[RESOLVED] headers problem in session

DP23

hey guys,

When posting username and password from a login in page the receiving page is having problems with the headers. With a successful login the page is displayed no problems but if incorrect login information is passed in, the receiving page has a problem with the second header, that redirects the user to the invalid login page (wrong.html)

the error is: Warning: Cannot add header information - headers already sent by (output started at c:\phpdev\www\frontpage3.php:5) in c:\phpdev\www\frontpage3.php on line 38

Please advise?
code:

//check for required fields from the form
if (!isset($_POST[username]) || !isset($_POST[password])) {
header("Location: login2.html");
exit;
}

//connect to server and select database
$conn = mysql_connect ('localhost', '','') or die ('could not connect to MYSQL because: ' . mysql_error());

mysql_select_db (blueprintdb) or die ('could not select the DB because: ' . mysql_error());

//create and issue the query
$sql = "select first_name, last_name from users where username = '$_POST[username]' AND password = '$_POST[password]'";
$result = mysql_query($sql,$conn) or die("User Query Error ".mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
//if authorized, get the values of f_name l_name
$first_name = mysql_result($result, 0, 'first_name');
$last_name = mysql_result($result, 0, 'last_name');

//set authorization cookie
setcookie("auth", "1", 0, "/", "questionnaireproject.com", 0);
print "Cookie status: authorised-".$_COOKIE[auth];

//prepare message for printing, and user menu
$msg = "<P>$first_name $last_name is authorised!</p>";
$msg .= "<P>Authorised Users Menu:";
$msg .= "<ul><li><a href=\"index.html\">Return to Home Page</a></ul>";
} else 
{
//redirect back to login form if not authorised
header("Location: wrong.html");
//print "Wrong user name or password. Please try login again</a>";
exit;
}

bradgrafelman

Is that the entire code? From start to finish? Doesn't look like it. What's on line 5?

DP23

indeed here is all my code : (hope you can help)


<?php
//check for required fields from the form
if (!isset($_POST[username]) || !isset($_POST[password])) {
    header("Location: login2.html");
    exit;
}

//connect to server and select database
$conn = mysql_connect ('localhost', '','') or die ('could not connect to MYSQL because: ' . mysql_error());

mysql_select_db (blueprintdb) or die ('could not select the DB because: ' . mysql_error());

//create and issue the query
$sql = "select first_name, last_name from users where username = '$_POST[username]' AND password = '$_POST[password]'";
$result = mysql_query($sql,$conn) or die("User Query Error ".mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
   //if authorized, get the values of f_name l_name
   $first_name = mysql_result($result, 0, 'first_name');
   $last_name = mysql_result($result, 0, 'last_name');

   //set authorization cookie
   setcookie("auth", "1", 0, "/", "questionnaireproject.com", 0);
  print "Cookie status: authorised-".$_COOKIE[auth];

   //prepare message for printing, and user menu
   $msg = "<P>$first_name $last_name is authorised!</p>";
   $msg .= "<P>Authorised Users Menu:";
   $msg .= "<ul><li><a href=\"index.html\">Return to Home Page</a></ul>";
} else 
  {
   //redirect back to login form if not authorised
   header("Location: wrong.html");
 //print "Wrong user name or password. Please try login again</a>";
   exit;
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Dynamic Homes</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>

<body>

<div id="container">

<div id="header">
<form name="form1" id="form1" method="post" action="">

  <div align="left">
    <input type="text" name="textfield" value="Search For..." />
    <input class=" button" type="submit" name="Submit" value="GO" />
  </div>
</form>
<h1 align="left">Dynamic Homes</h1>
<p align="left">Making dream homes possible</p>
</div>

<div id="tabs10">

  <div align="left">
      <ul>
        <li><a href="#" title="Link 1"><span>Link 1</span></a></li>
        <li><a href="#" title="Link 2"><span>Link 2</span></a></li>
        <li><a href="#" title="Link 3"><span>Link 3</span></a></li>
        <li><a href="#" title="Link 4"><span>Link 4</span></a></li>
        <li><a href="#" title="Link 5"><span>Link 5</span></a></li>
        <li><a href="#" title="Link 6"><span>Link 6</span></a></li>
        <li><a href="#" title="Link 7"><span>Link 7</span></a></li>
      </ul>
  </div>
</div>


<div align="left">
  <div id="container2">

  <div id="content">
  </div>
<h2 align="left"></h2>
  <div align="left"><img src="left.gif" alt="Right Align" width="150" height="112" class="right" />
  </div>
<p align="left"></p>

  <div align="left"><? print "$msg"; ?>

   &nbsp;
  &nbsp;
  &nbsp; </div>
<h2 align="left">Please enter your details in the form below</h2>


<FORM ACTION="frontpage5_response.php" METHOD=POST>

<div align="left">House type?:&nbsp;
  &nbsp;&nbsp;
  &nbsp; &nbsp;
  &nbsp;&nbsp;
  &nbsp;&nbsp;
  &nbsp;
  <select name="type1"> 
    <option value="detached"> detached </option>
    <option value="split"> split</option>
    <option value="semi"> semi</option>
  </select>
  <br>
  <br>
  Number of floors?:&nbsp;
  &nbsp;&nbsp;
  &nbsp;
  &nbsp;
  <select name="story"> 
    <option value="one" selected> One Storey 
    </opion>
    <option value="two"> Two Storey 
    </opion>
    <option value="split"> Three Storey 
    </opion>

</select>
  <br>
  <br>
  How many bedrooms?: &nbsp;
  <select name="bedrooms"> 
    <option value="1"> 1
    </opion>
    <option value="2"> 2
    </opion>
    <option value="3">3
    </opion>
    <option value="4"> 4 
    </opion>

</select>
  <br>
  <br>
  How many bathrooms?: 
  <select name="bathrooms"> 
    <option value="1"> 1  

    </opion>
    <option value="2"> 2 
    </opion>
    <option value="3"> 3 
    </opion>
    <option value="4"> 4 
    </opion>
    </select>
  <br>

  <br>
  <br>
  <input type ="submit" value="send">

  <br>
  <br>

</div>
<p align="left"></p>
<div align="left"><img src="Deliciously_Blue/left.gif" alt="Left Align" width="150" height="112" class="left" /><br />

</div>
<h2 align="left">Ive changed my mind.</h2>
<p align="left">
Take me back to <a href="Phil_login.html">homepage</a></p>

<div id="footer">
<p align="left">
<a href="http://www.dynamichomes.com">Dynamic Homes</a> | Copyright &copy; Phillipa Flynn | Design by <a href="#">DrunkinP</a></p>
</div>

</div>

</div>

</body>
</html>

DP23

indeed here is all my code : (hope you can help)


<?php
//check for required fields from the form
if (!isset($_POST[username]) || !isset($_POST[password])) {
    header("Location: login2.html");
    exit;
}

//connect to server and select database
$conn = mysql_connect ('localhost', '','') or die ('could not connect to MYSQL because: ' . mysql_error());

mysql_select_db (blueprintdb) or die ('could not select the DB because: ' . mysql_error());

//create and issue the query
$sql = "select first_name, last_name from users where username = '$_POST[username]' AND password = '$_POST[password]'";
$result = mysql_query($sql,$conn) or die("User Query Error ".mysql_error());

//get the number of rows in the result set; should be 1 if a match
if (mysql_num_rows($result) == 1) {
   //if authorized, get the values of f_name l_name
   $first_name = mysql_result($result, 0, 'first_name');
   $last_name = mysql_result($result, 0, 'last_name');

   //set authorization cookie
   setcookie("auth", "1", 0, "/", "questionnaireproject.com", 0);
  print "Cookie status: authorised-".$_COOKIE[auth];

   //prepare message for printing, and user menu
   $msg = "<P>$first_name $last_name is authorised!</p>";
   $msg .= "<P>Authorised Users Menu:";
   $msg .= "<ul><li><a href=\"index.html\">Return to Home Page</a></ul>";
} else 
  {
   //redirect back to login form if not authorised
   header("Location: wrong.html");
 //print "Wrong user name or password. Please try login again</a>";
   exit;
}
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Dynamic Homes</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="style.css" rel="stylesheet" type="text/css" />
</head>

<body>

<div id="container">

<div id="header">
<form name="form1" id="form1" method="post" action="">

  <div align="left">
    <input type="text" name="textfield" value="Search For..." />
    <input class=" button" type="submit" name="Submit" value="GO" />
  </div>
</form>
<h1 align="left">Dynamic Homes</h1>
<p align="left">Making dream homes possible</p>
</div>

<div id="tabs10">

  <div align="left">
      <ul>
        <li><a href="#" title="Link 1"><span>Link 1</span></a></li>
        <li><a href="#" title="Link 2"><span>Link 2</span></a></li>
        <li><a href="#" title="Link 3"><span>Link 3</span></a></li>
        <li><a href="#" title="Link 4"><span>Link 4</span></a></li>
        <li><a href="#" title="Link 5"><span>Link 5</span></a></li>
        <li><a href="#" title="Link 6"><span>Link 6</span></a></li>
        <li><a href="#" title="Link 7"><span>Link 7</span></a></li>
      </ul>
  </div>
</div>


<div align="left">
  <div id="container2">

  <div id="content">
  </div>
<h2 align="left"></h2>
  <div align="left"><img src="left.gif" alt="Right Align" width="150" height="112" class="right" />
  </div>
<p align="left"></p>

  <div align="left"><? print "$msg"; ?>

   &nbsp;
  &nbsp;
  &nbsp; </div>
<h2 align="left">Please enter your details in the form below</h2>


<FORM ACTION="frontpage5_response.php" METHOD=POST>

<div align="left">House type?:&nbsp;
  &nbsp;&nbsp;
  &nbsp; &nbsp;
  &nbsp;&nbsp;
  &nbsp;&nbsp;
  &nbsp;
  <select name="type1"> 
    <option value="detached"> detached </option>
    <option value="split"> split</option>
    <option value="semi"> semi</option>
  </select>
  <br>
  <br>
  Number of floors?:&nbsp;
  &nbsp;&nbsp;
  &nbsp;
  &nbsp;
  <select name="story"> 
    <option value="one" selected> One Storey 
    </opion>
    <option value="two"> Two Storey 
    </opion>
    <option value="split"> Three Storey 
    </opion>

</select>
  <br>
  <br>
  How many bedrooms?: &nbsp;
  <select name="bedrooms"> 
    <option value="1"> 1
    </opion>
    <option value="2"> 2
    </opion>
    <option value="3">3
    </opion>
    <option value="4"> 4 
    </opion>

</select>
  <br>
  <br>
  How many bathrooms?: 
  <select name="bathrooms"> 
    <option value="1"> 1  

    </opion>
    <option value="2"> 2 
    </opion>
    <option value="3"> 3 
    </opion>
    <option value="4"> 4 
    </opion>
    </select>
  <br>

  <br>
  <br>
  <input type ="submit" value="send">

  <br>
  <br>

</div>
<p align="left"></p>
<div align="left"><img src="Deliciously_Blue/left.gif" alt="Left Align" width="150" height="112" class="left" /><br />

</div>
<h2 align="left">Ive changed my mind.</h2>
<p align="left">
Take me back to <a href="Phil_login.html">homepage</a></p>

<div id="footer">
<p align="left">
<a href="http://www.dynamichomes.com">Dynamic Homes</a> | Copyright &copy; Phillipa Flynn | Design by <a href="#">DrunkinP</a></p>
</div>

</div>

</div>

</body>
</html>

bradgrafelman

To use sessions and modify the HTTP headers, you can't send HTML data before all of that is done, as it will send the HTTP headers and you can't change them.

To do this, put the HTML after your '?>' inside PHP, and echo it in an if() statement. Don't leave ANYTHING outside '<?PHP ?>'... not even a space.

EDIT: Also, in $sql you have "$POST[username]" ... this is definitely not how to reference indeces in arrays. If you MUST leave the array inside a double quoted string like that, surround it in braces and use quotes for the index name, e.g. "{$POST['username']}". The index name is a string, unless you intentionally defined a constant called "username", and strings are delimited by quotes. It's easiest (and better, IMHO) to simply concatenate the string and the array, e.g.

$test = 'Your name is: ' . $_POST['username'] . '!';

EDIT2: In fact, you've used the $_POST[username] reference in many places in your script... I bet that's one reason for the header error, because PHP is probably trying to throw out an E_NOTICE at you for the erraneous syntax.