0

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\Fashion Studio\Resources\scripts\navbar.php:1) in C:\xampp\htdocs\Fashion Studio\Pages\login.php on line 37

<?php
    session_start();
    ?>
    <?php
    include("../resources/scripts/config.php");
    include("../resources/scripts/header.php");
    include("../resources/scripts/navbar.php");
    if(!isset($_SESSION["roles"]))
    {
    if(isset($_POST['submitbtn']))
    {
        if(($_POST['Id'] == ''))
        {
            $error = "No Id";
        }

        if(($_POST['Password'] == ''))
        {
            $error = "No Password";
        }

        if(isset($error))
        {
            echo $error;
        }

        else
        {

            $qur  = "select id , passsword , roles from users where id = '".$_POST['Id']."' and passsword = '".$_POST['Password']."'";
            $stmt = mysqli_query($con,$qur);
            $row = mysqli_fetch_array($stmt);
            if(mysqli_num_rows($stmt))
            {
                $_SESSION['id'] = trim($row["id"]);
                $_SESSION['roles'] =trim($row["roles"]);
                header('Location: index.php');
            }
        }
    }
    }
    else
    {
        header('Location: index.php');
    }
    ?>
Khooni Akhiyan
  • 39
  • 4
  • 2
    your code is wide open to ***SQL injection attacks*** - use parameterized statements to secure your code. also: ***never!!!*** store passwords as plain text - use `password_hash()` and `password_verify()` – Franz Gleichmann Feb 28 '18 at 17:43
  • That warning basically says: you are trying to send http headers _after_ already having sent out html payload. – arkascha Feb 28 '18 at 17:44
  • `navbar.php` outputs something to the browser. Then when you call `header(...)`, the warning shows ... You cannot output anything to the browser before the `header(...)` function is called – Istiaque Ahmed Feb 28 '18 at 17:50
  • @IstiaqueAhmed but navbar.php doesnot contain php tag its just html code – Khooni Akhiyan Feb 28 '18 at 18:08
  • @KhooniAkhiyan "just html code" gets sent to the client directly... therefore _before_ headers are sent. it's quite simple: *no headers* _after_ any data. – Franz Gleichmann Feb 28 '18 at 18:45
  • @KhooniAkhiyan, that means that HTML code is outputted to the browser – Istiaque Ahmed Feb 28 '18 at 18:46

0 Answers0