budder Posted April 16, 2010 Share Posted April 16, 2010 I have read the HEADER ERROR topic but this is making no sense at all. At the very top of every page that require login I have made checkLogin.php included at the very top of the script. But still there is no sign of security in the page. Lets have a look: checkLogin.php <?php if(!isset($_SESSION['username'])) { header('location:login.html'); } ?> Simple as pie, if there isn't any session with the name username, there is no access. But if you going to the protected sites not logged in like:www.homepage.com/login/index.php(should be security) You will have access to all the system. My index.php is just this code: <?php include('checkLogin.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body bgcolor="#000000" link="#FFFFFF" alink="#FFFFCC" vlink="#FFFF99"> <div align="center" style="background-color:#999; margin-left:220px; margin-top:220px; margin-right:330px; border-bottom-color:#F00;"> <h2 align="center" style="color:#FFF; font-family:Verdana, Geneva, sans-serif;">Hvad vil du fortage dig?</h2> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="add_artist.php">Tilføj artist</a></p> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="fjern_artist.php">Fjern artist</a></p> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="logud.php">Log ud</a></p><br /> </div> </body> </html> error: Warning: Cannot modify header information - headers already sent by (output started at inde_x.php:1) in /checkLogin.php on line 3 Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/ Share on other sites More sharing options...
Jax2 Posted April 16, 2010 Share Posted April 16, 2010 You need to initialize the session on each page .... <?php session_start(); if ($_SESSION[' ....etc Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042950 Share on other sites More sharing options...
budder Posted April 16, 2010 Author Share Posted April 16, 2010 still getting the error from before.. Hmm.. Now i tried put it at the top of index so now it look like this: <?php session_start(); if(!isset($_SESSION['username'])) { header('location:login.html'); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body bgcolor="#000000" link="#FFFFFF" alink="#FFFFCC" vlink="#FFFF99"> <div align="center" style="background-color:#999; margin-left:220px; margin-top:220px; margin-right:330px; border-bottom-color:#F00;"> <h2 align="center" style="color:#FFF; font-family:Verdana, Geneva, sans-serif;">Hvad vil du fortage dig?</h2> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="add_artist.php">Tilføj artist</a></p> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="fjern_artist.php">Fjern artist</a></p> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="logud.php">Log ud</a></p><br /> </div> </body> </html> And the error are the same. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /usr/local/www/elmerdahl.dk/httpdocs/booking/log/inde_x.php:1) in /usr/local/www/elmerdahl.dk/httpdocs/booking/log/inde_x.php on line 2 Warning: Cannot modify header information - headers already sent by (output started at /inde_x.php:1) in /inde_x.php on line 4 It's just pain in the ass this header thing! EDIT: Here is how i register the session: $rowCheck = mysql_num_rows($result); if($rowCheck > 0){ while($row = mysql_fetch_array($result)){ session_start(); $_SESSION['username'] = $user; echo 'Success!'; echo "<a href='inde_x.php'><br />Videre.</a>"; } } else { echo 'Forkert brugernavn eller kodeord.'; } } Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042975 Share on other sites More sharing options...
JAY6390 Posted April 16, 2010 Share Posted April 16, 2010 This could be a BOM issue, or just that you have a space of some sort at the start of the file. What editor are you using to upload/save the file referred to in the error? Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042977 Share on other sites More sharing options...
budder Posted April 16, 2010 Author Share Posted April 16, 2010 I have used notepad to edit my documents. About the spaces, I am 100% sure that no spaces are to be found, no forms and no html only php at the start as you see. Is there other things that can sent the output before anything else? Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042983 Share on other sites More sharing options...
trq Posted April 16, 2010 Share Posted April 16, 2010 Can we see the first 10 lines of inde_x.php ? Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042985 Share on other sites More sharing options...
JAY6390 Posted April 16, 2010 Share Posted April 16, 2010 @budder - Not really unless as I said it's a BOM issue Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042988 Share on other sites More sharing options...
budder Posted April 16, 2010 Author Share Posted April 16, 2010 This is my inde_x.php <?php include('checkLogin.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>Untitled Document</title> </head> <body bgcolor="#000000" link="#FFFFFF" alink="#FFFFCC" vlink="#FFFF99"> <div align="center" style="background-color:#999; margin-left:220px; margin-top:220px; margin-right:330px; border-bottom-color:#F00;"> <h2 align="center" style="color:#FFF; font-family:Verdana, Geneva, sans-serif;">Hvad vil du fortage dig?</h2> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="add_artist.php">Tilføj artist</a></p> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="fjern_artist.php">Fjern artist</a></p> <p style="color:#FFF; font-family:Verdana, Geneva, sans-serif;"><a href="logud.php">Log ud</a></p><br /> </div> </body> </html> This is my checkLogin.php <?php session_start(); if(!isset($_SESSION['username'])) { header('location:login.html'); } ?> Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1042993 Share on other sites More sharing options...
PFMaBiSmAd Posted April 16, 2010 Share Posted April 16, 2010 A) Put the include() statement on the second line of the main file (i.e. the opening php tag is on the first line by itself) so that you can determine if the output is occurring before the <?php tag or due to the include() statement. B) If the error still indicates that output is on line one, then the problem is the BOM (Byte Order Mark) characters at the start of the file like JAY6390 has mentioned twice. C) You need an exit; statement after your header() redirect to prevent the remainder of the code on the 'protected' pages from being executed. All a hacker needs to do is ignore the header redirect and he can still visit each page the same as if the security check code was not even there. Quote Link to comment https://forums.phpfreaks.com/topic/198733-header-error-but-no-space-or-output-sent-what-to-do/#findComment-1043006 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.