Jump to content

Recommended Posts

I read through the forum to check for possible similar situations. I also dont have a header error. The redirect works when put in a page that has nothing else in it. Ive checked for white space or I thought I did correctly, you may find I over looked something.

 

I am pretty green with php, and have put some things together from some online php tutorials. Just trying to get a grasp and make what I would consider a simple app. Very open to criticism for my lack of knowledge.

 

Would any one be willing to steer me in the right direction? I dont mind reading if you want me to work for it. I would like to get a good understanding of whats going on and not have someone *do the work for me if you know what I mean.

 

Here is a page of code, I have a few that I want redirects on after form submissions. -

 

<?php
//allow sessions to be passed so we can see if the user is logged in
session_start();
//connect to the database so we can check, edit, or insert data to our users table
$con = mysql_connect('localhost', 'root', 'root') or die(mysql_error());
$db = mysql_select_db('tournaments', $con) or die(mysql_error());
//include out functions file giving us access to the protect() function made earlier
include "./functions.php";
?>
<html>
<head>
<title>Login with Users Online Tutorial</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>
<?php
//check if the login session does no exist
if(!$_SESSION['uid']){
//if it doesn't display an error message
echo "<center>You need to be logged in to log out!</center>";
}else{
//if it does continue checking

//update to set this users online field to the current time
mysql_query("UPDATE `users` SET `online` = '".date('U')."' WHERE `id` = '".$_SESSION['uid']."'");

//destroy all sessions canceling the login session
session_destroy();

//display success message
echo "<center>You have successfully logged out!</center>";

//redirect them to the usersonline page
header('Location: login.php');
die ();
}
?>
</body>
</html>

//display success message
echo "<center>You have successfully logged out!</center>";

//redirect them to the usersonline page
header('Location: login.php');

What are you thinking will happen here?

 

You cannot echo ANYTHING to the screen before using header(). You have printed a ton of stuff to the screen. It's not just whitespace, it's ANY text.

Including

<html>
<head>
<title>Login with Users Online Tutorial</title>
<link rel="stylesheet" type="text/css" href="style.css" />
</head>
<body>

 

And your echo.

Edited by Jessica

How would I call it if its at the top of the page? I realize now that you cant have anything before the header(). Even with a quick google search I didnt find an explanation explaining the logic behind it being at the top and how to call it.

Ahhhh I see. I put it at the top of the page and it worked. So I started to go through the motions with the few pages I have and upon logging in I want it to redirect to another page. But it keeps giving me an error saying I need to be logged in. So this is tricky, how do I manipulate the session token to allow the person to login and be redirected. I tried putting the session before the header() and vs versus. No luck....

Here is my login page, without the header(). But I tried to insert it just after the opening php tag -

 

<?php
//allow sessions to be passed so we can see if the user is logged in
session_start();
//connect to the database so we can check, edit, or insert data to our users table
$con = mysql_connect('localhost', 'root', 'root') or die(mysql_error());
$db = mysql_select_db('tournaments', $con) or die(mysql_error());
//include out functions file giving us access to the protect() function made earlier
include "functions.php";
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="stylesheet" type="text/css" href="style.css">
<title>untitled</title>
</head>
<body>
<?php

//If the user has submitted the form
if($_POST['submit']){
//protect the posted value then store them to variables
$username = protect($_POST['username']);
$password = protect($_POST['password']);

//Check if the username or password boxes were not filled in
if(!$username || !$password){
//if not display an error message
echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b>!</center>";
}else{
//if the were continue checking

 //select all rows from the table where the username matches the one entered by the user
 $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
 $num = mysql_num_rows($res);
 //check if there was not a match
 if($num == 0){
 //if not display an error message
 echo "<center>The <b>Username</b> you supplied does not exist!</center>";
 }else{
 //if there was a match continue checking
 //select all rows where the username and password match the ones submitted by the user
 $res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
 $num = mysql_num_rows($res);
 //check if there was not a match
 if($num == 0){
 //if not display error message
 echo "<center>The <b>Password</b> you supplied does not match the one for that username!</center>";
 }else{
 //if there was continue checking
 //split all fields fom the correct row into an associative array
 $row = mysql_fetch_assoc($res);
 //check to see if the user has not activated their account yet
 if($row['active'] != 1){
 //if not display error message
 echo "<center>You have not yet <b>Activated</b> your account!</center>";
 }else{
 //if they have log them in
 //set the login session storing there id - we use this to see if they are logged in or not
 $_SESSION['uid'] = $row['id'];
 //show message
 echo "<center>You have successfully logged in!</center>";

 //set the session username to call their name when logged in
						 $_SESSION['user_name'] = $row['username'];
						 echo $_SESSION['user_name'];
 //update the online field to 50 seconds into the future
 $time = date('U')+50;
 mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
 }
 }
 }
}
}
?>
<form action="login.php" method="post">
<div id="border">
 <?php include("menu.php"); ?>
 <table border="0" cellpadding="2" cellspacing="0">
 <tbody><tr>
 <td>Username:</td>
 <td><input name="username" type="text"></td>
 </tr>
 <tr>
 <td>Password:</td>
 <td><input name="password" type="password"></td>
 </tr>
 <tr>
 <td colspan="2" align="center"><input name="submit" value="Login" type="submit"></td>
 </tr>
 <tr>
 <td colspan="2" align="center"><a href="register.php">Register</a> | <a href="forgot.php">Forgot Pass</a></td>
 </tr>
 </tbody></table>
</div>
</form>
</body>
</html>

Edited by clayton47

The session_start() will come before the redirect.

 

Then once the session has started you check to see if the user has logged in after the session_start(). You can do this my doing an isset() on $_SESSION['uid']. If its set then send the header() and exit() to prevent further output.

You should issue an exit() or die() after a header() because it is the browser that executes the redirect.

 

PHP can continue parsing code after the redirect hence you should kill it, thats what I have read anyway.

I will try implementing what was mentioned. Mannnn White_lily is trying to blow me out of the water cause Im a noob.... Well I did read about using die() and figured I would apply what I read was good measure. Guess he/she ended up looking like a Jack Wagon for trying to bust my chops!

 

Thanks to you all for chiming in. I have a lot to learn. I will follow up soon!

Clayton: I've just posted in a thread on almost the exact same issue, and I recommend reading my post. It'll show you the principles we tend to follow when writing code, so that you can process forms (and all other forms of input and/or data) without having any problems with headers. :)

My apologies Lily if I were taking your wrong! You know how sometimes on forums context can be taken wrong. I figured you were poking fun at me for being a noob in php and making very amateur mistakes! There will be plenty more to come.... I have a ways to go just like anyone getting familiar with programming!

 

Christian I will read your thread now. Thanks for pointing that out to me!

Not my thread, but... :P

 

If you look at how I've modified the original code posted in that thread, you should be able to see quite a few differences. Mostly related to where I echo stuff to the server, and how I've structured the code in general. It's not a single line, or something that's clearly labeled, but it's the general difference in structure that's the main clue.

Especially how I've separated the processing PHP code, and the outputting HTML code.

  • 3 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.