNum ($userName)){ 
      $errorMsg[]="Your Username must be letters and numbers only.";        
  }
        
    if($passWord==""){
        $errorMsg[]="Please enter your password";
    } elseif (!verifyAlphaNum ($passWord)){
        $errorMsg[]="Your password must be letters and numbers only.";
    } 
 
    //%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
  if($errorMsg){
        echo "<ul>\n";
    foreach($errorMsg as $err){
        echo "<li style='color: #ff6666'>" . $err . "</li>\n";
    }
    echo "</ul>\n";
  } else { 
    //%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%^%
    // form is valid now we need to save information to the database
 
    // encrypt the password and add slashes if needed
    $passWord = md5($passWord);
    if (!get_magic_quotes_gpc()) {
            $userName = addslashes($userName);
            $passWord = addslashes($passWord);
        }
 
        $timeStamp = time();
        $sql = "SELECT fldUserLevel FROM ";
        $sql .="tblUsers WHERE ";
                $sql .= "fldUserName='" . htmlentities($_POST['userName']) . "' and ";
                $sql .= "fldpassWord='" . $passWord . "';";
                
                //print     "<p>SQL: " . $sql;
        //reset values in case we redisplay form
        $passWord=htmlentities($_POST["passWord"], ENT_QUOTES);              
        
        include("connect.inc");
    
        //check to see if you will have any records        
        $results = $myDatabase->select($sql);
                
                if($results){
                            $userLevel = $results[0]['fldUserLevel'];
                            //print "<p>userLevel: " . $userLevel;
                            if($userLevel== "0"){
                              print "<p>I made it! userLevel: " . $userLevel;
                                header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/god.php');
                            }elseif($userLevel== "3"){
                              print "<p>I made it! userLevel: " . $userLevel;
                                header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/manager.php');
                            }elseif($userLevel== "6"){
                              print "<p>I made it! userLevel: " . $userLevel;
                                header('Location: http://www.uvm.edu/~tlia/cs148/assignment4/member.php');
                            }
                            
                } else {
                    print "<p>The username and password you entered is invalid.</p>";
                    }
        
    }
}
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="author" content="Thomas Lia" />
<meta name="description" content="confirmation page" />
</head>
<body>
 
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<fieldset>
<legend>Log In</legend>
<label for="userName">Username:</label>
<input type="text" name="userName" maxlength="60" value="<? print $userName; ?>" />
<br />
<label for="passWord">Password:</label>
<input type="password" name="passWord" maxlength="10" value="<? print $passWord; ?>" />
<br />
 
<input type="submit" name="cmdLogIn" value="Log In" />
</fieldset>
</form>
 
</body>
</html>
It prints out the right user level for each account when I log in, however when I comment that out the header() method still does not work on log in. It just remains on the same page. Any ideas?

Re: Headers

Posted: Wed Apr 01, 2009 10:32 pm
by php_east
try trim($userLevel) before you enter the ifs.

Re: Headers

Posted: Wed Apr 01, 2009 10:39 pm
by Burton333
It is entering the if statements fine. It prints
I made it! userLevel: and the correct user level
when I attempt to log in as any of the accounts in the database. So it is making it to the if statements and entering the correct one when log in is clicked. However, it just does not go to the new page that the header() method references. Why is that?

Re: Headers

Posted: Wed Apr 01, 2009 10:54 pm
by Burton333
I found a method that actually printed out the exact file and line number that the headers were already sent on. It turned out to be a space after the ?> at the end of one of my .inc files. I don't think I would have ever been able to find that just by looking. If anyone needs it for future reference it is:

Code: Select all

if(headers_sent($file, $line)){
  // ... where were the mysterious headers sent from?
  echo "Headers were already sent in $file on line $line...";
}
It could save you a lot of time if you are having trouble with headers.

Re: Headers

Posted: Wed Apr 01, 2009 11:02 pm
by php_east
that is just marvelous! a simple routine to test that line numbers are within range of expected line numbers for header would ensure no phantom 'headers' appear. a simply great debugging tool !

it would be next to impossible to check for it otherwise, other than using experience, and indeed saves tons of precious time. thank you.

Re: Headers

Posted: Wed Apr 01, 2009 11:23 pm
by Burton333
I got that logIn screen to work and bring the user to the correct page. The page should allow the user to delete certain accounts depending on their user level. However, if they were to delete their own account they should lose access immediately. Also if they were to delete it in one browser, and already be in the page on the same account in another browser, when they click refresh they should be kicked out because their account has been deleted. How do I accomplish this? I believe it has something to do with session variables.

Re: Headers

Posted: Wed Apr 01, 2009 11:46 pm
by php_east
use sesssioning, yes. once you destroy the session used by one browser, the next access, ( by the same or another browser on the same page ) will lead to your login again. a simple session management will do this.