0

I've created a username/password login page for my site. When the user submits their info and it matches the info in the database, it should redirect to a homepage, however it does not redirect. As suggested by another member, I added error reporting to the page. When I click submit, I am not redirected to the correct page, but I am redirected to another page that gives me all the errors within my code.

There seems to be issues with the $SESSION[''] variables and the header that I want to redirect to page to. I am not sure exactly what might be causing these issues.

Notice: Undefined index: user in /home/ikb2014/public_html/test/LESSON5/1 - LOGIN.php on line 40

Notice: Undefined index: pass in /home/ikb2014/public_html/test/LESSON5/1 - LOGIN.php on line 41

Warning: Cannot modify header information - headers already sent by (output started at /home/ikb2014/public_html/test/LESSON5/1 - LOGIN.php:10) in /home/ikb2014/public_html/test/LESSON5/1 - LOGIN.php on line 46

As suggested, there might be errors in whitespace before or after the tags. I've looked through my code and can not find these errors. Any input as to what be the issues would be appreciated. 

<?php

session_start();


require_once("../inc_files/Lesson_5_DB_Connection.php");

?>

<?php 

error_reporting(E_ALL);
ini_set('display_errors', 1);


    $error_message= "";

    $user_name = "";
    $user_password= "";

    if (isset($_POST['submit'])) {

    $user_name = $_POST['user'];
    $user_password= $_POST['pass'];

        // ADD QUERY TO CHECK IF USER/PASS COMBO IS CORRECT
        if(!empty($user_name) && !empty($user_password)) {

        $query = "SELECT * FROM employees WHERE username='$user_name' and password='$user_password'";


        $result = mysqli_query($dbc, $query)
            or die ('Error querying username/password request');

            if(mysqli_num_rows($result) == 1) {


            while($row = mysqli_fetch_array($result)) {

                $_SESSION['user'] = $row['user'];
                $_SESSION['pass']= $row['pass'];


                }

                 header("Location: /LESSON5/3%20-%20HOMEPAGE%20:%20WELCOME.php");
                exit;


            } // end if rowns

            else {
                $error_message = "You were not able to log in";
            } // end else

        // Direct to other webpage

        } // end query



    } // end isset

?>

<!DOCTYPE html>
<html>
<head>
  <meta charset="utf-8">
  <title>Login</title>
  <link type="text/css" rel="stylesheet" href="/LESSON5/5_Signup_CSS.css">

</head>
<body>
<h1>Welcome to my website!</h1>
<h2>Please login below.</h2>
<h3>Don't have an account? <a href="/LESSON5/2%20-%20CREATE%20AN%20ACCOUNT.php">Create one here.</a></h3>

<div class="formFormat" >  
<div  id="table1">
<form method="post" action="<?php echo $_SERVER['PHP_SELF'];?>">
  <table id="cssTable">
    <tr>
        <td>Username:</td><td><input type="text" id="user" name="user" value="<?php echo $user_name;?>" /></td>
    </tr>
    <tr>
        <td>Password:</td><td><input type="text" id="pass" name="pass" value="<?php echo $user_password;?>"/></td>
    </tr>
      </table>

  </div>

  <div id="table2">

  <table> 
  <tr>
     <td><input type="submit" name="submit"/></td>
   </tr>
   <tr>
      <td id="createAccount"><a href="/LESSON5/2%20-%20CREATE%20AN%20ACCOUNT.php">Create an account</a></td>
   </tr>
   <tr>
    <td><p><?php echo $error_message?></p></td>
   </tr>

  </table>
  </form>
  </div>
</div> 

<?php
  mysqli_close($dbc);
?>

<?php

if(isset($_SESSION['user']) && isset($_SESSION['pass'])) {

echo "Sessions are set";

}

else { 
  echo "Not set.";
}

?>




</body>
</html>
  • The first two notices are telling you that you're trying to access a parameter of an array which doesn't exist. The second error is telling you that it cannot redirect because the script has already produced output (probably a result of the first two notices). – diggersworld May 25 '15 at 21:52
  • Check line 40 and 41 for the errors, why do you think white spaces is the problem when the errors are clearly stated. – Musa May 25 '15 at 21:54
  • Put var_dump($_POST) before the line $user_name = $_POST['user'] to check if you get the post values right. – Ron Dadon May 25 '15 at 22:03

1 Answers1

0

You opened and closed php tags, and left a blank line between them - so you already have output, and you can't set headers after that.

This is your code:

<?php

session_start();


require_once("../inc_files/Lesson_5_DB_Connection.php");

?>
                <<<< This empty line is the problem
<?php 

error_reporting(E_ALL);
ini_set('display_errors', 1);

Change it to this:

<?php
session_start();
require_once("../inc_files/Lesson_5_DB_Connection.php");
error_reporting(E_ALL);
ini_set('display_errors', 1);

And that should work.

By the way - there is no need to open and close php tags if you don't output anything between them - that is pointless.

Ron Dadon
  • 2,666
  • 1
  • 13
  • 27
  • That doesn't explain the first two errors, when accessing not existing array indices. – Sven May 25 '15 at 21:59
  • True, that only address the header problem. – Ron Dadon May 25 '15 at 22:03
  • The header error is a direct consequence of the previous two errors, i.e. because these errors get written to the browser, they count as output and trigger the sending of headers as well, making it impossible to send any more headers afterwards. But because the PHP script doesn't stop at these first two errors (they are only a notice to highlight potential typos), the execution reaches the call to `header()`, where the warning is triggered. Solving the first two notices will resolve the header warning as well. – Sven May 26 '15 at 16:17
  • @Sven No it would not. He got a blank line **between** the first php tag and the second one - that will count as an output as well, and he can't send header in the second php tag because of it. You can try writing a simple script with a blank line between 2 php parts, and you will see that you can't set an header after that blank line. – Ron Dadon May 26 '15 at 18:58