0

On my PHP login system, every time I try to sign in as another user (or type random letters and hit sign in), I get:

Warning: Cannot modify header information - headers already sent by (output started at /home/lewisad2/public_html/login.php:13) in /home/lewisad2/public_html/login.php on line 20

I have searched the internet and can't seem to find a solution and have been stuck with this problem for a few hours now, please can someone help me.

The login.php code is below:

<?php
session_start();

include 'dbh.php';

$uid = $_POST['uid'];
$pwd = $_POST['pwd'];

$sql = "SELECT * FROM user WHERE uid='$uid' AND pwd='$pwd'";
$result = mysqli_query($conn, $sql);

if(!$row = mysqli_fetch_assoc($result)) {
    echo 'Username or Password incorrect.';
} else if(!$_SESSION['id']) {
    $_SESSION['id'] = $row['id'];
    $_SESSION['firstname'] = $row['firstname'];
} else {
    echo 'You are already logged in!';
}

header("Location: index.php");
lewis adams
  • 7
  • You can't set headers with `header` after you have already echo'ed something out. – Brian Glaz May 11 '17 at 15:56
  • 2
    You had better not go live with this code. – Funk Forty Niner May 11 '17 at 15:58
  • Fred is so right, classic example of sql injection waiting to happen ;) Please, don't reinvent the wheel, there are so many good code examples and books which show how to do this right. – Floyd May 11 '17 at 15:59
  • 1
    ...and plain text passwords. Both being a *sure fire recipe* for disaster. – Funk Forty Niner May 11 '17 at 16:01
  • 1
    **Never store plain text passwords!** Please use ***PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)*** to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). ***It is not necessary to [escape passwords](http://stackoverflow.com/q/36628418/1011527)*** or use any other cleansing mechanism on them before hashing. Doing so *changes* the password and causes unnecessary additional coding. – Jay Blanchard May 11 '17 at 16:01
  • Thanks for the advice, i'm just experimenting with PHP and i'm a beginner in learning it (started this week), I understand my code isn't great but I was just stuck on the header but thanks again. – lewis adams May 11 '17 at 19:41

0 Answers0