Header problem (did read pinned topic :)

[anbdesigns]

This was taken from some old code 2+ years ago. It worked when I last used it, but have decided to re-use it. I modified it recently because of some changes regarding global variables/sessions (php 4.2.3).

 

Anyway, when someone clicks the Login button on login.php, this code is processed.

 

checkuser.php

<?php

ini_set ("display_errors", "1");
error_reporting(E_ALL);

/* Check User Script */
session_start();  // Start Session

include 'db.php';
// Convert to simple variables
$username = $_POST['username'];
$user_pass = $_POST['user_pass'];

if((!$username) || (!$user_pass)){
    echo "<center />Please enter Username and Password! <br />";
    include 'login.php';
    exit();
}

// Convert password to md5 hash
$user_pass = md5($user_pass);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM info WHERE username='$username' AND user_pass='$user_pass'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }

        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $email = $_POST['email'];
        $user_level = $_POST['user_level'];

	$_SESSION['username'] = $username;
	$_SESSION['fname'] = $fname;
	$_SESSION['lname'] = $lname;
	$_SESSION['email'] = $email;
	$_SESSION['user_level'] = $user_level;
	$_SESSION['user_pass'] = $user_pass;

        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
        
        header("Location: members.php");

    }
} else {
    echo "You could not be logged in! Your username and/or password were incorrect!<br />
    Please try again!<br />";
    include 'login.php';
}
?>

 

I don't see where there is any output before the header. Am I missing something?

I haven't coded at all lately, so I'm a bit rusty. Any help/advice is appreciated.

 

See error below:

 

Notice: Undefined index: fname in /home/*****/public_html/checkuser.php on line 34

Notice: Undefined index: lname in /home/*****/public_html/checkuser.php on line 35

Notice: Undefined index: email in /home/*****/public_html/checkuser.php on line 36

Notice: Undefined index: user_level in /home/*****/public_html/checkuser.php on line 37

 

Warning: Cannot modify header information - headers already sent by (output started at /home/*****/public_html/checkuser.php:34) in /home/*****/public_html/checkuser.php on line 48

 

 

 

members.php

<?php
session_start();

require 'db.php';
$username = $_POST['username'];
$user_pass = $_POST['user_pass'];

if (!$username || !$user_pass){
die('You are not logged in! <a href=login.php>Click here</a> to login.');
}
?>

This is the code processed before the html code. I don't think it has to do with the header error, but I would like to know if I need to have the variables assigned on this page?

[cooldude832]

you have very verbose error reporting on thus when POST isn't set the variables $_POST['VARNAME'] are dead and thus it errors

 

Either bring error reporting down or add a check

if(!EMPTY($_POST)){

 

before redeclaring post vars

 

 

Edit:

 

The header error is not reallly there its top down from the php producing output errors for undefined indexcies

[anbdesigns]

Ok, so it looks like it's not a header problem

I put in some junk for the undefined indexes. With error reporting on, it doesn't give any errors now, but apparently the username & password aren't being taken & executing the die string in members.php (see modified original post).

 

Any ideas? :>

 

Thanks for your help!

[cooldude832]

put Print_R($_POST) at the top of the page and see what you get, maybe you TyPoed the Post Var names

[anbdesigns]

It just gives: Array ( )

 

I believe this section was the only part changed.

        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $email = $_POST['email'];
        $user_level = $_POST['user_level'];

	$_SESSION['username'] = $username;
	$_SESSION['fname'] = $fname;
	$_SESSION['lname'] = $lname;
	$_SESSION['email'] = $email;
	$_SESSION['user_level'] = $user_level;
	$_SESSION['user_pass'] = $user_pass;

[nethnet]

The $_POST array is empty according to what you just said.  Check your form to make sure the data is being passed along to this script.

[anbdesigns]

Here is the form code. The only thing I can think of is something with the sessions. :|

 

<form action="checkuser.php" method="POST">
        <table class="text" border="0" cellspacing="0" cellpadding="2" align="center">
          <tr> 
            <td width="80">Username:</td>
            <td> 
              <input type="text" name="username" id="username" size="16">
            </td>
          </tr>
          <tr> 
            <td width="80">Password:</td>
            <td> 
              <input type="password" name="user_pass" id="user_pass" size="16">
            </td>
          </tr>
          <tr> 
            <td colspan="3"> 
              <div align="center"><br>
                <input type="submit" name="Submit" value="Login">
              </div>
            </td>
          </tr>
        </table>
        <div align="center"><br>
          <font size="2" face="Verdana, Arial, Helvetica, sans-serif">Don't have 
          a <b>Username</b> & <b>Password</b>?<br>
          <br>
          <a href=# onClick=openBrWindow('register.php','Register','toolbar=no,directories=no,location=no,status=no,menubar=no,scrollbars=no,resizable=no,width=570,height=520')><img src=images/register.gif width=112 height=38 border=0 vspace=0 hspace=8 alt='Register Now!'></a></font><a href="contact.php"><img src="images/contact.jpg" width="112" height="38" hspace="8" border="0"></a> 
          <br>
          <br>
        </div>
      </form>

[cooldude832]

try writing POST in lowercase as the browser migth not like the uppercase.

 

It isn't sessions because its simply the POST Data isn't being sent so thus the page gives index errors which in turn produces output warnings in turn sending headers preventing a header to be modified

[anbdesigns]

Changing method="POST" to method="post" did not help

I'm not getting header errors any more. It's just not setting the $_POST values.

 

Array ( ) You could not be logged in! Your username and/or password were incorrect!

Please try again!

 

I've changed the files a bit, so here they are as of now.

 

login.php

<form action="checkuser.php" method="post" enctype="text/plain" id="login_form">
        <table class="text" border="0" cellspacing="0" cellpadding="2" align="center">
          <tr> 
            <td width="80">Username:</td>
            <td> 
              <input type="text" name="username" id="username" size="16">
            </td>
          </tr>
          <tr> 
            <td width="80">Password:</td>
            <td> 
              <input type="password" name="user_pass" id="user_pass" size="16">
            </td>
          </tr>
          <tr> 
            <td colspan="3"> 
              <div align="center"><br>
                <input type="submit" name="Submit" value="Login">
              </div>
            </td>
          </tr>
        </table>
	</form>

 

 

checkuser.php

<?php
session_start();  // Start Session
PRINT_R($_POST);
ini_set ("display_errors", "1");
error_reporting(E_ALL);

/* Check User Script */
include 'db.php';
// Convert to simple variables
if (isset ($_POST['username'])) {
$username = $_POST['username'];
    //more code to test the validity of $userID
} else {
    $username = "1";    //set some default value
}
if (isset ($_POST['user_pass'])) {
    $user_pass = $_POST['user_pass'];
    //more code to test the validity of $userID
} else {
$user_pass = "1";    //set some default value
}
// just filled with junk to remove undefined indexes
$_POST['fname'] = "1";
$_POST['lname'] = "1";
$_POST['email'] = "1";
$_POST['user_level'] = "1";

if((!$username) || (!$user_pass)){
    die("Please enter a username & password! Click <a href='login.php'>here</a> to return to the login page.");
    exit();
}

// Convert password to md5 hash
$user_pass = md5($user_pass);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM info WHERE username='$username' AND user_pass='$user_pass'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }

        $fname = $_POST['fname'];
        $lname = $_POST['lname'];
        $email = $_POST['email'];
        $user_level = $_POST['user_level'];

	$_SESSION['username'] = $username;
	$_SESSION['fname'] = $fname;
	$_SESSION['lname'] = $lname;
	$_SESSION['email'] = $email;
	$_SESSION['user_level'] = $user_level;
	$_SESSION['user_pass'] = $user_pass;

        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

        header("Location: members.php");

    }
} else {
    echo "You could not be logged in! Your username and/or password were incorrect!<br />
    Please try again!<br />";
    include 'login.php';
}
?>

 

 

snippet from top of members.php

<?php

include 'db.php';

if((!$username) || (!$user_pass)){
    echo "<center />Please enter Username and Password! <br />";
    include 'login.php';
    exit();
}
?>

[GameYin]

require 'db.php';

 

require ('db.php');

[PFMaBiSmAd]

Remove this - enctype="text/plain" from your form tag. It is incorrect and prevents the form from submitting any data.

[anbdesigns]

Ok, with enctype removed, it takes me to members.php, but it executes the echo statement.

On members.php, I added this but it returns empty:

echo $username;

I tested, and $_POST values are sent to checkuser.php, they're just getting lost somewhere before going to members.php

[PFMaBiSmAd]

Your code is dependent on register globals (program variables magically and insecurely get populated from post/get/cookie/session variables.)

 

Use the proper session array reference $_SESSION['username'] instead of $username (repeat for all session variables.)

[nethnet]

You're not passing the data along to members.php at all... instead of using header("Location: ..."), why don't you just use

include "members.php";

and remove the line

include "db.php";

 

That way you have full access to all the variables you use in checkuser.php

[anbdesigns]

Ok, that works, but how would I go about getting said data to members.php or other pages?

I thought I could do that with a simple login check at the top of each page?

 

Also, I've changed all $variable to $_SESSION['variable'] where I thought appropriate.

 

Much thanks for all the help!

[nethnet]

Sorry, I wasn't reading this very carefully..  You have everything set in your $_SESSION variables that you will need on your pages, right?  So on a page like members.php where you are checking to see if they are logged in, have this:

 

<?php

include 'db.php';

$username = $_SESSION['username'];
$user_pass = $_SESSION['user_pass'];

if((!$username) || (!$user_pass)){
    echo "<center />Please enter Username and Password! <br />";
    include 'login.php';
    exit();
}
?>

 

A better way would be to have a PHP script with the above code named something like login_check.php, and for any page that you want to make sure the user is logged in, just put this at the top:

 

<?php

include "login_check.php";

?>

 

Theo

[anbdesigns]

Ok, back to not being logged in on members.php (and other pages).

Is header("Location: members.php"); acceptable, seeing as I have the login check on it & the other pages?

And is my code correct regarding sessions?

 

<?php
session_start();  // Start Session

//PRINT_R($_POST);
ini_set ("display_errors", "1");
error_reporting(E_ALL);

/* Check User Script */
include ('db.php');
// Convert to simple variables
if (isset ($_POST['username'])) {
$_SESSION['username'] = $_POST['username'];
    //more code to test the validity of $username
} else {
    $_SESSION['username'] = "user";    //set some default value
}
if (isset ($_POST['user_pass'])) {
    $_SESSION['user_pass'] = $_POST['user_pass'];
    //more code to test the validity of $user_pass
} else {
$_SESSION['user_pass'] = "pass";    //set some default value
}
/*
if (isset ($_POST['user_level'])) {
    $_SESSION['user_level'] = $_POST['user_level'];
    //more code to test the validity of $user_level
} else {
$_SESSION['user_level'] = "0";    //set some default value
}
*/

if((!$_SESSION['username']) || (!$_SESSION['user_pass'])){
    die("Please enter a username & password! Click <a href='login.php'>here</a> to return to the login page.");
    exit();
}

// Convert password to md5 hash
$_SESSION['user_pass'] = md5($_SESSION['user_pass']);

$username = $_SESSION['username'];
$user_pass = $_SESSION['user_pass'];
//$user_level = $_SESSION['user_level'];

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM info WHERE username='$username' AND user_pass='$user_pass'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
    while($row = mysql_fetch_array($sql)){
    foreach( $row AS $key => $val ){
        $$key = stripslashes( $val );
    }

        mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

        header("Location: members.php");

    }
} else {
    echo "You could not be logged in! Your username and/or password were incorrect!<br />
    Please try again!<br />";
    include 'login.php';
}
?>

 

<?php
include("login_check.php");
?>

 

<?php

require ("db.php");

$username = $_SESSION['username'];
$user_pass = $_SESSION['user_pass'];

if((!$username) || (!$user_pass)){
    echo "<center />Please enter Username and Password! <br />";
    include 'login.php';
    exit();
}
?>

[anbdesigns]

Solved. How do I mark it as so?

I needed session_start(); on the other pages. I was under the impression that the session would continue until terminated.