Getting error message saying headers already sent.

I am receiving an error message saying that the headers have already been sent, but not sure why.  The error message is:

Warning: Cannot modify header information - headers already sent by (login.php)

if($_POST['Submit']) {
	$grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login");
		if($user = mysql_fetch_assoc($grabUser)) {
			$username = $user['strUsername'];
			$password = md5($user['strPassword']);
		}
			
		if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {
			header("location:/index.php");
			exit();
		}
}

Open in new window

LVL 1
pingeyegAsked:
Who is Participating?
 
afzzConnect With a Mentor Commented:
try the following code
if($_POST['submit_action']) {
        $grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login where strUsername='".$_POST['strUsername']."'");
if(mysql_num_rows($grabUser) > 0){
                if($user = mysql_fetch_assoc($grabUser)) {
                        $username = $user['strUsername'];
                        $password = md5($user['strPassword']);
                }
 }
                if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {
                        header("location:/index.php");
                        exit();
                } elseif(isset($username) !== $_POST['strUsername'] && isset($password) !== md5($_POST['strPassword'])) {
                        echo $result;
                }
}

Open in new window

0
 
nplibCommented:
that means there's output before header is fired.
0
 
hieloCommented:
The problem is caused/triggered by this:
header("location:/index.php");

You have already sent data to the browser, hence the warning. Put this at the top of your page:
<?php
ob_start();
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

 
pingeyegAuthor Commented:
hielo,

Now the page just refreshes upon login.

nplib,

I moved my constants file below the code that fired the header so now that stopped, but the code is not taking me to the index.php page.
0
 
nplibCommented:
can you post all your code.
0
 
pingeyegAuthor Commented:

<?php
 
/* Check to see if the user is authenticated and then connect to the database to grab user's information and send him on his/her way.
*/
 
session_start();
 
include("includes/db.php"); // $conn
 
// Once submit button has been pressed, call the getUser function to validate the user.  If user has been validated then they are granted access to the main section.  If not, they are sent back to the login page to register.
 
if($_POST['Submit']) {
	$grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login");
		if($user = mysql_fetch_assoc($grabUser)) {
			$username = $user['strUsername'];
			$password = md5($user['strPassword']);
		}
 
		if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {
			header("location:/index.php");
			exit();
		} elseif(isset($username) !== $_POST['strUsername'] && isset($password) !== md5($_POST['strPassword'])) {
			echo $result;
		}
}
 
// Call the constant files
include("includes/constants.php");
 
?>
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title><?= TITLE ?></title>
<link type="text/css" href="/styles/login.css" rel="stylesheet">
</head>
<body>
<table width="100%" class="layout" cellspacing="0" cellpadding="0">
<tr><td valign="middle" align="center">
<div class="start">
<div class="message_login">
<?= LOGIN_CONTENT ?>
<div style="margin-top: 5px">
	<?= $result ?>
</div>
</div>
<div class="login_start">
 <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
 <span class="title">Username:</span><br/>
 <input type="text" name="strUsername" size="20" maxlength="20">
 <div style="margin-top: 10px">
 <span class="title">Password:</span></br>
 <input type="password" name="strPassword" size="20" maxlength="20">
 </div>
 <div style="margin-top: 10px">
 <input type="image" name="Submit" value="1" src="/images/enterbtn.png" alt="Enter Site">
 </div>
 <div class="links" style="margin-top: 10px">
 <a href="/register.php">Register Me</a> | <a href="/forgot.php">Forgot Password</a> </div>
 </form>
</div>
</div>
</td></tr>
</table>
</body>
</html>

Open in new window

0
 
nplibCommented:
at the top add print_r($_POST);

see if your image submit but is submitting it's value.

When I tried something similar to that long time ago, it would only work in FF and not IE or visa versa,
0
 
nplibCommented:
Also, I've found sometimes using the name "Submit" to cause problems so try using a different name like
submit_action or bob or whatever
0
 
nplibConnect With a Mentor Commented:
Lastly the simplest solution is to add a hidden field and check for that instead
<?php
 
/* Check to see if the user is authenticated and then connect to the database to grab user's information and send him on his/her way.
*/
 
session_start();
 
include("includes/db.php"); // $conn
 
// Once submit button has been pressed, call the getUser function to validate the user.  If user has been validated then they are granted access to the main section.  If not, they are sent back to the login page to register.
 
if($_POST['submit_action']) {
        $grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login");
                if($user = mysql_fetch_assoc($grabUser)) {
                        $username = $user['strUsername'];
                        $password = md5($user['strPassword']);
                }
 
                if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {
                        header("location:/index.php");
                        exit();
                } elseif(isset($username) !== $_POST['strUsername'] && isset($password) !== md5($_POST['strPassword'])) {
                        echo $result;
                }
}
 
// Call the constant files
include("includes/constants.php");
 
?>
 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title><?= TITLE ?></title>
<link type="text/css" href="/styles/login.css" rel="stylesheet">
</head>
<body>
<table width="100%" class="layout" cellspacing="0" cellpadding="0">
<tr><td valign="middle" align="center">
<div class="start">
<div class="message_login">
<?= LOGIN_CONTENT ?>
<div style="margin-top: 5px">
        <?= $result ?>
</div>
</div>
<div class="login_start">
 <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">
 <span class="title">Username:</span><br/>
 <input type="text" name="strUsername" size="20" maxlength="20">
 <div style="margin-top: 10px">
 <span class="title">Password:</span></br>
 <input type="password" name="strPassword" size="20" maxlength="20">
 </div>
 <div style="margin-top: 10px">
 <input type="image" src="/images/enterbtn.png" alt="Enter Site">
 <input type="hidden" name="submit_action" value="true" />
 </div>
 <div class="links" style="margin-top: 10px">
 <a href="/register.php">Register Me</a> | <a href="/forgot.php">Forgot Password</a> </div>
 </form>
</div>
</div>
</td></tr>
</table>
</body>
</html>

Open in new window

0
 
pingeyegAuthor Commented:
Well right now I am not getting any error messages, the image button is being sent to the page correctly, but I am not being sent to the next page either.
0
 
pingeyegAuthor Commented:
Apparently the portion that is hurting me right now is this (when I have it commented out the page is sent correctly, but when it isn't commented out the page just refreshes to the login screen):
function checkAuth() {
	if(!isset($_SESSION["strUsername"])) {
	        header("Location: /login.php");
	        exit();
	}
	 
	if(!isset($_SESSION['session_count'])) {
	        $_SESSION['session_count']=0;
	        $_SESSION['session_start']=time();
	} else {
	        ++$_SESSION['session_count'];
	} 
	 
	$session_timeout = 300;
	if (time() - $_SESSION['session_start'] > $session_timeout) {
	        header("Location: /logout.php");
	        exit();
	}
	
	$_SESSION['session_start'] = time();
}
 
checkAuth();

Open in new window

0
 
afzzConnect With a Mentor Commented:
change the code here to the following
if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {
$_SESSION["strUsername"]=$username;
                        header("location:/index.php");
                        exit();

Open in new window

0
 
pingeyegAuthor Commented:
Why did adding $_SESSION['strUsername']=$username; make any difference if the page that has that function doesn't use the variable $username?  I'm confused.
0
 
afzzCommented:
You are authenticating the user against the database here and setting that variable
if($user = mysql_fetch_assoc($grabUser)) {
                        $username = $user['strUsername'];
                        $password = md5($user['strPassword']);
                }

once that is done and you validate his password here
if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

you set his user name in the session variable here and forward him to the index.php page
$_SESSION["strUsername"]=$username;
                        header("location:/index.php");
                        exit();
0
 
pingeyegAuthor Commented:
I guess what I am confused about is the fact that you converted the session value into a variable.  Since the function I have doesn't have that variable in the code, I wasn't understanding why you did that.  Obviously I am missing something, but I'm learning every day.
0
 
afzzCommented:
your code has to set the session variable somewhere so that you can check for that variable on another page. Here you have to set the user name into the session variable so you can check for that variable on another page to see whether the current user whos is accessing that page has the session value set and whether his session has not timed out.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.