[Resolved] Login Script problems

furious5

With one problem solved, here comes the next one.

When executing the code I get the following error:
Warning: Cannot modify header information - headers already sent by (output started at d:\php\verify.php:36) in d:\php\verify.php on line 51

This error refers to the line highlighted in bold below:

<? 
// Include DB Variables
	include("config.php");

// Check Querystring for variables passed, labelled $user_name + $password to avoid confusion with config.php $username, $password
$user_name = $HTTP_POST_VARS['username']; 
$pass_word = $HTTP_POST_VARS['password']; 


// Check user_name and password.
if((!$user_name) | (!$pass_word)) {
print ("Please re enter your login information");
} 

// Connect To MySQL Server
mysql_connect($server, $username, $password) or die("Couldn't Connect to Database");

// Select Database
mysql_select_db($database) or die("Couldn't Select Database");

//Encrypt the password variable before sending to the database

//$pass_word = md5($pass_word);

// SQL Query
$sql = "select * from username where password='$pass_word' and username='$user_name'";

// Run the SQL dynamically, by placing in the mysql_query field
$sql_result = mysql_query($sql);

// count number of matches
$num = mysql_numrows($sql_result);

# If Login Is Okay Do What You Want TO DO to Them
if ($num == "1") {
	print "<span class=general>Logged in okay</span>";
}

# And we must a have a default error message if login fails
if ($num == "0"){
print "<span class=general>Sorry the details you provided do not match any existing records.</span>";
} else {

while ($row = mysql_fetch_array($sql_result)){
$userlevel = $row["userlevel"];

echo $userlevel;
}

if ($userlevel = "admin"){
	[b]header("Location: [url]http://localhost/admin/control.php[/url]");[/b]
	exit;
	} elseif ($userlevel = "user"){
	header("Location: [url]http://localhost/user/control.php?user=[/url]$user_name");
	exit;

}
}

?>

ereptur

You're problem is where you are trying to redirect the person after testing to see if they are an admin.

The header() function can only be used if absolutely no other information (with the exception of cookies and sessions) has been sent to the users browser. You are echoing out the user's userlevel just before you get to that point.

Also, you are printing out "Please re enter your login information" if they have not filled out the form, but you don't stop the script execution, instead you have it go ahead and connect to the database and pull the userinformation for a user that probably won't exist. This is burning CPU cycles and causing overhead. You should put an else in there.

kevinsequeira

sigh, when u use header(....) u cannot output anything to the screen before the line that has the header, at a glance u have an echo statement before header,
also check for blank lines , spaces

it gives u a clue

output started at d:\php\verify.php:36

meaning u have something output to screen on this line

reg
kevin

furious5

Points taken, and duly amended.

Thanks for pointing out the flaws in my errors. I am still getting to grips with PHP so any advice is greatly appreciated. 🙂