Jump to content


Photo

Logging In Help!


  • Please log in to reply
No replies to this topic

#1 kevdotbadger

kevdotbadger
  • Members
  • PipPip
  • Member
  • 18 posts

Posted 28 April 2005 - 12:08 PM

I made a simple news update system a few nights ago using dreamweaver.

I had a few problems with logging in but all is fine now, or is it?Well it isnt. It seems that once i have logged (whic forwards to broswer to the admin;php page, from here i have links to add_news.php, update_news.php and delete_new.php) when i go to the "add_new.php" page is seems to bring this error up.

Notice: A session had already been started - ignoring session_start() in c:\program files\easyphp1-8\www\news update\add_news.php on line 25

Warning: Cannot modify header information - headers already sent by (output started at c:\program files\easyphp1-8\www\news update\add_news.php:25) in c:\program files\easyphp1-8\www\news update\add_news.php on line 63

Right line 25 shows;

<?php
    session_start();
    $MM_authorizedUsers = "";
    $MM_donotCheckaccess = "true";

    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;

    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
    $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
    $isValid = true;
    }
    if (($strUsers == "") && true) {
    $isValid = true;
    }
    }
    return $isValid;
    }

    $MM_restrictGoTo = "failed.php";
    if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
    }
    ?>



AND


Lines 63 shows;

[/CODE]
header("Location: ". $MM_restrictGoTo);




The whole page code is;


   [CODE]
<?php require_once('Connections/news_update.php'); ?>
    <?php
    //initialize the session
    session_start();

    // ** Logout the current user. **
    $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
    if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
    $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
    }

    if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
    //to fully log out a visitor we need to clear the session varialbles
    session_unregister('MM_Username');
    session_unregister('MM_UserGroup');

    $logoutGoTo = "logout.php";
    if ($logoutGoTo) {
    header("Location: $logoutGoTo");
    exit;
    }
    }
    ?>
    <?php
    session_start();
    $MM_authorizedUsers = "";
    $MM_donotCheckaccess = "true";

    // *** Restrict Access To Page: Grant or deny access to this page
    function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
    // For security, start by assuming the visitor is NOT authorized.
    $isValid = False;

    // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
    // Therefore, we know that a user is NOT logged in if that Session variable is blank.
    if (!empty($UserName)) {
    // Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
    // Parse the strings into arrays.
    $arrUsers = Explode(",", $strUsers);
    $arrGroups = Explode(",", $strGroups);
    if (in_array($UserName, $arrUsers)) {
    $isValid = true;
    }
    // Or, you may restrict access to only certain users based on their username.
    if (in_array($UserGroup, $arrGroups)) {
    $isValid = true;
    }
    if (($strUsers == "") && true) {
    $isValid = true;
    }
    }
    return $isValid;
    }

    $MM_restrictGoTo = "failed.php";
    if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
    $MM_qsChar = "?";
    $MM_referrer = $_SERVER['PHP_SELF'];
    if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
    if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
    $MM_referrer .= "?" . $QUERY_STRING;
    $MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
    header("Location: ". $MM_restrictGoTo);
    exit;
    }
    ?>
    <?php
    function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
    {
    $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

    switch ($theType) {
    case "text":
    $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
    break;
    case "long":
    case "int":
    $theValue = ($theValue != "") ? intval($theValue) : "NULL";
    break;
    case "double":
    $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
    break;
    case "date":
    $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
    break;
    case "defined":
    $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
    break;
    }
    return $theValue;
    }

    $editFormAction = $_SERVER['PHP_SELF'];
    if (isset($_SERVER['QUERY_STRING'])) {
    $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
    }

    if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "add_news")) {
    $insertSQL = sprintf("INSERT INTO newsarticle (title, news, `user`, `date`) VALUES (%s, %s, %s, %s)",
    GetSQLValueString($_POST['title'], "text"),
    GetSQLValueString($_POST['message'], "text"),
    GetSQLValueString($_POST['name'], "text"),
    GetSQLValueString($_POST['date'], "text"));

    mysql_select_db($database_news_update, $news_update);
    $Result1 = mysql_query($insertSQL, $news_update) or die(mysql_error());

    $insertGoTo = "news_admin.php";
    if (isset($_SERVER['QUERY_STRING'])) {
    $insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
    $insertGoTo .= $_SERVER['QUERY_STRING'];
    }
    header(sprintf("Location: %s", $insertGoTo));
    }

    mysql_select_db($database_news_update, $news_update);
    $query_add_nes = "SELECT * FROM newsarticle";
    $add_nes = mysql_query($query_add_nes, $news_update) or die(mysql_error());
    $row_add_nes = mysql_fetch_assoc($add_nes);
    $totalRows_add_nes = mysql_num_rows($add_nes);
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>add news</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <script language="JavaScript" type="text/JavaScript">
    <!--
    function MM_reloadPage(init) { //reloads the window if Nav4 resized
    if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
    else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
    }
    MM_reloadPage(true);
    //-->
    </script>
    <link href="font.css" rel="stylesheet" type="text/css">
    <style type="text/css">
    <!--
    .style1 {color: #FFFFFF}
    -->
    </style>
    </head>

    <body>
    <table border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
    <td width="600" height="28" valign="top"></td>
    </tr>
    <tr>
    <td width="600" height="89" valign="top" background="img/logo.gif"> </td>
    </tr>
    <tr>
    <td width="600" height="32" valign="top" class="font"><div align="right"><a href="<?php echo $logoutAction ?>">Log out</a> </div></td>
    </tr>
    <tr>
    <td width="600" height="230" valign="top"><p class="font">Fill in the form below to add news to the news.php page. <br>
    <br>
    </p>
    <form action="<?php echo $editFormAction; ?>" method="POST" name="add_news" id="add_news">
    <div align="left">
    <p align="right"><span class="font">Name
    <input name="name" type="text" id="name">
    <br>
    <br>
    Title
    <input name="title" type="text" id="title">
    <br>
    <br>
    Message
    <input name="message" type="text" id="message">
    <br>
    <br>
    Date
    <input name="date" type="text" id="date" align="middle">
    <br>
    <br>
    </span>
    <input name="Submit" type="submit" class="font" value="add news">
    </p>
    </div>
    <input type="hidden" name="MM_insert" value="add_news">
    </form>
    <p class="font"> </p></td>
    </tr>
    <tr>
    <td width="600" height="30" valign="top"> </td>
    </tr>
    <tr>
    <td width="600" height="1" valign="top"><img src="transparent.gif" alt="" width="600" height="1"></td>
    </tr>
    </table>

    </body>
    </html>
    <?php
    mysql_free_result($add_nes);
    ?>


Any ideas?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users