Search the Community

Hi Guys I trying to download files and I have this error message, hopelly you guys can help me please Warning: Cannot modify header information - headers already sent by (output started at /home/content/04/12746204/html/Digital/core/inc/init.inc.php:6) in /home/content/04/12746204/html/Digital/download.php on line 14 Warning: Cannot modify header information - headers already sent by (output started at /home/content/04/12746204/html/Digital/core/inc/init.inc.php:6) in /home/content/04/12746204/html/Digital/download.php on line 15 Warning: Cannot modify header information - headers already sent by (output started at /home/content/04/12746204/html/Digital/core/inc/init.inc.php:6) in /home/content/04/12746204/html/Digital/download.php on line 16 Warning: Cannot modify header information - headers already sent by (output started at /home/content/04/12746204/html/Digital/core/inc/init.inc.php:6) in /home/content/04/12746204/html/Digital/download.php on line 17 Warning: Cannot modify header information - headers already sent by (output started at /home/content/04/12746204/html/Digital/core/inc/init.inc.php:6) in /home/content/04/12746204/html/Digital/download.php on line 18 This is the code I use to force the download <?php include('core/inc/init.inc.php'); if(isset($_GET['file_id'])) { $file_id=(int)$_GET['file_id']; $file=mysql_query("SELECT file_name, file_expiry FROM files WHERE file_id=$file_id"); if(mysql_num_rows($file)!=1){ echo'Invalid file Id'; }else{ $row=mysql_fetch_assoc($file); if ($row['file_expiry']<time()){ echo'This file has expired'; }else{ $path="core/files/{$row['$file_name']}"; header('Content-Type:application/octet-stream'); header('Content-Description:File Transfer'); header('Content-Transfer-Encoding:binary'); header("Content-Disposition:attachment;filename=\"{$row['file_name']}\""); header('Content-Length:'.filesize($path)); readfile($path); } } } ?> Thank you for your help.....

I'm not really sure where to post this topic... it touches on MySQL, PHP, Javascript, and best practices. I want to force users to update their password after 90 days. I can force them to the update page no problemo, but I'm having troubles forcing them to pick a new password, something different than what they have already stored in the database. Currently when a user registers for an account on my site, the password is passed in plain text and I let the MySQL Password() function hash it (I've come to understand this is bad practice). This makes it kind of difficult, because I am having a hard time verifying their new, plain text entry on the update page to the Password() hashed old one. The closest I've gotten is this: <script type="text/javascript"> function newpassword() { var oldpw = "<?php echo $XXXXXX->UserPassword; ?>"; var newpw = "<?php echo '*' . strtoupper(sha1(pack('H*',sha1('<script type="text/javascript">document.write(document.FORMNAME["UserPassword"].value);</script>'))));?>"; .... </script> And I would then compare the two variables. I'm wondering if this is even possible. I've seen a few suggestions online using UNHEX or CryptoJS, but when I use those functions my page loads with nothing on it. I've thought about passing the value as a md5 hashed value, and just storing that in the database instead, but I've read a bit that md5 isn't very secure anymore. I'm kind of at a loss of what to do at this point. Any help/guidance?