ianhaney Posted December 7, 2015 Share Posted December 7, 2015 Hi I now have a new php login script with forget password and seems to be working so far and have signed up but having issues with the login script each time I go to login, I get the following error Warning: Cannot modify header information - headers already sent by (output started at /home/sites/it-doneright.co.uk/public_html/includes/header.php:107) in/home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 49 I looked up this error and was saying about blank lines above the coding but have checked and is no blank files in the coding so am quite lost to be honest below is what I have in my login page <?php session_start(); ?> <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); ?> <?php $title = "Affiliate Login - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <h2 class="title">Affiliate Login</h2> <hr class="carved" /> <form action="" method="post" class="signup"> <h2>Name*:</h2> <input type="text" name="username" /> <br> <h2>Password*:</h2> <input type="password" name="password" /> <br> <input type="submit" value="Login" id="submit" /> <a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a> </form> <?php include'config-db.php'; if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = $_POST['username']; $password = md5($_POST['password']); //check data $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'"; $result = $conn->query($sql); if ($result->num_rows > 0){ while($row = $result->fetch_assoc()) { $username = $row["username"]; //Store the name in the session $_SESSION['login'] = $username; header("location:affiliate-profile.php?id=?"); } } else { echo "<h2>Incorrect Username/Password</h2>"; } } ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/ Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 I have sorted that now and is working but now got a id issue after logging in, it should redirect to profile.php?id=11 but instead it is going to profile.php?id= so I know I need to pull the id from the database but unsure how to do it, would id needed to be added to the following query $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'"; am I close at all? Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527647 Share on other sites More sharing options...
mikesta707 Posted December 7, 2015 Share Posted December 7, 2015 (edited) Edit: Nevermind, you figured it out. However, its not redirecting to the right page probably because of this: header("location:affiliate-profile.php?id=?"); Why do you have a question mark there? Should that question mark instead be id=11? Edited December 7, 2015 by mikesta707 Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527648 Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 I changed it now to the following but get the error: Notice: Undefined index: id in /home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 43 <?php session_start(); ob_start(); ?> <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); ?> <?php $title = "Affiliate Login - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <h2 class="title">Affiliate Login</h2> <hr class="carved" /> <form action="" method="post" class="signup"> <h2>Name*:</h2> <input type="text" name="username" /> <br> <h2>Password*:</h2> <input type="password" name="password" /> <br> <input type="submit" value="Login" id="submit" /> <a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a> </form> <?php include'config-db.php'; if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = $_POST['username']; $password = md5($_POST['password']); $id = $_GET['id']; //check data $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password' AND id = '$id'"; $result = $conn->query($sql); if ($result->num_rows > 0){ while($row = $result->fetch_assoc()) { $username = $row["username"]; //Store the name in the session $_SESSION['username'] = $username; header("location:affiliate-profile.php?id=$id"); } } else { echo "<h2>Incorrect Username/Password</h2>"; } } ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> And it also comes up with Incorrect Username/Password when it is correct info Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527649 Share on other sites More sharing options...
mikesta707 Posted December 7, 2015 Share Posted December 7, 2015 Well, that error probably means that $_GET['id'] doesn't exist (assuming the line $id = $_GET['id']; is line 43). What does the URL for this page look like? Is it something like www.whatever.com/index.php?id=1 or something? Plus that doesn't really even make sense. You are trying to grab the id of the current page, and trying to redirect to that same id. Shouldn't you be redirecting to a different page? If you know the exact page you want to redirect to, and it will never change, why not just put the actual id of the page you want to redirect to, instead of using a variable. IE something like: header("location:affiliate-profile.php?id=11"); You are also probably getting wrong username/password because of your SQL statement here: $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password' AND id = '$id'"; You are basically saying where the username and password are correct, AND where the id is equal to the page id. This doesn't really make any sense, why would the user's row id be the same as the page id? I would just take that part out IE: $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'"; Where is the $_GET['id'] even coming from. Do you store your page IDs in your database? How exactly do you handle your page includes/redirects? I don't see anywhere on that page where you even use the $_GET['id'] variable correctly to include a different page. Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527651 Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 Sorry lost me, I am confused now I can't put id=11 as other users will be signing up which will have different ids I have taken off AND id = '$id' from the query now and it is now redirecting to the following page but still no id number is pulled from the database http://www.it-doneright.co.uk/affiliate-profile.php?id= below is my affiliate-profile.php file code <? session_start(); if($_SESSION['username']==''){ header("Location:affiliate-login.php"); }else{ include("config-db.php"); $sql=$dbh->prepare("SELECT * FROM affiliates WHERE id=?"); $sql->execute(array($_SESSION['username'])); while($r=$sql->fetch()){ ?> <?php $title = "Affiliate Profile - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <br /> <?php echo "<div class='home-content'>"; echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>"; echo "<br><br>"; echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>"; echo "</div>"; echo "<br><br>"; } } ?> <h2 class="title">Your Affiliate Information</h2> <hr class="carved" /> <?php // connect to the database include('config-db.php'); if ($result = $mysqli->query("SELECT id, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) { // display records if there are records to display if ($result->num_rows > 0) { echo "<table class='affiliate'>"; echo "<tr>"; echo "<th>Affiliate ID</th>"; echo "<th>Name</th>"; echo "<th>Email</th>"; echo "<th>Amount Earned</th>"; echo "</tr>"; while ($row = $result->fetch_object()) { // set up a row for each record echo "<tr>"; echo "<td>" . $row->id . "</td>"; echo "<td>" . $row->username . "</td>"; echo "<td>" . '£' . $row->amount_earned . "</td>"; echo "</tr>"; } echo "</table>"; } // if there are no records in the database, display an alert message else { echo "No results to display!"; } } // show an error if there is an issue with the database query else { echo "Error: " . $mysqli->error; } // close database connection $mysqli->close(); ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527652 Share on other sites More sharing options...
mikesta707 Posted December 7, 2015 Share Posted December 7, 2015 (edited) Ah I see, so the ID isn't a page id, but rather an ID for the user. I wasn't aware of that. The reason that your ID is empty is most likely because your form's action attribute doesn't specify the ID. So naturally $_GET['id'] would be unset. What you probably need to do is grab the ID from the database once you verify that the username and password are indeed correct. IE instead of doing this: $id = $_GET['id']; //check data $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password' AND id = '$id'"; $result = $conn->query($sql); if ($result->num_rows > 0){ while($row = $result->fetch_assoc()) { $username = $row["username"]; //Store the name in the session $_SESSION['username'] = $username; header("location:affiliate-profile.php?id=$id"); } } you should do something like //$id = $_GET['id']; Can't do this, because you don't pass the ID through GET. You can't really, as you don't know the ID when the user logs in. //check data //Cant check the ID here either, as you don't know it yet $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'"; $result = $conn->query($sql); if ($result->num_rows > 0){ while($row = $result->fetch_assoc()) { $username = $row["username"]; //Store the name in the session $_SESSION['username'] = $username; //You should be getting the ID HERE, as this is where you know who the User is. $id = $row['id']; header("location:affiliate-profile.php?id=$id"); } } This code is untested but from what I can tell, this is roughly what you want. Hope this helps Edited December 7, 2015 by mikesta707 Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527653 Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 Sorry was my fault not explaining it properly regarding the id of the user I got that id number now in the url but just displays your affiliate information and nothing else On the page it should be displaying the following info id and name I have the following on the page www.it-doneright.co.uk/afiliate-profile.php?id=11 <? session_start(); if($_SESSION['userperson']==''){ header("Location:affiliate-login.php"); }else{ include("config-db.php"); $sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?"); $sql->execute(array($_SESSION['userperson'])); while($r=$sql->fetch()){ ?> <?php $title = "Affiliate Profile - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <br /> <?php echo "<div class='home-content'>"; echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>"; echo "<br><br>"; echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>"; echo "</div>"; echo "<br><br>"; } } ?> <h2 class="title">Your Affiliate Information</h2> <hr class="carved" /> <?php // connect to the database include('config-db.php'); if ($result = $mysqli->query("SELECT id, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) { // display records if there are records to display if ($result->num_rows > 0) { echo "<table class='affiliate'>"; echo "<tr>"; echo "<th>Affiliate ID</th>"; echo "<th>Name</th>"; echo "<th>Amount Earned</th>"; echo "</tr>"; while ($row = $result->fetch_object()) { // set up a row for each record echo "<tr>"; echo "<td>" . $row->id . "</td>"; echo "<td>" . $row->username . "</td>"; echo "<td>" . '£' . $row->amount_earned . "</td>"; echo "</tr>"; } echo "</table>"; } // if there are no records in the database, display an alert message else { echo "No results to display!"; } } // show an error if there is an issue with the database query else { echo "Error: " . $mysqli->error; } // close database connection $mysqli->close(); ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527655 Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 Sorry am winning slowly I have the info displayed on the page now but for some reason, the page is not showing the header and footer.php files which should be as have includes/header.php as to the updated coding below on the affiliate-profile.php <? session_start(); if($_SESSION['userperson']==''){ header("Location:affiliate-login.php"); }else{ include("config-db.php"); $sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?"); $sql->execute(array($_SESSION['userperson'])); while($r=$sql->fetch()){ ?> <?php $title = "Affiliate Profile - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <br /> <?php echo "<div class='home-content'>"; echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>"; echo "<br><br>"; echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>"; echo "</div>"; echo "<br><br>"; } } ?> <h2 class="title">Your Affiliate Information</h2> <hr class="carved" /> <?php // connect to the database include('connect-db.php'); if ($result = $mysqli->query("SELECT id, username, amount_earned FROM affiliates WHERE id = '$_GET[id]'")) { // display records if there are records to display if ($result->num_rows > 0) { echo "<table class='affiliate'>"; echo "<tr>"; echo "<th>Affiliate ID</th>"; echo "<th>Name</th>"; echo "<th>Amount Earned</th>"; echo "</tr>"; while ($row = $result->fetch_object()) { // set up a row for each record echo "<tr>"; echo "<td>" . $row->id . "</td>"; echo "<td>" . $row->username . "</td>"; echo "<td>" . '£' . $row->amount_earned . "</td>"; echo "</tr>"; } echo "</table>"; } // if there are no records in the database, display an alert message else { echo "No results to display!"; } } // show an error if there is an issue with the database query else { echo "Error: " . $mysqli->error; } // close database connection $mysqli->close(); ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527656 Share on other sites More sharing options...
Barand Posted December 7, 2015 Share Posted December 7, 2015 I suppose we have to keep telling you: You only retrieve a single record with the query, so why is there a while() loop? When you use header() to redirect, there should be an exit; command following it to prevent the rest of the script from being executed. Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527658 Share on other sites More sharing options...
mikesta707 Posted December 7, 2015 Share Posted December 7, 2015 (edited) Pretty sure it has to do with the following: if($_SESSION['userperson']==''){ header("Location:affiliate-login.php"); }else{ include("config-db.php"); $sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?"); $sql->execute(array($_SESSION['userperson'])); while($r=$sql->fetch()){ ?> <?php $title = "Affiliate Profile - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <br /> <?php echo "<div class='home-content'>"; echo "<center><h2 class='welcome'>Hello, ".$r['username']."</h2>"; echo "<br><br>"; echo "<div style='float: left;'><a href='logout.php'>Log Out</a></div></center>"; echo "</div>"; echo "<br><br>"; } } ?> Instead of using $_SESSION['userperson'] shouldn't you be using $_GET['id']? I don't see anywhere in your code where you've even defined $_SESSION['userperson']; so your query should probably be like: //you should actually be checking if $_GET is empty instead of if its equal to the empty string. Also adding check for if its set if(empty($_GET['id']) || !isset($_GET['id']){ header("Location:affiliate-login.php"); }else{ include("config-db.php"); $sql=$conn->prepare("SELECT * FROM affiliates WHERE id=?"); //here you should be using $_GET['id'] rather than that session variable //also note security concerns detailed below $sql->execute(array($_GET['id'])); while($r=$sql->fetch()){ ?> ... Please note that you should sanitize you variables to make sure your code isn't vulnerable to any injections. Security concerns is out of the scope of this thread though, so I'll let you do some research on protecting your code from SQL injections and other security concerns on your own (or make a new thread about it if you want) Edit: As Barand said, there is no need for a while loop. I wasn't going to mention that as I figured it was best to focus on 1 problem at a time, but yeah you should fix that as well. Edited December 7, 2015 by mikesta707 Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527659 Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 I will sort the SQL injections and got a good idea about that but for now fo r some reason, the login page don't log in no more, it just loads the login page again when I click submit <?php session_start(); ob_start(); ?> <?php ini_set('display_startup_errors',1); ini_set('display_errors',1); error_reporting(-1); ?> <?php $title = "Affiliate Login - IT Done Right"; $pgDesc="IT Done Right are an Laptop repair company based in Pitsea covering Basildon, Laindon and more..."; $pgKeywords="laptop repair Pitsea, laptop repair Basildon, laptop repairs Pitsea, laptop repairs Basildon"; include ( 'includes/header.php' ); ?> <!--CONTENT--> <div id="column-whole"> <h2 class="title">Affiliate Login</h2> <hr class="carved" /> <form action="" method="post" class="signup"> <h2>Name*:</h2> <input type="text" name="username" /> <br> <h2>Password*:</h2> <input type="password" name="password" /> <br> <input type="submit" value="Login" id="submit" /> <a href="reset-pass.php">Forgot Password?</a> | <a href="new-affiliate-signup.php">Register</a> </form> <?php include'config-db.php'; if(!empty($_POST['username']) && !empty($_POST['password'])) { $username = $_POST['username']; $password = md5($_POST['password']); //$id = $_GET['id']; Can't do this, because you don't pass the ID through GET. You can't really, as you don't know the ID when the user logs in. //check data //Cant check the ID here either, as you don't know it yet $sql = "SELECT * FROM affiliates WHERE username='$username' AND password ='$password'"; $result = $conn->query($sql); if ($result->num_rows > 0){ while($row = $result->fetch_assoc()) { $username = $row["username"]; //Store the name in the session $_SESSION['username'] = $username; //You should be getting the ID HERE, as this is where you know who the User is. $id = $row['id']; header("location:affiliate-profile.php?id=$id"); } } else { echo "<h2>Incorrect Username/Password</h2>"; } } ?> </div> <!--CONTENT--> <?php include( 'includes/footer.php' ); ?> Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527665 Share on other sites More sharing options...
ianhaney Posted December 7, 2015 Author Share Posted December 7, 2015 Sorry is all working now Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527667 Share on other sites More sharing options...
mikesta707 Posted December 8, 2015 Share Posted December 8, 2015 Glad to hear it. You can make your topic as solved if your problem is resolved. Quote Link to comment https://forums.phpfreaks.com/topic/299666-got-new-php-login-with-forgot-password-script/#findComment-1527690 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.