cjl

[quote author=fiddy link=topic=112398.msg456138#msg456138 date=1161580564] Try putting ob_start(); as your first line of code [/quote] This actually worked, I just placed it in the wrong place. THANK YOU SOO MUCH!

Warning: Cannot modify header information - headers already sent by (output started at D:\web_server\exitwound\news.php:32) in D:\web_server\exitwound\login-verify.php on line 103 Warning: Cannot modify header information - headers already sent by (output started at D:\web_server\exitwound\news.php:32) in D:\web_server\exitwound\login-verify.php on line 104

It only echos the HTML if there is an error for them not posting a username or password, and the last echo is if both do not match the database files. I wonder what could be a fix, ob_start(); NOT WORK. Thanks.

It gives me an error for lines 118 and 119. Where I am setting the cookies. Could someone please help out. Thank you! [code]<? include("./database.php"); /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function checkUser($user_name, $user_password){ /* Verify that user is in database */ $q = "SELECT user_password FROM users WHERE user_name='$user_name'"; $result = mysql_query($q); if(!$result){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['user_password']  = stripslashes($dbarray['user_password']); $user_password = stripslashes($user_password); /* Validate that password is correct */ if($user_password == $dbarray['user_password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){   /* Check if user has been remembered */   if(isset($_COOKIE['user_name']) && isset($_COOKIE['user_password'])){       $_SESSION['user_name'] = $_COOKIE['user_name'];       $_SESSION['user_password'] = $_COOKIE['user_password'];   }   /* Username and password have been set */   if(isset($_SESSION['user_name']) && isset($_SESSION['user_password'])){       /* Confirm that username and password are valid */       if(checkUser($_SESSION['user_name'], $_SESSION['user_password']) != 0){         /* Variables are incorrect, user not logged in */         unset($_SESSION['user_name']);         unset($_SESSION['user_password']);         return false;       }       return true;   }   /* User not logged in */   else{       return false;   } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){ // Check for an email address. if (!empty($_POST['user_name'])) { $user_name = escape_data($_POST['user_name']); } else { echo '<tr>'; echo '<td>'; echo '<table cellpadding="0" cellspacing="0">'; echo '<td width="8"></td>'; echo '<td width="200" style="font-family:Arial; font-size:10px; color:red;">You forgot to enter your username.</td>'; echo '</table>'; echo '</td>'; echo '</tr>'; $user_name = FALSE; } // Check for a password. if (!empty($_POST['user_password'])) { $user_password = escape_data($_POST['user_password']); } else { echo '<tr>'; echo '<td>'; echo '<table cellpadding="0" cellspacing="0">'; echo '<td width="8"></td>'; echo '<td width="200" style="font-family:Arial; font-size:10px; color:red;">You forgot to enter your password.</td>'; echo '</table>'; echo '</td>'; echo '</tr>'; $user_password = FALSE; } if($user_name && $user_password) { /* Retrieve the user_name and password for that user_name/password combination. */ $query = "SELECT user_name, user_password FROM users WHERE user_name='$user_name' AND user_password=md5('$user_password')"; $result = @mysql_query ($query); // Run the query. $row = mysql_fetch_array ($result, MYSQL_NUM); // Return a record, if applicable. if($row) { $_POST['user_name'] = stripslashes($_POST['user_name']); $_SESSION['user_name'] = $_POST['user_name']; $md5pass = md5($_POST['user_password']); $_SESSION['user_password'] = $md5pass; setcookie("user_name", $_SESSION['user_name'], time()+60*60*24*100); setcookie("user_password", $_SESSION['user_password'], time()+60*60*24*100); /* Quick self-redirect to avoid resending data on refresh */ echo '<meta http-equiv="Refresh" content="0;url=' . $_SERVER['PHP_SELF']; if (isset($_GET['p'])) { echo '?p=' . $_GET['p']; } if (isset($_GET['id'])) { echo '?id=' . $_GET['id']; } echo '">'; return; } else { echo '<tr>'; echo '<td>'; echo '<table cellpadding="0" cellspacing="0">'; echo '<td width="8"></td>'; echo '<td width="300" style="font-family:Arial; font-size:10px; color:red;">Wrong username and password combination.</td>'; echo '</table>'; echo '</td>'; echo '</tr>'; } } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){   global $logged_in;   if($logged_in){ ?> <td width="8"></td> <td width="135" style="font-family:Arial; font-size:10px; color:#000000;">test</td> <td width="8"></td> <td style="font-family:Arial; font-size:10px; color:#000000;"> <form action="" method="post"> <input type="submit" name="logout" value="test"> </form> </td> <?php   }   else{ ?> <tr> <td> <table cellpadding="0" cellspacing="0"> <td width="8"></td> <td width="135" style="font-family:Arial; font-size:10px; color:#000000;">Username</td> <td width="8"></td> <td style="font-family:Arial; font-size:10px; color:#000000;">Password</td> </table> </td> </tr> <tr> <td> <table cellpadding="0" cellspacing="0"> <form action="<?php echo $_SERVER['PHP_SELF']; ?><?php if(isset($_GET['p'])) { echo '?p=' . $_GET['p']; } ?>" method="post"> <td width="8"></td> <td width="135"><input name="user_name" type="text" style="width:135px; height:18px; font-size:10px; border:0; padding: 2px 0px 0px 2px; background: url(images/login_box.gif)"></td> <td width="8"></td> <td><input name="user_password" type="password" style="width:135px; height:18px; font-size:10px; border:0; padding: 2px 0px 0px 2px; background: url(images/login_box.gif)"></td> <td width="5"></td> <td><input type="submit" name="sublogin" value="" style="width:25px; height:18px; border:0; background: url(images/login_go.gif)"></td> </form> </table> </td> </tr> <tr> <td height="6"></td> </tr> <tr> <td> <table cellpadding="0" cellspacing="0"> <td width="8"></td> <td width="135" style="font-family:Arial; font-size:10px; color:#000000;">Register</td> <td width="8"></td> <td style="font-family:Arial; font-size:10px; color:#000000;">Forgotten Password?</td> </table> </td> </tr> <?   } } /* Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?>[/code]

I have been trying to get this code to tell me that I have successfuly changed my pass and will login after Chapter 9. But, when I go through with the script it takes me to the Error porition of the code and prints out the Query error. Also it changes the password, so I know that is working... System Error Your password could not be changed due to a system error. We apologize for any inconvenience. Query: UPDATE users SET password=SHA('password') WHERE user_id=1 Thank you in advance. <?php # Script 7.8 - password.php // This page lets a user change their password. // Set the page title and include the HTML header. $page_title = 'Change Your Password'; include ('./includes/header.html'); // Check if the form has been submitted. if (isset($_POST['submitted'])) { require_once ('../mysql_connect.php'); // Connect to the db. // Create a function for escaping the data. function escape_data($data) { global $dbc; // Need the connection. if (ini_get('magic_quotes_gpc')) { $data = stripslashes($data); } return mysqli_real_escape_string($dbc,trim($data)); } // End of function. $errors = array(); // Initialize error array. // Check for an email address. if (empty($_POST['email'])) { $errors[] = 'You forgot to enter your email address.'; } else { $e = escape_data($_POST['email']); } // Check for an existing password. if (empty($_POST['password'])) { $errors[] = 'You forgot to enter your existing password.'; } else { $p = escape_data($_POST['password']); } // Check for a password and match against the confirmed password. if (!empty($_POST['password1'])) { if ($_POST['password1'] != $_POST['password2']) { $errors[] = 'Your new password did not match the confirmed new password.'; } else { $np = escape_data($_POST['password1']); } } else { $errors[] = 'You forgot to enter your new password.'; } if (empty($errors)) { // If everything's OK. // Check that they've entered the right email address/password combination. $query = "SELECT user_id FROM users WHERE (email='$e' AND password=SHA('$p') )"; $result = mysqli_query($dbc,$query); $num = mysqli_num_rows($result); if (mysqli_num_rows($result) == 1) { // Match was made. // Get the user_id. $row = mysqli_fetch_array($result); // Make the UPDATE query. $query = "UPDATE users SET password=SHA('$np') WHERE user_id=$row[0]"; $result = @mysqli_query($dbc,$query); if (mysqli_affected_rows($result) == 1) { // If it ran OK. // Send an email, if desired. // Print a message. echo '<h1 id="mainhead">Thank you!</h1> <p>Your password has been updated. In Chapter 9 you will actually be able to log in!</p><p><br /></p>'; // Include the footer and quit the script (to not show the form). include ('./includes/footer.html'); exit(); } else { // If it did not run OK. echo '<h1 id="mainhead">System Error</h1> <p class="error">Your password could not be changed due to a system error. We apologize for any inconvenience.</p>'; // Public message. echo '<p>' . mysqli_error() . '<br /><br />Query: ' . $query . '</p>'; // Debugging message. include ('./includes/footer.html'); exit(); } } else { // Invalid email address/password combination. echo '<h1 id="mainhead">Error!</h1> <p class="error">The email address and password do not match those on file.</p>'; } } else { // Report the errors. echo '<h1 id="mainhead">Error!</h1> <p class="error">The following error(s) occurred:<br />'; foreach ($errors as $msg) { // Print each error. echo " - $msg<br />\n"; } echo '</p><p>Please try again.</p><p><br /></p>'; } // End of if (empty($errors)) IF. mysqli_close($dbc); // Close the database connection. } // End of the main Submit conditional. ?> <h2>Change Your Password</h2> <form action="password.php" method="post"> <p>Email Address: <input type="text" name="email" size="20" maxlength="40" value="<?php if (isset($_POST['email'])) echo $_POST['email']; ?>" /> </p> <p>Current Password: <input type="password" name="password" size="10" maxlength="20" /></p> <p>New Password: <input type="password" name="password1" size="10" maxlength="20" /></p> <p>Confirm New Password: <input type="password" name="password2" size="10" maxlength="20" /></p> <p><input type="submit" name="submit" value="Register" /></p> <input type="hidden" name="submitted" value="TRUE" /> </form> <?php include ('./includes/footer.html'); ?>