Help with Login Script

teamfox20

Can someone help me with the script below. I keep getting:

Warning: Cannot modify header information - headers already sent by (output started at /home/r365/public_html/backoffice.php:13) in /home/r365/public_html/backoffice.php on line 71

Warning: Cannot modify header information - headers already sent by (output started at /home/r365/public_html/backoffice.php:13) in /home/r365/public_html/backoffice.php on line 72

[FONT=Tahoma][FONT=Tahoma]

<html>

<head>
<title>Welcome</title>

</head>

<body bgcolor="#393D46" onload="FP_preloadImgs(/url/'images/button7.jpg', /url/'images/button8.jpg', /url/'images/button16.jpg', /url/'images/button17.jpg')">
<div align="center">
<table border="2" cellpadding="0" cellspacing="0" width="849" height="548" bordercolor="#FFFFFF">


<tr>
<td height="57" colspan="4" valign="top" bgcolor="#393D46">

<img border="0" src="images/logo.jpg" width="259" height="52"></td>
</tr>
<tr>
<td width="200" rowspan="2" valign="top" bgcolor="#526178">

  <p align="center">  </p></td>
<td width="206" height="21" align="left" valign="top" bgcolor="#FF9900"> </td>
<td width="162" align="left" valign="top" bgcolor="#FF9900"> <div align="center"><a href="dcookie.php">Delete
Cookie</a> </div></td>
<td width="269" align="left" valign="top" bgcolor="#FF9900"> </td>
</tr>
<tr>
<td height="466" colspan="3" valign="top" bgcolor="#E6E9EE"> <p align="center">
</p>
<p align="center">
<?php
include ("config.php");

Include the config.php file

if (empty($online['id'])){

If they're not logged in already

if ($_POST['Login']){

If the login was made

$user = clean($_POST['username']);

clean the username

$pass = clean($_POST['password']);

clean the password

if (!$user | !$pass){

if either of the fields are empty

echo 'You left a field empty. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}
else {

$pass = md5($pass);

/
Make the password a hash so hopefully it'll
be equal to atleast one of the passwords in
the database
/

$query = "SELECT * FROM users WHERE username = '$user' AND password = '$pass'";
$query = mysql_query($query);

Select the row of the user logging in

if (mysql_num_rows($query) == 1){

If a row with the right information is found...

THIS IS WHERE THE PROBLEM SEEMS TO OCCUR
setcookie ('username', $POST[$user], time()+3600); # Set a cookie for the username
setcookie ('password', $POST[$pass], time()+3600); #Set a cookie for the hashed password

echo 'Success, you have been logged in!<br />';
echo '<a href="cpanel.php">Continue</a>...';

Give a message of success

}
else {

If no rows were found with the given information

echo 'Incorrect username and password. <a href="'.$_SERVER['REQUEST_URI'].'">Back</a>.';
}

}

}
else {

The form wasn't submitted

?>

<form method="post" action="<?=$_SERVER['REQUEST_URI']?>">
Username:<br />
<input name="username" type="text" id="username">
<br />
Password:<br />
<input name="password" type="password" id="password">
<br />
<input name="Login" type="submit" id="Login" value="Login">
</form>
<?
}

}
else {

They're already logged in

echo 'You are already logged in!';
/
Note, you could include the account.php file here
/
}
?>
<p></p></tr>
</table>
</div>

</body>

</html>[/FONT][/FONT]

schwim

Hi there teamfox.

Headers CAN NOT be sent out after any html has been passed. The headers have to be sent before anything like that happens.

You'll want to read this (thanks to weedpacket).

I've had the same problem before, and one I solved by simply placing the auth portion of the script at the top of the page(where it belongs), and when my headers were b0rked by passing form data, I simply placed both the form and submission in the same php file, using an if/else to handle it.

hope it helps ya,
json

teamfox20

😕 Ugh! Ive been playing with this all morning and I still cant figure it out. Can someone help with an example using my own script....THANK YOU!!!

bradgrafelman

Uh.. did you do what schwim suggested?

schwim wrote:
I've had the same problem before, and one I solved by simply placing the auth portion of the script at the top of the page

He explained it rather clearly: you can't use the [man]header/man, [man]setcookie/man, etc. functions after you've outputted HTML. The solution? Use these functions BEFORE you output any HTML or text.

If you've tried this, paste a copy of your new script and we'll see where you went wrong.

Also, when posting PHP source, don't forget to use the board's [ PHP ][ /PHP ] tags (without the spaces) as it makes the code much easier to read.