Jump to content

Archived

This topic is now archived and is closed to further replies.

markspec87

Cannot modify header error / how to detect login + rights

Recommended Posts

Got a couple of questions i need help with.

Firstly i have a signup and login script.

Signup works but when people login it says

[quote]Warning: Cannot modify header information - headers already sent by (output started at /home/terraarm/public_html/includes/login.php:3) in /home/terraarm/public_html/includes/login.php on line 29[/quote]

Ive eliminated al lthe white space and stuff from the file but it still throws this error

FIle contents:

[quote]<?php
echo "<html>";
echo "<head>";
echo "<title>Login</title>";
echo "</head>";
echo "<body>";
$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$match = "select id from member where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=login.php>Try again</a>";
exit;
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=index.php>members</a> section.";
}
echo "</body>";
echo "</html>";
?>[/quote]

Any ideas?

question 2: using that script above how could i check a user is logged in and what rights? (i.e if they have access level 2, they can see the admin panel)

thanks

Share this post


Link to post
Share on other sites
Try this:
[code]<?php
$header = <<<HTML
<html>
<head>
<title>Login</title>
</head>
<body>
HTML;

$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database) or die ("Could not select database because ".mysql_error());

$match = "select id from member where username = '".$_POST['username']."' and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0)
{
    echo $header;

    echo "Sorry, there is no username $username with the specified password.<br />";
    echo "<a href=login.php>Try again</a>";
    exit;
}
else
{
    setcookie("loggedin", "TRUE", time()+(3600 * 24));
    setcookie("mysite_username", "$username");

    echo $header;

    echo "You are now logged in!<br />";
    echo "Continue to the <a href=\"index.php\">members</a> section.";
}

echo "</body>";
echo "</html>";
?>[/code]
Notice I put the html into a variable and echo'd it later on. This is because you cannot use header or setcookie after any output is sent to the browser. So if theres any html/text that needs outputting it'll have to be done after you use header/setcookie or anyother header function.

Ideally what you should do is do all the processing first and then output the result from the processing, rather output > process a bit > output something else > process something else etc

Share this post


Link to post
Share on other sites
You cannot use an echo before you use setcookie() or ANYTHING that might send output to the file that you are transmitting to the user.

You would have to use another cookie to set the user's level, but be aware that this should be encoded somehow.  They could potentially hack the cookie and change the value to allow themselves into your forums.  It's best to just check the user's level from the database each time.

EDIT: beaten to it.

Share this post


Link to post
Share on other sites
Thanks for that revised code, works a treat.

Now my second Question :)

Now the use ris logged in using that, how could i

A) say "welcome *username here"

B) Allow viewing of some webpages based on thier accesslevel.

I.e if the database column level = 2 for the logge din user, they can view the pages contents.


Sorry about the beginner questions but im just getting ym head around more advanced php. Ive never used cookies before.

Share this post


Link to post
Share on other sites
1) echo "Welcome " . $_COOKIE['mysite_username'];

2) Depends on your implementation... sessions or cookies:
<?php
if($_SESSION['user_level'] == 2)
{
  echo "whatever content";
}
else

  echo "other content";
}
?>

Share this post


Link to post
Share on other sites
How would i do it based on what the above login script is using?

EDIT: also could the welcome message say that, but if they arent logged in say "your not logged in, signup here" etc

thanks for all your help.

Share this post


Link to post
Share on other sites
Well, you haven't implemented anything as far as user levels in that script or indicated whether you want to use cookies or sessions.

As far as that, you just have to check if the cookie is set:
[code]
<?php
if(!isset($_COOKIE['mysite_username']))
{
    echo "Please signup";
}
else
{
    echo "Welcome ....";
}
?>[/code]

Share this post


Link to post
Share on other sites
Ok ive signed up on the site / Logged in ,yet the text still says "your not logged in"

Am i missing something?

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.