Jump to content


Photo

Cannot modify header error / how to detect login + rights


  • Please log in to reply
7 replies to this topic

#1 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 03:30 PM

Got a couple of questions i need help with.

Firstly i have a signup and login script.

Signup works but when people login it says

Warning: Cannot modify header information - headers already sent by (output started at /home/terraarm/public_html/includes/login.php:3) in /home/terraarm/public_html/includes/login.php on line 29


Ive eliminated al lthe white space and stuff from the file but it still throws this error

FIle contents:

<?php
echo "<html>";
echo "<head>";
echo "<title>Login</title>";
echo "</head>";
echo "<body>";
$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$match = "select id from member where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=login.php>Try again</a>";
exit;
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=index.php>members</a> section.";
}
echo "</body>";
echo "</html>";
?>


Any ideas?

question 2: using that script above how could i check a user is logged in and what rights? (i.e if they have access level 2, they can see the admin panel)

thanks

#2 wildteen88

wildteen88
  • Staff Alumni
  • Advanced Member
  • 10,482 posts
  • LocationUK, Bournemouth

Posted 05 September 2006 - 03:39 PM

Try this:
<?php
$header = <<<HTML
<html>
<head>
<title>Login</title>
</head>
<body>
HTML;

$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database) or die ("Could not select database because ".mysql_error());

$match = "select id from member where username = '".$_POST['username']."' and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0)
{
    echo $header;

    echo "Sorry, there is no username $username with the specified password.<br />";
    echo "<a href=login.php>Try again</a>";
    exit;
}
else
{
    setcookie("loggedin", "TRUE", time()+(3600 * 24));
    setcookie("mysite_username", "$username");

    echo $header;

    echo "You are now logged in!<br />";
    echo "Continue to the <a href=\"index.php\">members</a> section.";
}

echo "</body>";
echo "</html>";
?>
Notice I put the html into a variable and echo'd it later on. This is because you cannot use header or setcookie after any output is sent to the browser. So if theres any html/text that needs outputting it'll have to be done after you use header/setcookie or anyother header function.

Ideally what you should do is do all the processing first and then output the result from the processing, rather output > process a bit > output something else > process something else etc

#3 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 05 September 2006 - 03:41 PM

You cannot use an echo before you use setcookie() or ANYTHING that might send output to the file that you are transmitting to the user.

You would have to use another cookie to set the user's level, but be aware that this should be encoded somehow.  They could potentially hack the cookie and change the value to allow themselves into your forums.  It's best to just check the user's level from the database each time.

EDIT: beaten to it.

Info: PHP Manual


#4 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 03:53 PM

Thanks for that revised code, works a treat.

Now my second Question :)

Now the use ris logged in using that, how could i

A) say "welcome *username here"

B) Allow viewing of some webpages based on thier accesslevel.

I.e if the database column level = 2 for the logge din user, they can view the pages contents.


Sorry about the beginner questions but im just getting ym head around more advanced php. Ive never used cookies before.

#5 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 05 September 2006 - 03:58 PM

1) echo "Welcome " . $_COOKIE['mysite_username'];

2) Depends on your implementation... sessions or cookies:
<?php
if($_SESSION['user_level'] == 2)
{
  echo "whatever content";
}
else

  echo "other content";
}
?>

Info: PHP Manual


#6 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 04:09 PM

How would i do it based on what the above login script is using?

EDIT: also could the welcome message say that, but if they arent logged in say "your not logged in, signup here" etc

thanks for all your help.

#7 ober

ober
  • Staff Alumni
  • Advanced Member
  • 5,337 posts
  • LocationEast Coast, USA

Posted 05 September 2006 - 04:18 PM

Well, you haven't implemented anything as far as user levels in that script or indicated whether you want to use cookies or sessions.

As far as that, you just have to check if the cookie is set:
<?php
if(!isset($_COOKIE['mysite_username']))
{
    echo "Please signup";
}
else
{ 
    echo "Welcome ....";
}
?>

Info: PHP Manual


#8 markspec87

markspec87
  • Members
  • PipPipPip
  • Advanced Member
  • 63 posts

Posted 05 September 2006 - 04:44 PM

Ok ive signed up on the site / Logged in ,yet the text still says "your not logged in"

Am i missing something?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users