Jump to content

Cannot modify header error / how to detect login + rights


Recommended Posts

Got a couple of questions i need help with.

Firstly i have a signup and login script.

Signup works but when people login it says

[quote]Warning: Cannot modify header information - headers already sent by (output started at /home/terraarm/public_html/includes/login.php:3) in /home/terraarm/public_html/includes/login.php on line 29[/quote]

Ive eliminated al lthe white space and stuff from the file but it still throws this error

FIle contents:

[quote]<?php
echo "<html>";
echo "<head>";
echo "<title>Login</title>";
echo "</head>";
echo "<body>";
$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$match = "select id from member where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=login.php>Try again</a>";
exit;
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=index.php>members</a> section.";
}
echo "</body>";
echo "</html>";
?>[/quote]

Any ideas?

question 2: using that script above how could i check a user is logged in and what rights? (i.e if they have access level 2, they can see the admin panel)

thanks
Try this:
[code]<?php
$header = <<<HTML
<html>
<head>
<title>Login</title>
</head>
<body>
HTML;

$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database) or die ("Could not select database because ".mysql_error());

$match = "select id from member where username = '".$_POST['username']."' and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0)
{
    echo $header;

    echo "Sorry, there is no username $username with the specified password.<br />";
    echo "<a href=login.php>Try again</a>";
    exit;
}
else
{
    setcookie("loggedin", "TRUE", time()+(3600 * 24));
    setcookie("mysite_username", "$username");

    echo $header;

    echo "You are now logged in!<br />";
    echo "Continue to the <a href=\"index.php\">members</a> section.";
}

echo "</body>";
echo "</html>";
?>[/code]
Notice I put the html into a variable and echo'd it later on. This is because you cannot use header or setcookie after any output is sent to the browser. So if theres any html/text that needs outputting it'll have to be done after you use header/setcookie or anyother header function.

Ideally what you should do is do all the processing first and then output the result from the processing, rather output > process a bit > output something else > process something else etc
You cannot use an echo before you use setcookie() or ANYTHING that might send output to the file that you are transmitting to the user.

You would have to use another cookie to set the user's level, but be aware that this should be encoded somehow.  They could potentially hack the cookie and change the value to allow themselves into your forums.  It's best to just check the user's level from the database each time.

EDIT: beaten to it.
Thanks for that revised code, works a treat.

Now my second Question :)

Now the use ris logged in using that, how could i

A) say "welcome *username here"

B) Allow viewing of some webpages based on thier accesslevel.

I.e if the database column level = 2 for the logge din user, they can view the pages contents.


Sorry about the beginner questions but im just getting ym head around more advanced php. Ive never used cookies before.
Well, you haven't implemented anything as far as user levels in that script or indicated whether you want to use cookies or sessions.

As far as that, you just have to check if the cookie is set:
[code]
<?php
if(!isset($_COOKIE['mysite_username']))
{
    echo "Please signup";
}
else
{
    echo "Welcome ....";
}
?>[/code]
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.