-1

I am having trouble with my code.It is supposed to redirect to a page if the login is okay.I am getting a successfully login but I am getting a error with the header forward.Here is the line which the problem is occurring:

header("Location: members.php");

Here is the error message: Warning: Cannot modify header information - headers already sent

Here is my full code for the page if it helps:

<?php 
    // Connects to your Database 
    include("dbconnect.php");
    mysql_select_db("maxgee_close2");
    //Checks if there is a login cookie

    if(isset($_COOKIE['ID_my_site']))
     //if there is, it logs you in and directes you to the members page
    { 
        $username = $_COOKIE['ID_my_site']; 
        $password = $_COOKIE['Key_my_site'];
        $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
        while($info = mysql_fetch_array( $check )) 
        {
            if ($pass != $info['password'])
            {
            }
            else
            {
                header("Location: members.php");
            }
        }
    }
    //if the login form is submitted 
    if (isset($_POST['submit'])) { // if form has been submitted
     // makes sure they filled it in
        if(!$_POST['username'] | !$_POST['password']) {
            die('You did not fill in a required field.');
        }
        // checks it against the database

        if (!get_magic_quotes_gpc()) {
            $_POST['email'] = addslashes($_POST['email']);
        }
        $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

        //Gives error if user dosen't exist
        $check2 = mysql_num_rows($check);
        if ($check2 == 0) {
            die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
        }
        while($info = mysql_fetch_array( $check ))  
        {
            $_POST['password'] = stripslashes($_POST['password']);

            $info['password'] = stripslashes($info['password']);

            $_POST['password'] = md5($_POST['password']);

            //gives error if the password is wrong

            if ($_POST['password'] != $info['password']) {
                die('Incorrect password, please try again.');
            }
            else 
            { 
                // if login is ok then we add a cookie 
                $_POST['username'] = stripslashes($_POST['username']); 
                $hour = time() + 3600; 

              //then redirect them to the members area and the line with the error
              header("Location: members.php");
            }
        } 
      }
      else
      { 
        // if they are not logged in
         ?>
         <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
         <h1>Login</h1>
         Username:
        <input type="text" name="username" maxlength="40"> 
        Password:
        <input type="password" name="password" maxlength="50"> 
        <input type="submit" name="submit" value="Login">
        </form> 
    <?php 
     } 
     include("topsite.php");
    ?>
pkachhia
  • 1,876
  • 1
  • 19
  • 30
maxgee
  • 157
  • 1
  • 4
  • 13
  • No problem you should accept one of the answers that helped you, and welcome to stack overflow! – StackOverflowed Oct 22 '12 at 05:20
  • I will....I Still have the restriction where I have to wait 15 minutes and then I will! @StackOverflowed – maxgee Oct 22 '12 at 05:21
  • You have some SQL injection vulnerabilities as well - setting the `$_COOKIE['ID_my_site']` value to `'; DROP TABLE users; SELECT '` for example. – doublesharp Oct 22 '12 at 05:24

7 Answers7

1

There is a space at the starting of your code..

<?php

Try after removing that.

For more info look at this.

Ashwini Agarwal
  • 4,828
  • 2
  • 42
  • 59
1

You probably have a space before your <?php tag. It looks like it's there in your example.

doublesharp
  • 26,888
  • 6
  • 52
  • 73
1

There's a space before php tag. Any space outside of your PHP tags will be considered whitespace for output.

StackOverflowed
  • 5,854
  • 9
  • 55
  • 119
1

You have written 

$password = $_COOKIE['Key_my_site'];

But you are comparing $pass with $info['password'] and it should be

    if ($password != $info['password']){

    } else {

        header("Location: members.php");
    }

You can modify your query in a better way by writing

$check = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")or die(mysql_error());

if(mysql_num_rows($check) == 0) header("Location: members.php");
Abhishek Saha
  • 2,564
  • 1
  • 19
  • 29
0

its a good practice to make php files without the closing tag:

?>

just write something like:

//end of file

you can see it for example in codeIgniter php files

Rustam Kichinsky
  • 119
  • 1
  • 7
0

same question/problem

try to add ob_start() at start and ob_flush() or ob_end_flush() at end

Community
  • 1
  • 1
Pragnesh Chauhan
  • 8,363
  • 9
  • 42
  • 53
0

Try to use

<?php ob_start();?> // top of the page

<?php ob_flush();?> // at the end of the page

these two are used to start the output buffer. if we use this the output to the user will throw only after the exicution of each line in that document

and try to remove the space before session_start().

eg: <?php session_start();?>
    <!DOCTYPE html>
    <html>
Nevin
  • 205
  • 1
  • 4
  • 12