Cannot add header information

[deleted]

Any ideas on what's going on. My authentication code keeps producing the following errors:

PHP Notice: Undefined index: email in H:\MNS\Development\Dev.Projects\crc\includes\login_func.inc on line 24 PHP Warning: Cannot add header information - headers already sent in H:\MNS\Development\Dev.Projects\crc\includes\login_func.inc on line 84 PHP Warning: Cannot add header information - headers already sent in H:\MNS\Development\Dev.Projects\crc\includes\login_func.inc on line 85 PHP Warning: Cannot add header information - headers already sent in H:\MNS\Development\Dev.Projects\crc\login.php on line 26 PHP Notice: Undefined variable: feedback_str in H:\MNS\Development\Dev.Projects\crc\login.php on line 52

For the Header errors I have checked and there are no spaces before or immediately after <?php or ?>

Here's the login_func.inc code

<?php
//A file with the database host,user,password, and selected database
include_once ('sql_layer.php');
include_once ('functions.php');


//A string used for md5 encryption.
$supersecret_hash_padding = 'a string that is used to pad out short strings for md5 encryption.';

$LOGGED_IN = false;

unset($LOGGED_IN);

function user_isLoggedIn(){
	//This function will only work with superglobal arrays, because
	//I'm not passing in any values or declaring globals
	global $supersecret_hash_padding, $LOGGED_IN;

//Have we already run the hash checks?
//If so, return the pre-set var
if (isSet($LOGGED_IN)){
	return $LOGGED_IN;
}
[LINE 24 ]if ($_COOKIE['email'] && $_COOKIE['id_hash']){
	$hash = md5($_COOKIE['email'].$supersecret_hash_padding);
	if ($hash == $_COOKIE['id_hash']){
		return true;
	}else{
		return false;

	}
}else{
	return false;
}
}

function user_login(){
	//This function will only work with superglobal arrays, because
	//I'm not passing in any values or declaring glbals
	dbConnect ('crc1');
	if (!$_POST['email'] || !$_POST['password']){
		$feedback = 'ERROR- Missing e-mail address or password';
		return $feedback;
	}else{
		$email = strtolower($_POST['email']);
		//Don't need to trim because extra spaces should fail for this
		//Don't need to addslashes because single quotes aren't allowed
		$password = strtolower($_POST['password']);
		//Don't need to addslashes because we'll be hashing it
		$crypt_pwd = md5($password);
		$result = sql_query("SELECT emailaddress, status_id
							  FROM tblusers
							  WHERE emailaddress = '$email'
							  AND password = '$crypt_pwd'");
		if (!$result || mysql_num_rows($result) < 1){
			$feedback = 'ERROR- User not found or password incorrect';
			return $feedback;
		}else{
			if (mysql_result($result,0,'status_id') =='1'){
				user_set_tokens($email);
				return 1;
			}else{
				$feedback = 'ERROR- You may not have confirmed your account yet';
				return $feedback;
			}
		}
	}
}

function user_logout(){
	setcookie('email', '', (time()+2592000), '/', '', 0);
	setcookie('id_hash', '', (time()+2592000), '/', '', 0);
}

function user_set_tokens($email_in){
	global $supersecret_hash_padding;
	if (!$email_in){
		$feedback = 'No username';
		return false;
	}
	$email = strtolower($email_in);
	$id_hash = md5($email.$supersecret_hash_padding);

[LINE 84 ]setcookie('email',$email, (time()+2592000), '/', '', 0);
[LINE 85]setcookie('id_hash',$id_hash, (time()+2592000), '/', '', 0);
}
?>

And here's the login.php code

<?php
/************************************************
* Login page. There are links to this page from *
* the header on every other page for logged-out *
* users only.									*
*************************************************/

require_once ('includes/login_func.inc');

// If they're logged in, log them out
// They shouldn't be able to see this page logged-in
// This allows the same page to be used as a logout script
if ($LOGGED_IN = user_isLoggedIn()){
	user_logout();
	$_COOKIE['email'] = '';
	unset ($LOGGED_IN);
	}
	if ($_POST['submit'] == 'Login'){
		if (strlen($_POST['email']) <=25 && strlen($_POST['password'])<=25){
		$feedback = user_login();
		}else{
		$feedback = 'Username and password are too long';
		}
		if ($feedback == 1){
		// On successful login, redirect to homepage
		[LINE 26]header ("Location: index.php?mod=mycrc");
		}else{
		$feedback_str = '<p class="errormess">$feedback</p>';
		}
}else{
	$feedback_str = '';
}

//-----------------
// DISPLAY THE FORM
//-----------------
//include_once('includes/header_footer.php');
//site_header('Login');

// Superglobals don't work with heredoc
$php_self = $_SERVER['PHP_SELF'];

$login_form = <<< EOLOGINFORM
<table cellpadding=0 cellspacing=0 border=0 align=center width=621>
	<tr>
		<td rowspan=2><img width=14 height=1 src=images/spacer_wh.gif></td>
		<td width=606 height=1><img width=606 height=1 src=images/spacer_wh.gif></td>
	</tr>
	<tr>
		<td>
			$feedback_str
			<p class="bold">LOGIN</p>
			<form action="$php_self" method="post">
			<p class="bold">E-mail Address<br/>
			<input type="text" name="email" value="" size="10" maxlength="15"></p>
			<p class="bold">Password<br/>
			<input type="password" name="password" balue="" size="10" maxlength="15"></p>
			<p><input type="submit" name="submit" value="Login"></p>
</form>
		</td>
	</tr>
</table>
EOLOGINFORM;

echo $login_form;
//site_footer();
?>

And of course I'm not being redirected to the location indicated in LINE 26 of login.php.

ANy help would be greatly appreciated.

matt_4013

Check your sql_layer and functions includes for the spaces as well, and make sure they aren't outputting anything, because there's not really anything wrong with that code 🙂

stolzyboy

you can always put

ob_start();

at the very first line of the script, and all header() errors won't happen

although it would be better to leave ob_start() and get all output from before the header()

[deleted]

I removed the functions.php and sql_layer.php includes and replaced it with the following:

db_vars.inc

<?php
$dbhost = "";
$dbuser = "xxxxxxx";
$dbpass = "xxxxxxx";

function dbConnect($db="crc1")
{
    global $dbhost, $dbuser, $dbpass;

$dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)or die("The site database appears to be down.");

if ($db!="" and !@mysql_select_db($db))die("The site database is unavailable.");
return $dbcnx;
}
?>

There are no spaces leading or trailing spaces here either. The problem has to be with login_func.inc or login.php, but I don't know where.

[deleted]

I'm attaching the files for my login. Perhaps someone can find the errant spaces because I can't. I would greatly appreciate someone's help.

Thanks.

stolzyboy

what is the error(s) you are getting now?

[deleted]

The problem was that an error for the variable $email was outputted prior to the header. I was able to correct this.

Now what I am trying to do is to apply the above login functions to all the pages I need to protect/personalize.

I tried

<?php
  if ($LOGGED_IN = 'true'){

   // code for page

  }else{
      header("Location: [url]http://localhost/dir/login.php[/url]");
}
?>

but I keep getting the login page and no errors.

Any suggestions.