creating a BB system

djfranknitti

hi, my name is frank ivey and i am a avid reader of books from he wrox publishing. I am also a big fan of php and mysql. I just bought the book "beginning php, apache, mysql web development" and I must say that it has bee very edcational and easy to read. I am currently talcking a problem in chapter 15, creating a BB system. the giving code for http.php is suppose to redirect the user to index.php. but i think it is trying to redirect to itself instead (http.php).

when ever i try to submit a login it calls the transact-user.php script. This script works find until it calls the redirct function from http.php. Then I get an error that states "Could not redirect; Headers already sent (output)." which is the error i told it to print if it cant find the header.

I am posting my transact-user.php code and http.php code at the bottom. This code is the same as it is in the book.

transact-user.php:

<?php

require_once 'conn.php';
require_once 'http.php';

if (isset($REQUEST['action'])) {
switch ($REQUEST['action']) {
case 'Login':
if (isset($POST['email'])
and isset($POST['passwd']))
{
$sql = "SELECT id,access_lvl,name,last_login " .
"FROM forum_users " .
"WHERE email='" . $POST['email'] . "' " .
"AND passwd='" . $POST['passwd'] . "'";
$result = mysql_query($sql,$conn)
or die('Could not look up user information; ' . mysql_error());

    if ($row = mysql_fetch_array($result)) {
      session_start();
      $_SESSION['user_id'] = $row['id'];
      $_SESSION['access_lvl'] = $row['access_lvl'];
      $_SESSION['name'] = $row['name'];
      $_SESSION['last_login'] = $row['last_login'];
      $sql = "UPDATE forum_users SET last_login = '".
             date("Y-m-d H:i:s",time()) . "' ".
             "WHERE id = ". $row['id'];
      mysql_query($sql,$conn)
      or die(mysql_error()."<br>".$sql);
    }
  }
  redirect('index.php');
  break;

case 'Logout':
  session_start();
  session_unset();
  session_destroy();

  redirect('index.php');
  break;

case 'Create Account':
  if (isset($_POST['name'])
      and isset($_POST['email'])
      and isset($_POST['passwd'])
      and isset($_POST['passwd2'])
      and $_POST['passwd'] == $_POST['passwd2'])
  {
    $sql = "INSERT INTO forum_users ".
           "(email,name,passwd,date_joined,last_login) " .
           "VALUES ('" . $_POST['email'] . "','" .
           $_POST['name'] . "','" . $_POST['passwd'] . "','".
           date("Y-m-d H:i:s",time()). "','".
           date("Y-m-d H:i:s",time()). "')";

    mysql_query($sql,$conn)
      or die('Could not create user account; ' . mysql_error());

    session_start();
    $_SESSION['user_id'] = mysql_insert_id($conn);
    $_SESSION['access_lvl'] = 1;
    $_SESSION['name'] = $_POST['name'];
    $_SESSION['login_time'] = date("Y-m-d H:i:s",time());
  }
  redirect('index.php');
  break;

case 'Modify Account':
  if (isset($_POST['name'])
      and isset($_POST['email'])
      and isset($_POST['accesslvl'])
      and isset($_POST['userid']))
  {
    $sql = "UPDATE forum_users " .
           "SET email='" . $_POST['email'] .
           "', name='" . $_POST['name'] .
           "', access_lvl=" . $_POST['accesslvl'] .
           ", signature='" . $_POST['signature'] . "' " .
           " WHERE id=" . $_POST['userid'];

    mysql_query($sql,$conn)
      or die('Could not update user account... ' . mysql_error() .
             '<br>SQL: ' . $sql);
  }
  redirect('admin.php');
  break;

case 'Edit Account':
  if (isset($_POST['name'])
      and isset($_POST['email'])
      and isset($_POST['accesslvl'])
      and isset($_POST['userid']))
  {
    $chg_pw=FALSE;
    if (isset($_POST['oldpasswd'])
        and $_POST['oldpasswd'] != '') {
      $sql = "SELECT passwd FROM forum_users " .
                "WHERE id=" . $_POST['userid'];
      $result = mysql_query($sql) or die(mysql_error());
      if ($row = mysql_fetch_array($result)) {
        if (($row['passwd'] == $_POST['oldpasswd'])
            and (isset($_POST['passwd']))
            and (isset($_POST['passwd2']))
            and ($_POST['passwd'] == $_POST['passwd2']))
        {
          $chg_pw = TRUE;
        } else {
          redirect('useraccount.php?error=nopassedit');
          break;
        }
      }
    }
    $sql = "UPDATE forum_users " .
           "SET email='" . $_POST['email'] .
           "', name='" . $_POST['name'] .
           "', access_lvl=" . $_POST['accesslvl'] .
           ", signature='" . $_POST['signature'];
    if ($chg_pw) {
      $sql .= "', passwd='" . $_POST['passwd'];
    }
    $sql .= "' WHERE id=" . $_POST['userid'];
    mysql_query($sql,$conn)
      or die('Could not update user account... ' . mysql_error() .
             '<br>SQL: ' . $sql);
  }
  redirect('useraccount.php?blah=' . $_POST['userid']);
  break;

case 'Send my reminder!':
  if (isset($_POST['email'])) {
    $sql = "SELECT passwd FROM forum_users " .
           "WHERE email='" . $_POST['email'] . "'";

    $result = mysql_query($sql,$conn)
      or die('Could not look up password; ' . mysql_error());

    if (mysql_num_rows($result)) {
      $row = mysql_fetch_array($result);

      $subject = 'Comic site password reminder';
      $body = "Just a reminder, your password for the " .
              "Comic Book Appreciation site is: " . $row['passwd'] .
              "\n\nYou can use this to log in at [url]http://[/url]" .
              $_SERVER['HTTP_HOST'] .
              dirname($_SERVER['PHP_SELF']) . '/login.php?e='.
              $_POST['email'];
      $headers = "From: [email]admin@yoursite.com[/email]\r\n";

      mail($_POST['email'],$subject,$body,$headers)
        or die('Could not send reminder email.');
    }
  }
  redirect('login.php');
  break;

}
}
?>

http.php:
<?php
function redirect($url) {
if (!headers_sent()) {
header('Location: [url]http://[/url]' . $SERVER['HTTP_HOST'] .
dirname($SERVER['PHP_SELF']) . '/' . $url);
} else {
die('Could not redirect; Headers already sent (output).');
}
}
?>

oh yeah i also get a sessions error but i know how to fix that

weekender

when you send any data (even a blank space or meta tags) to the browser, this is treated as the start of the data stream, so the http headers are sent.

so if you send echo " ";, then before that is sent, php will send http headers describing what type of data is being sent.

headers can only be sent at the start, before any data is sent - so if you echo something to the browser, and then try and send an additional header, it will fail.

this is what's happening, although i can't see where the data is being sent to the browser. you can use the output buffer functionality to get around this, read up on [man]ob_start[/man]

hope that helps

adam

planetsim

No need to post in multiple forums. Also please use the [php][/php] tags when posting PHP especially large pieces.

Well do you have any output before the headers are sent if so you must make sure that the headers are sent before that. Also if that doesnt help you should look into using the Output Functions

djfranknitti

OK, i finally solved my header errors problem and now i am able to log on and create sessions. 😃 But now I have a new problem.

Please remember that I am creating my bulletin board system based off the exercise in chapt. 15 in "Beginning PHP, Apache, MySql, Web Devlopment".

when I want to view forum it uses the viewforum.php file, I get an error that says "Access denied for user: 'frankivey@64.202.167.%' to database 'frankivey'
CREATE TEMPORARY TABLE tmp ( topic_id INT(11) NOT NULL DEFAULT 0, postdate datetime NOT NULL default '0000-00-00 00:00:00')".

I interpret this error as the $sql="CREATE TEMPORARY TABLE tmp ( topic_id INT(11) NOT NULL DEFAULT 0, postdate datetime NOT NULL default '0000-00-00 00:00:00')"; not being read correctly and thus not being able to create this temporary table to show the forum.

Did I diagnose this problem correctly?

And if I did how do I correct this problem?

Below I have posted thecode for viewforum.php

VIEWFORUM.PHP

<?php
require_once 'conn.php';
require_once 'functions.php';
require_once 'http.php';
if (!isset($_GET['f'])) redirect('index.php');
require_once 'header.php';

$forumid = $_GET['f'];
$forum = getForum($forumid);

  echo breadcrumb($forumid, "F");
  if (isset($_GET['page'])) {
    $page = $_GET['page'];
  } else {
    $page = 1;
  }
  $limit = $admin['pageLimit']['value'];
  if ($limit == "") $limit = 25;
  $start = ($page - 1) * $admin['pageLimit']['value'];

  $sql = "CREATE TEMPORARY TABLE tmp ( ".
         "topic_id INT(11) NOT NULL DEFAULT 0, ".
         "postdate datetime NOT NULL default '0000-00-00 00:00:00');";
  mysql_query($sql) or die(mysql_error()."<br>".$sql);

  $sql = "LOCK TABLES forum_users READ,forum_posts READ;";
  mysql_query($sql) or die(mysql_error()."<br>".$sql);

  $sql = "INSERT INTO tmp SELECT topic_id,MAX(date_posted) ".
         "FROM forum_posts ".
         "WHERE forum_id = $forumid ".
         "AND topic_id > 0 ".
         "GROUP BY topic_id;";
  mysql_query($sql) or die(mysql_error()."<br>".$sql);

  $sql = "UNLOCK TABLES";
  mysql_query($sql) or die(mysql_error()."<br>".$sql);

  //die('stop');
  $sql = "SELECT SQL_CALC_FOUND_ROWS ".
           "t.id as topic_id, t.subject as t_subject, ".
           "u.name as t_author, count(p.id) as numreplies, ".
           "t.date_posted as t_posted, tmp.postdate as re_posted ".
         "FROM forum_users u ".
         "JOIN forum_posts t ".
         "ON t.author_id = u.id ".
         "LEFT JOIN tmp ".
         "ON t.id = tmp.topic_id ".
         "LEFT JOIN forum_posts p ".
         "ON p.topic_id = t.id ".
         "WHERE t.forum_id = $forumid ".
         "AND t.topic_id = 0 ".
         "GROUP BY t.id ".
         "ORDER BY re_posted DESC " .
         "LIMIT $start, $limit";
  $result = mysql_query($sql)
    or die(mysql_error()."<br>".$sql);
    $numrows = mysql_num_rows($result);
  if ($numrows == 0) {
    $msg = "There are currently no posts.  Would you " .
           "like to be the first person to create a thread?";
    $title = "Welcome to " . $forum['name'];
    $dest = "compose.php?forumid=" . $forumid;
    $sev = "Info";
    $message = msgBox($msg,$title,$dest,$sev);
    echo $message;
  } else {
    if (isset($_SESSION['user_id'])) {
      echo topicReplyBar(0, $_GET['f'], "right");
    }
    echo "<table class='forumtable' cellspacing='0' ";
    echo "cellpadding='2'><tr>";
    echo "<th class='thread'>Thread</th>";
    echo "<th class='author'>Author</th>";
    echo "<th class='replies'>Replies</th>";
    echo "<th class='lastpost'>Last Post</th>";
    echo "</tr>";
    while ($row = mysql_fetch_array($result)) {
      $rowclass = ($rowclass == "row1"?"row2":"row1");
      if ($row['re_posted']=="") {
        $lastpost = $row['t_posted'];
      } else {
        $lastpost = $row['re_posted'];
      }
      if ((isset($_SESSION['user_id'])) and
         ($_SESSION['last_login'] < $lastpost)) {
        $newpost = true;
      } else {
        $newpost = false;
      }
      echo "<tr class='$rowclass'>";
      echo "<td class='thread'>".($newpost?NEWPOST."&nbsp;":"");
      echo "<a href='viewtopic.php?t=";
      echo $row['topic_id'] . "'>" . $row['t_subject'] . "</a></td>";
      echo "<td class='author'>" . $row['t_author'] . "</td>";
      echo "<td class='replies'>" . $row['numreplies'] . "</td>";
      echo "<td class='lastpost'>" . $lastpost . "</td>";
      echo "</tr>\n";
    }
    echo "</table>";
    echo paginate($limit);
    echo "<p>".NEWPOST." = New Post(s)</p>";
  }
  $sql = "DROP TABLE tmp;";
  mysql_query($sql) or die(mysql_error()."<br>".$sql);

require_once 'footer.php';
?>

weekender

it's most likely that the user 'frankivey' doesn't have create access in mysql

use sql command prompt, phpmyadmin or contact your host to amend - or you can do it via php

read the mysql manual for more info