Solved

Getting error message saying headers already sent.

Posted on 2008-06-12
16
159 Views
Last Modified: 2009-12-16
I am receiving an error message saying that the headers have already been sent, but not sure why.  The error message is:

Warning: Cannot modify header information - headers already sent by (login.php)

if($_POST['Submit']) {

	$grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login");

		if($user = mysql_fetch_assoc($grabUser)) {

			$username = $user['strUsername'];

			$password = md5($user['strPassword']);

		}

			

		if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

			header("location:/index.php");

			exit();

		}

}

Open in new window

0
Comment
Question by:pingeyeg
  • 6
  • 5
  • 4
  • +1
16 Comments
 
LVL 17

Expert Comment

by:nplib
Comment Utility
that means there's output before header is fired.
0
 
LVL 82

Expert Comment

by:hielo
Comment Utility
The problem is caused/triggered by this:
header("location:/index.php");

You have already sent data to the browser, hence the warning. Put this at the top of your page:
<?php
ob_start();
0
 
LVL 1

Author Comment

by:pingeyeg
Comment Utility
hielo,

Now the page just refreshes upon login.

nplib,

I moved my constants file below the code that fired the header so now that stopped, but the code is not taking me to the index.php page.
0
 
LVL 17

Expert Comment

by:nplib
Comment Utility
can you post all your code.
0
 
LVL 1

Author Comment

by:pingeyeg
Comment Utility

<?php
 

/* Check to see if the user is authenticated and then connect to the database to grab user's information and send him on his/her way.

*/
 

session_start();
 

include("includes/db.php"); // $conn
 

// Once submit button has been pressed, call the getUser function to validate the user.  If user has been validated then they are granted access to the main section.  If not, they are sent back to the login page to register.
 

if($_POST['Submit']) {

	$grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login");

		if($user = mysql_fetch_assoc($grabUser)) {

			$username = $user['strUsername'];

			$password = md5($user['strPassword']);

		}
 

		if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

			header("location:/index.php");

			exit();

		} elseif(isset($username) !== $_POST['strUsername'] && isset($password) !== md5($_POST['strPassword'])) {

			echo $result;

		}

}
 

// Call the constant files

include("includes/constants.php");
 

?>
 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

<title><?= TITLE ?></title>

<link type="text/css" href="/styles/login.css" rel="stylesheet">

</head>

<body>

<table width="100%" class="layout" cellspacing="0" cellpadding="0">

<tr><td valign="middle" align="center">

<div class="start">

<div class="message_login">

<?= LOGIN_CONTENT ?>

<div style="margin-top: 5px">

	<?= $result ?>

</div>

</div>

<div class="login_start">

 <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">

 <span class="title">Username:</span><br/>

 <input type="text" name="strUsername" size="20" maxlength="20">

 <div style="margin-top: 10px">

 <span class="title">Password:</span></br>

 <input type="password" name="strPassword" size="20" maxlength="20">

 </div>

 <div style="margin-top: 10px">

 <input type="image" name="Submit" value="1" src="/images/enterbtn.png" alt="Enter Site">

 </div>

 <div class="links" style="margin-top: 10px">

 <a href="/register.php">Register Me</a> | <a href="/forgot.php">Forgot Password</a> </div>

 </form>

</div>

</div>

</td></tr>

</table>

</body>

</html>

Open in new window

0
 
LVL 17

Expert Comment

by:nplib
Comment Utility
at the top add print_r($_POST);

see if your image submit but is submitting it's value.

When I tried something similar to that long time ago, it would only work in FF and not IE or visa versa,
0
 
LVL 17

Expert Comment

by:nplib
Comment Utility
Also, I've found sometimes using the name "Submit" to cause problems so try using a different name like
submit_action or bob or whatever
0
 
LVL 17

Assisted Solution

by:nplib
nplib earned 50 total points
Comment Utility
Lastly the simplest solution is to add a hidden field and check for that instead
<?php

 

/* Check to see if the user is authenticated and then connect to the database to grab user's information and send him on his/her way.

*/

 

session_start();

 

include("includes/db.php"); // $conn

 

// Once submit button has been pressed, call the getUser function to validate the user.  If user has been validated then they are granted access to the main section.  If not, they are sent back to the login page to register.

 

if($_POST['submit_action']) {

        $grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login");

                if($user = mysql_fetch_assoc($grabUser)) {

                        $username = $user['strUsername'];

                        $password = md5($user['strPassword']);

                }

 

                if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

                        header("location:/index.php");

                        exit();

                } elseif(isset($username) !== $_POST['strUsername'] && isset($password) !== md5($_POST['strPassword'])) {

                        echo $result;

                }

}

 

// Call the constant files

include("includes/constants.php");

 

?>

 

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />

<title><?= TITLE ?></title>

<link type="text/css" href="/styles/login.css" rel="stylesheet">

</head>

<body>

<table width="100%" class="layout" cellspacing="0" cellpadding="0">

<tr><td valign="middle" align="center">

<div class="start">

<div class="message_login">

<?= LOGIN_CONTENT ?>

<div style="margin-top: 5px">

        <?= $result ?>

</div>

</div>

<div class="login_start">

 <form action="<?= $_SERVER['PHP_SELF'] ?>" method="post">

 <span class="title">Username:</span><br/>

 <input type="text" name="strUsername" size="20" maxlength="20">

 <div style="margin-top: 10px">

 <span class="title">Password:</span></br>

 <input type="password" name="strPassword" size="20" maxlength="20">

 </div>

 <div style="margin-top: 10px">

 <input type="image" src="/images/enterbtn.png" alt="Enter Site">

 <input type="hidden" name="submit_action" value="true" />

 </div>

 <div class="links" style="margin-top: 10px">

 <a href="/register.php">Register Me</a> | <a href="/forgot.php">Forgot Password</a> </div>

 </form>

</div>

</div>

</td></tr>

</table>

</body>

</html>

Open in new window

0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:pingeyeg
Comment Utility
Well right now I am not getting any error messages, the image button is being sent to the page correctly, but I am not being sent to the next page either.
0
 
LVL 4

Accepted Solution

by:
afzz earned 200 total points
Comment Utility
try the following code
if($_POST['submit_action']) {

        $grabUser = mysql_query("SELECT strUsername, strPassword, strValid from login where strUsername='".$_POST['strUsername']."'");

if(mysql_num_rows($grabUser) > 0){

                if($user = mysql_fetch_assoc($grabUser)) {

                        $username = $user['strUsername'];

                        $password = md5($user['strPassword']);

                }

 }

                if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

                        header("location:/index.php");

                        exit();

                } elseif(isset($username) !== $_POST['strUsername'] && isset($password) !== md5($_POST['strPassword'])) {

                        echo $result;

                }

}

Open in new window

0
 
LVL 1

Author Comment

by:pingeyeg
Comment Utility
Apparently the portion that is hurting me right now is this (when I have it commented out the page is sent correctly, but when it isn't commented out the page just refreshes to the login screen):
function checkAuth() {

	if(!isset($_SESSION["strUsername"])) {

	        header("Location: /login.php");

	        exit();

	}

	 

	if(!isset($_SESSION['session_count'])) {

	        $_SESSION['session_count']=0;

	        $_SESSION['session_start']=time();

	} else {

	        ++$_SESSION['session_count'];

	} 

	 

	$session_timeout = 300;

	if (time() - $_SESSION['session_start'] > $session_timeout) {

	        header("Location: /logout.php");

	        exit();

	}

	

	$_SESSION['session_start'] = time();

}
 

checkAuth();

Open in new window

0
 
LVL 4

Assisted Solution

by:afzz
afzz earned 200 total points
Comment Utility
change the code here to the following
if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

$_SESSION["strUsername"]=$username;

                        header("location:/index.php");

                        exit();

Open in new window

0
 
LVL 1

Author Comment

by:pingeyeg
Comment Utility
Why did adding $_SESSION['strUsername']=$username; make any difference if the page that has that function doesn't use the variable $username?  I'm confused.
0
 
LVL 4

Expert Comment

by:afzz
Comment Utility
You are authenticating the user against the database here and setting that variable
if($user = mysql_fetch_assoc($grabUser)) {
                        $username = $user['strUsername'];
                        $password = md5($user['strPassword']);
                }

once that is done and you validate his password here
if(isset($username) == $_POST['strUsername'] && isset($password) == md5($_POST['strPassword'])) {

you set his user name in the session variable here and forward him to the index.php page
$_SESSION["strUsername"]=$username;
                        header("location:/index.php");
                        exit();
0
 
LVL 1

Author Comment

by:pingeyeg
Comment Utility
I guess what I am confused about is the fact that you converted the session value into a variable.  Since the function I have doesn't have that variable in the code, I wasn't understanding why you did that.  Obviously I am missing something, but I'm learning every day.
0
 
LVL 4

Expert Comment

by:afzz
Comment Utility
your code has to set the session variable somewhere so that you can check for that variable on another page. Here you have to set the user name into the session variable so you can check for that variable on another page to see whether the current user whos is accessing that page has the session value set and whether his session has not timed out.
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now