Header Problem!

[rocky48]

I am trying to write some code based on the scripts in Larry Ulmans Book PHP6 & MYSQL 5.

When I run the script I get the following error:

 

An error occurred in script /homepages/30/d593365489/htdocs/MFC1066/login.php on line 52: Cannot modify header information - headers already sent by (output started at /homepages/30/d593365489/htdocs/MFC1066/includes/config.inc.php:2)

The config.inc.php is shown below:

<?php # config.inc.php
/* This script:
 * - define constants and settings
 * - dictates how errors are handled
 * - defines useful functions
 */
 
// Document who created this site, when, why, etc.


// ********************************** //
// ************ SETTINGS ************ //

// Flag variable for site status:
define('LIVE', FALSE);

// Admin contact address:
define('EMAIL', 't.e.hudson@btinternet.com');

// Site URL (base for all redirections):
define ('BASE_URL', 'http://www.1066cards4u.co.uk/MFC1066/');

// Location of the MySQL connection script:
define ('MYSQL', '\Connect_login.php\\');

// Adjust the time zone for PHP 5.1 and greater:
date_default_timezone_set("Europe/London");

// ************ SETTINGS ************ //
// ********************************** //


// ****************************************** //
// ************ ERROR MANAGEMENT ************ //

// Create the error handler:
function my_error_handler ($e_number, $e_message, $e_file, $e_line, $e_vars) {

    // Build the error message.
    $message = "<p>An error occurred in script $e_file on line $e_line: $e_message\n<br />";
    
    // Add the date and time:
    $message .= "Date/Time: " . date("j-n-Y H:i:s") . "\n<br />";
    
    // Append $e_vars to the $message:
    $message .= "<pre>" . print_r ($e_vars, 1) . "</pre>\n</p>";
    
    if (!LIVE) { // Development (print the error).
    
        echo '<div class ="error">' . $message . '</div><br />';
    
        
    } else { // Do not show the error:
    
        // Send an email to the admin:
        mail(EMAIL, 'Site Error!', $message, 'From: email@example.com');
        
        // Only print an error message if the error isn't a notice:
        if ($e_number != E_NOTICE) {
            echo '<div class="error">A system error occurred. We apologize for the inconvenience.</div><br />';
        }
    } // End of !LIVE IF.

} // End of my_error_handler() definition.

// Use my error handler.
set_error_handler ('my_error_handler');

// ************ ERROR MANAGEMENT ************ //
// ****************************************** // 
?>

The header is called in the following script:

<?php # - login.php
// This is the login page for the site.
include('includes/SessionManage.php');
SessionManager::sessionStart('login');
require_once ('includes/config.inc.php'); 
$page_title = 'Login';
include ('includes/header.html');
echo "";
if (isset($_POST['submitted'])) {
	require_once('includes/Connect_login.php');
	
	
	// Validate the email address:
	if (!empty($_POST['email'])) {
		$e = mysqli_real_escape_string ($dbc, $_POST['email']);
	} else {
		$e = FALSE;
		echo '<p class="error">You forgot to enter your email address!</p>';
	}
	
	// Validate the password:
	if (!empty($_POST['pass'])) {
		$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
	} else {
		$p = FALSE;
		echo '<p class="error">You forgot to enter your password!</p>';
	}
	
	// Validate the BMFA No:
	if (!empty($_POST['BMFA'])) {
		$b = mysqli_real_escape_string ($dbc, $_POST['BMFA']);
	} else {
		$b = FALSE;
		echo '<p class="error">You forgot to enter your password!</p>';
	}
	
	if ($e && $p && $b) { // If everything's OK.
	
		// Query the database:
		$q = "SELECT user_id, first_name, user_level, BMFA_No FROM users WHERE (email='$e' AND pass=SHA1('$p') AND BMFA_No= ('$b')) AND active IS NULL";		
		$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
		
		if (@mysqli_num_rows($r) == 1) { // A match was made.

			// Register the values & redirect:
			$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
			mysqli_free_result($r);
			mysqli_close($dbc);
							
			$url = BASE_URL . 'mempage.php'; // Define the URL:
			ob_end_clean(); // Delete the buffer.
			header("Location: $url");
			exit(); // Quit the script.
				
		} else { // No match was made.
			echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
		}
		
	} else { // If everything wasn't OK.
		echo '<p class="error">Please try again.</p>';
	}
	
	mysqli_close($dbc);

} // End of SUBMIT conditional.

?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>

<form action="login.php" method="post">
	<fieldset>
	<p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p>
	<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
	<p><b>BMFA No:</b> <input type="text" name="BMFA" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>
<h2>Forgot your password?  Click on this link:<a href="forgot_password.php"target="_blank">Change Password</a></h2>
<?php // Include the HTML footer.
include ('includes/footer.html');
?>

I have highlighted the line that fails in red.

It is used to open the script mempage.php, so I thought I would try opening the script with require, but all I get is a blank screen.

Is there a bug in the script that was written by Larry Ulman or is it something is wrong with the way I have modified the script.

If that is not the case is there an alternative way of proceeding to the next script?

Your help would be appreciated!

[Jacques1]

Your config scripts starts with a blank line. This is output which gets sent to the client and prevents any subsequent header() calls.

 

You have plenty of other output, because you've unfortunately adopted the spaghetti-code pattern where you randomly mix PHP code with HTML markup. You should completely separate the different languages: PHP on top, HTML at the bottom.

<?php

// PHP code goes here

?>
<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="utf-8">
        <title>Title</title>
    </head>
    <body>
        <!-- HTML markup goes here -->
    </body>
</html>

If you're unable or unwilling to fix the code, your only workaround will be to enable output buffering in the PHP configuration.

Edited December 22, 2016 by Jacques1

[Strider64]

I have a PHP book by Larry Ullman and I don't ever remember teaching spaghetti-code code? I would be very surprised if Larry was doing that.....

Edited December 22, 2016 by Strider64

[Stefany93]

I have a PHP book by Larry Ullman and I don't ever remember teaching spaghetti-code code? I would be very surprised if Larry was doing that.....

 

It's possible, if it is an old edition. OP, which year is the book published?

[bsmither]

In addition to the blank line before the opening code delimiter (<?php) in config.inc.php, another situation that may trip up new coders is that general-purpose text editors may place what is known as the "byte-order-mark" (BOM) at the start of the file. This BOM is not visible unless looking at the file in HEX mode.

 

PHP will also send this byte sequence out, causing the same "headers already sent" message.

 

Please be sure to use a programmer's text editor, and save files without the BOM.

Edited December 23, 2016 by bsmither

[rocky48]

Think it's 2008 version!