Cannot modify header error / how to detect login + rights

[markspec87]

Got a couple of questions i need help with.

Firstly i have a signup and login script.

Signup works but when people login it says

[quote]Warning: Cannot modify header information - headers already sent by (output started at /home/terraarm/public_html/includes/login.php:3) in /home/terraarm/public_html/includes/login.php on line 29[/quote]

Ive eliminated al lthe white space and stuff from the file but it still throws this error

FIle contents:

[quote]<?php
echo "<html>";
echo "<head>";
echo "<title>Login</title>";
echo "</head>";
echo "<body>";
$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name
// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass)
or die ("Could not connect to mysql because ".mysql_error());
// select the database
mysql_select_db($database)
or die ("Could not select database because ".mysql_error());
$match = "select id from member where username = '".$_POST['username']."'
and password = '".$_POST['password']."';";
$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);
if ($num_rows <= 0) {
echo "Sorry, there is no username $username with the specified password.<br>";
echo "<a href=login.php>Try again</a>";
exit;
} else {
setcookie("loggedin", "TRUE", time()+(3600 * 24));
setcookie("mysite_username", "$username");
echo "You are now logged in!<br>";
echo "Continue to the <a href=index.php>members</a> section.";
}
echo "</body>";
echo "</html>";
?>[/quote]

Any ideas?

question 2: using that script above how could i check a user is logged in and what rights? (i.e if they have access level 2, they can see the admin panel)

thanks

[wildteen88]

Try this:
[code]<?php
$header = <<<HTML
<html>
<head>
<title>Login</title>
</head>
<body>
HTML;

$server = "REMOVED"; // db host
$db_user = "REMOVED"; // db username
$db_pass = "REMOVED"; // db password
$database = "REMOVED"; // db name

// connect to the mysql server
$link = mysql_connect($server, $db_user, $db_pass) or die ("Could not connect to mysql because ".mysql_error());

// select the database
mysql_select_db($database) or die ("Could not select database because ".mysql_error());

$match = "select id from member where username = '".$_POST['username']."' and password = '".$_POST['password']."';";

$qry = mysql_query($match)
or die ("Could not match data because ".mysql_error());
$num_rows = mysql_num_rows($qry);

if ($num_rows <= 0)
{
    echo $header;

    echo "Sorry, there is no username $username with the specified password.<br />";
    echo "<a href=login.php>Try again</a>";
    exit;
}
else
{
    setcookie("loggedin", "TRUE", time()+(3600 * 24));
    setcookie("mysite_username", "$username");

    echo $header;

    echo "You are now logged in!<br />";
    echo "Continue to the <a href=\"index.php\">members</a> section.";
}

echo "</body>";
echo "</html>";
?>[/code]
Notice I put the html into a variable and echo'd it later on. This is because you cannot use header or setcookie after any output is sent to the browser. So if theres any html/text that needs outputting it'll have to be done after you use header/setcookie or anyother header function.

Ideally what you should do is do all the processing first and then output the result from the processing, rather output > process a bit > output something else > process something else etc

[ober]

You cannot use an echo before you use setcookie() or ANYTHING that might send output to the file that you are transmitting to the user.

You would have to use another cookie to set the user's level, but be aware that this should be encoded somehow.  They could potentially hack the cookie and change the value to allow themselves into your forums.  It's best to just check the user's level from the database each time.

EDIT: beaten to it.

[markspec87]

Thanks for that revised code, works a treat.

Now my second Question :)

Now the use ris logged in using that, how could i

A) say "welcome *username here"

B) Allow viewing of some webpages based on thier accesslevel.

I.e if the database column level = 2 for the logge din user, they can view the pages contents.


Sorry about the beginner questions but im just getting ym head around more advanced php. Ive never used cookies before.

[ober]

1) echo "Welcome " . $_COOKIE['mysite_username'];

2) Depends on your implementation... sessions or cookies:
<?php
if($_SESSION['user_level'] == 2)
{
  echo "whatever content";
}
else
{ 
  echo "other content";
}
?>

[markspec87]

How would i do it based on what the above login script is using?

EDIT: also could the welcome message say that, but if they arent logged in say "your not logged in, signup here" etc

thanks for all your help.

[ober]

Well, you haven't implemented anything as far as user levels in that script or indicated whether you want to use cookies or sessions.

As far as that, you just have to check if the cookie is set:
[code]
<?php
if(!isset($_COOKIE['mysite_username']))
{
    echo "Please signup";
}
else
{
    echo "Welcome ....";
}
?>[/code]

[markspec87]

Ok ive signed up on the site / Logged in ,yet the text still says "your not logged in"

Am i missing something?