Hello all.
I have a simple login script which takes a username and password from a POST form compares it to a mysql table and if the result is 1 it authorises otherwise it tells them to go away.
Strange thing is it only does this correctly if some output is sent to the browser first... but then it complains that output has been sent to browser on line X when i try to initiate a header ("Location") command.
Here is my code
<?php
require_once('driver.php');
session_start();
$query = "SELECT ID,firstname FROM admins WHERE username='".$_POST['username']."' AND password='".md5($_POST['password'])."'";
$SQL->query_db($query);
$row = $SQL->fetch_row();
//if I uncomment the following line the script executes correctly, otherwise it doesn't
//echo "bakedbeans";
if ($SQL->num_rows()!=1) {
header("Location: ../?badLogin=1");
exit();
} else {
//session details
$_SESSION['SJadminName'] = $_POST['username'];
$_SESSION['SJadminID'] = $row['ID'];
$_SESSION['SJadminFN'] = $row['firstname'];
//redirect to entrance
header("Location: myaccount/");
exit();
}
?>
for what it is worth Im using a .htaccess file te contents of which is as follows
AddDefaultCharset ISO-8859-1
RewriteEngine On
##Redirect for logging in
RewriteRule login/$ login.php [L]
##Redirect for logging out
RewriteRule logout/$ logout.php [L]
RewriteRule login/myaccount/messagecenter/(.*)$ myaccount.php?section=messagecenter&startnum=$1 [L]
RewriteRule login/myaccount/paymenthistory/(.*)$ myaccount.php?section=paymenthistory&startnum=$1 [L]
RewriteRule login/myaccount/communications/(.*)$ myaccount.php?section=communications&ID=$1 [L]
RewriteRule login/myaccount/$ myaccount.php? [L]
RewriteRule login/myaccount/(.*)/$ myaccount.php?section=$1 [L]
]
any ideas?
