-2

So I have a basic login system. I am trying to use a header to redirect after a successful login. But I am getting a error printed saying "Cannot modify header" I am not entirely familiar with PHP at all. But all help would be appreciated.

the error message

Warning: Cannot modify header information - headers already sent by (output started at /home4/jachun39/public_html/ap/login.php:6) in /home4/jachun39/public_html/ap/login.php on line 22

login.php file

<?php
include('SqlConnect.php');
?>
<?php
if (isset($_POST['Login'])){
    if (!@mysql_connect($host, $username, $password)) die("Can't connect to database");
    if (!mysql_select_db($db_name)) die("Can't select database");
    $username=$_POST['username'];
    $password=$_POST['password'];
    $username = stripslashes($username);
    $password = stripslashes($password);
    $username = mysql_real_escape_string($username);
    $password = mysql_real_escape_string($password);
    $sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
    $result=mysql_query($sql);
    $count=mysql_num_rows($result);
    if($count >= 1){
    $_SESSION['username']= "username";
    $_SESSION['password']= "password";
    header("location: index.php?message=success");
    echo "<center><font color='green'><b>Logged in Successfully</center></font></b>";
    } else {
        echo "<center><font color='red'><b>Wrong username or password</center></font></b>";
    }
}
    <link rel="Stylesheet" type="text/css" href="style.css" />
    <link href='http://fonts.googleapis.com/css?family=Karla:400,700,700italic,400italic' rel='stylesheet' type='text/css'>

Here is also my Checklogin.php file, which is "included" at the top of the index page.

<?php
if(!isset($_SESSION['username'])){
header("location: login.php");
}
?>

///ADDED AS REQUESTED (index.php)

<?php 
ob_start();
include('CheckLogin.php');
include('SqlConnect.php');
include('Userbar.php');
?>
<link rel="Stylesheet" type="text/css" href="style.css" />
<link href='http://fonts.googleapis.com/css?family=Karla:400,700,700italic,400italic' rel='stylesheet' type='text/css'>
</html>
<body>
<br>
<form name="form" method="POST" action=""><td>
<table width="325" border="0" align="center" cellpadding="2" cellspacing="0" bgcolor="#212121">
<td><table width="100%" border="0" cellpadding="3" cellspacing="0" bgcolor="#404040"></td>
<tr colspan="3"><strong> <font color="ECECEC"> Create Code </font></strong></tr>
<tr>
<td><center><font color="ECECEC">Code: <input name="code" type="text"></font>
<input type="Submit" value="Create Code" name="Addcode" /></td></tr></center>
</table></table>
</table></table>
</form>
<?php
if (!mysql_connect($host, $username, $password)){
    die("Can't connect to database");
}
if (!mysql_select_db($db_name)){
    die("Can't select database");
}
if (isset($_POST['Addcode'])){
    mysql_query("INSERT INTO $table (username, password, hwid, ip, code, banned) VALUES('-','-','-','-','$_POST[code]','0')");
}
if (isset($_POST['Action'])){
    if ($_POST['Action'] == "Delete"){
        $ID = $_POST['ID'];
        $result = mysql_query("DELETE FROM $table WHERE `id` = $ID");
        if (!$result){
            die(mysql_error());
        }
     } elseif ($_POST['Action'] == "Ban"){
        $ID = $_POST['ID'];
        $Banned = $_POST['Banned'];
        if ($Banned == 0){
            $result = mysql_query("UPDATE $table SET `banned` = '1' WHERE `id` = '".$ID."'");
        } else {
            $result = mysql_query("UPDATE $table SET `banned` = '0' WHERE `id` = '".$ID."'");
        }
        if (!$result){
            die(mysql_error());
        }
    } 
}
echo "<div class='table' align='center'><table><tr class='top'>";
echo "<td \"Username\"'>Username<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "<td \"Password\"'>Password<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "<td \"Hwid\"'>Hwid<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "<td \"Code\"'>Code<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "<td \"IP\"'>IP<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "<td \"Active\"'>Active<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "<td \"Delete\"'>Delete<style='margin-bottom:-1px; float:right;' height='16px' width='16px' /></td>";
echo "</tr>\n";
$type = "first";
$query = mysql_query("SELECT * FROM $table");
while($row = mysql_fetch_array($query)){
    $ID = $row['id'];
    $Username = $row['username'];
    $Password = $row['password'];
    $Hwid = $row['hwid'];
    $Code = $row['code'];
    $IP = $row['ip'];
    $Banned = $row['banned'];
    $Delete = "0";
    echo '<td>'.$Username.'</td><td>'.$Password.'</td><td>'.$Hwid.'</td><td>'.$Code.'</td><td>'
        .$IP.'</td><td>';
        ?>
        <form action="" class="form" method="POST">
        <input type="hidden" name="Action" value="Ban" />
        <input type="hidden" name="ID" value=<?php echo "$ID";?> />
        <input type="hidden" name="Banned" value=<?php echo "$Banned";?> />
        <?php 
        if ($Banned == 1){
            echo '<input type="image" src="img/cross.png" name="Ban" />';
        } else {
            echo '<input type="image" src="img/tick.png" name="Ban" />';
        }
        ?>
        </td><td>
        </form>
        <form action="" class="form" method="POST">
        <input type="hidden" name="Action" value="Delete" />
        <input type="hidden" name="ID" value=<?php echo "$ID";?> />
        <input type="image" src="img/delete.png" name="Delete" />
        </form>
        </td>
        <?php   
    echo "</tr>\n";
}
?> 
</body>
</html>
John
  • 3
  • 3

2 Answers2

0

PHP headers must be sent before any content in the page. From the PHP documentation:

The HTTP status header line will always be the first sent to the client, regardless of the actual header() call being the first or not. The status may be overridden by calling header() with a new status line at any time unless the HTTP headers have already been sent.

In your file, you sent HTML link tags before setting the header which results in this error. Simply put your PHP before any output and it will work

A.Essam
  • 1,094
  • 8
  • 15
  • Yes but how do I make the page redirect to index.php it just stays on login.php and reloads the page. The update code is on the post – John Aug 14 '16 at 08:56
  • Check your index.php, you might be redirecting back to login.php! – A.Essam Aug 14 '16 at 09:03
  • Could you check over it? I added the code for index.php back in the main question! – John Aug 14 '16 at 09:26
  • check out `CheckLogin.php` Most likely the redirections is there – A.Essam Aug 14 '16 at 09:45
  • Checklogin.php is also in the main question, if you wouldn't mind taking a look :) – John Aug 14 '16 at 20:04
  • Do some debugging, comment out the `header` in CheckLogin and see if it works, echo the sessions variable and see if it is set – A.Essam Aug 15 '16 at 09:11
  • Like you suggested I commented out the header in checklogin.php and it did work, BUT also means that anyone can navigate to index.php without logging in – John Aug 16 '16 at 23:36
  • put `var_dump($_SESSION["username"])` in Checklogin.php, you will find that it is not set, most likely the username and password does not exist in your database. Go back to login.php and debug the result from the database. You should get used to debugging your code – A.Essam Aug 17 '16 at 11:30
-1

put this line on top where your php tags start.

ob_start();

Like here you can:

<?php
ob_start();
include('SqlConnect.php');
?>
jarvo69
  • 7,908
  • 2
  • 18
  • 28
  • When I did this it didn't display the successfully logged in message anymore, and just reloaded – John Aug 14 '16 at 08:41
  • It reloads because of your `header("location: index.php");` this line of code. try to comment this line and see the result once – jarvo69 Aug 14 '16 at 08:42
  • Yes now it displays the message, but how do I make it redirect to index.php ? As it has "successfully" logged in – John Aug 14 '16 at 08:44
  • Either use session for displaying the message to next page or after reload. Or use query string like below `header("location: index.php?message=success");` and then get the query string message to display after reload as `if ($_GET['message'] != '' and $_GET['message'] == 'success') {echo 'login successful';}` – jarvo69 Aug 14 '16 at 08:46
  • Yes but it doesn't redirect to the next page being index. It reloads the login page... – John Aug 14 '16 at 08:49
  • Post your updated code after changes you made. – jarvo69 Aug 14 '16 at 08:50
  • and please accept my answer if it helped :) – jarvo69 Aug 14 '16 at 08:51
  • `header("location: index.php?message=success");` should work as desired. Are you sure the page is NOT redirected to `index.php` file ? Check the URL in browser after you click on your login button. – jarvo69 Aug 14 '16 at 08:57
  • Yes I am 100% sure did check as you suggested aswell, and no it doesn't work. Am I allowed to post my site link for you to see for yourself? – John Aug 14 '16 at 08:59
  • Yes sure. Post your link here. – jarvo69 Aug 14 '16 at 08:59
  • http://csgosafe.ml/ap/login.php – John Aug 14 '16 at 09:01
  • Show me your `index.php` code. Also tell me what should I enter in username and password in order to check the redirection problem – jarvo69 Aug 14 '16 at 09:05
  • Alright I will add it to the main question – John Aug 14 '16 at 09:06
  • Also tell me what should I enter in username and password in order to check the redirection problem – jarvo69 Aug 14 '16 at 09:06
  • Put test in both inputs! :) I also added the index.php to the main question – John Aug 14 '16 at 09:19