Jump to content

Login System - headers already sent

michelcmorel

By michelcmorel
in PHP Coding Help

 Share

Recommended Posts

michelcmorel Newbie

michelcmorel

Posted
Posted

Hi guys,

I'm creating a login system and there is one small bug that I am trying to iron out, so any input is appreciated :)

Once I log out as a user, I get redirected to my login page like: 

http://localhost:8888/login-form/login.php?status=loggedout

Now that I am logged out, if I try to "bypass" the login page and go straight to the index.php page (without logging in this time), I can still access the "secure" page (..not that secure:), and I get the following message:

 

Notice: Undefined index: status in /Applications/MAMP/htdocs/login-form/classes/membership.php on line 32

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/login-form/classes/membership.php:32) in /Applications/MAMP/htdocs/login-form/classes/membership.php on line 33

You are Logged In User!!!!

Log Out

 

----

 

This is the code in membership.php (please see towards the end I have marked the link 32 where I get the notice & warning message)

 

 

require 'mysql.php';
 
class Membership{ 
 
    function validate_user($un, $pwd){
        $mysql = New Mysql();
        $ensure_credentials = $mysql->verify_Username_and_Pass($un, md5($pwd));
        
            // if credentials returns true, log in to index page
            if($ensure_credentials) {
                $_SESSION['status'] ='authorized';
                header("location: index.php");
               return true;
            } else return "Please enter a correct username and password";
    }
 
    function log_User_Out() {
         if(isset($_SESSION['status'])){
                 unset($_SESSION['status']);
                 
                  if(isset($_COOKIE[session_name('Mylogin')])){ 
                      setcookie(session_name('Mylogin'), '', time() - 1000);
                      session_destroy();
                  }
         }
    }
    
    function confirm_Member(){   // This is Line 32 where I am Getting the Notice Error
        session_start();
            if($_SESSION['status'] !='authorized') { 
                header("location: login.php");            //////////////// I think that this is the issue, instead this should be returning "True", but what is the syntax?
            }
    }
 
}
 
The code in my login.php page is:
 
<?php
ob_start();
session_start();
 
require_once 'classes/membership.php';
$membership = new Membership();
 
//if clicked on log out link on index page
if(isset($_GET['status']) && $_GET['status'] == 'loggedout'){
    $membership->log_User_Out();
}
 
//validate user
if($_POST && !empty($_POST['username']) && !empty($_POST['pwd'])){
    $response = $membership->validate_user($_POST['username'], $_POST['pwd']);
}
 
 
?>
 
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=uft-8" />
    
    <title>Login</title>
 
</head>
<body>
<script type="text/javascript">
        
        $(function(){
        
            $('h4.alert').hide().fadeIn(700);
            $('<span class="exit"> X</span>').appendTo('h4.alert');
        
            $('span.exit').click(function(){
                $(this).parent('h4.alert').fadeOut('slow');
            });
        
        });
        
</script>
    
    <div id="login">
        
        <form method="post" action="">
            <h2>Login <small>enter your credentials</small></h2>
            <p>
                <label for="name">Username: </label>
                <input type="text" name="username" />
            </p>
                <p>
                <label for="pwd">Password: </label>
                <input type="password" name="pwd" />
            </p>
            
            <p><input type="submit" id="submit" value="login" name="submit" /></p>
            
        </form>
        <?php if (isset($response)) echo "<h4 class='alert'>".$response."</h4> "; ?>
        
    </div>
 
</body>
</html> 
 
 
Any advise please?
 
Thanks,
Michel

 

 

post-167096-0-19166700-1389550175_thumb.jpg

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted

when a user requests a 'protected' page, your code must do two things -

 

1) check the current user's logged in status, which might not exist at all,

 

2) if not logged in, prevent the remainder of the code on the 'protected' page from running by causing the code to take a known and specific execution path.

 

for item #1, you need to use isset() to make sure $_SESSION['status'] exists before you try to reference the value in it.

 

for item #2, rather than returning from your function that is using a header() statement to tell the browser to perform a redirect and request a new url, you should just exit;/die; after the header() statement so that you stop program execution at that point.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.