Okay, I started a new website yesterday and (some of) it was working fine until earlier I started getting this error message:
| Code: |
| Warning: Cannot modify header information - headers already sent by (output started at /home/pckid2/domains/peterjosling.co.uk/public_html/wiipages/login.php:2) in /home/pckid2/domains/peterjosling.co.uk/public_html/wiipages/login.php on line 85 |
I can't see anything wrong with the code at line 2:
| Code: |
| print "<font face = 'Arial'>"; |
which is in:
| Code: |
<?php
print "<font face = 'Arial'>";
// Connects to your Database
mysql_connect("localhost", "_______", "______") or die(mysql_error());
mysql_select_db("______") or die(mysql_error()); |
Also, I'm getting an error message in another file:
| Code: |
| Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/pckid2/domains/peterjosling.co.uk/public_html/wiipages/register.php on line 58 |
Once again, I can't see anything wrong at line 58:
| Code: |
| <form action="register.php" method="post"> |
Which is in:
| Code: |
else
{
?>
<form action="register.php" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="60">
</td></tr> |
Does anyone have any suggestions? Please post the whole code and that would make it easier. The headers alredy sent message might be because you have used header(); somewhere but i dont know so please post all the code.
Okay, Ive removed all the usernames and passwords:
login.php:
| Code: |
<?php
print "<font face = 'Arial'>";
// Connects to your Database
mysql_connect("localhost", "______", "____") or die(mysql_error());
mysql_select_db("____") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['WiiPages']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['WiiPages'];
$pass = $_COOKIE['WiiWii'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: index.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. Please register using the Register button to the right.');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(WiiPages, $_POST['username'], $hour);
setcookie(WiiWii, $_POST['pass'], $hour);
//then redirect them to the members area
header("Location: index.php");
}
}
} else {
// if they are not logged in
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
print "</font>";
?> |
register.php:
| Code: |
<?php
// Connects to your Database
mysql_connect("localhost", "_____", "_____") or die(mysql_error());
mysql_select_db("_____") or die(mysql_error());
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['email'] ) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match.');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password, email)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."')";
$add_member = mysql_query($insert);
$insert2 = "INSERT INTO slots (username)
VALUES ('".$_POST['username']"')
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<form action="register.php" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>
<?php
}
?>
|
I didn't code it all myself, I used a tutorial then modified it so I'm not so sure what's wrong. I might as well add that the files are uploaded to http://peterjosling.co.uk/wiipages. The line numbers have changed now because I added <html> and <body> tags to try and fix it but the errors are still the same.
Edit: the register edit's changed, here's the new code:
| Code: |
<html>
<body>
<?php
// Connects to your Database
mysql_connect("localhost", "______", "_____") or die(mysql_error());
mysql_select_db("______") or die(mysql_error());
//This code runs if the form has been submitted
if (isset($_POST['submit'])) {
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] | !$_POST['email'] ) {
die('You did not complete all of the required fields');
}
// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'")
or die(mysql_error());
$check2 = mysql_num_rows($check);
//if the name exists it gives an error
if ($check2 != 0) {
die('Sorry, the username '.$_POST['username'].' is already in use.');
}
// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
die('Your passwords did not match.');
}
// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}
// now we insert it into the database
$insert = "INSERT INTO users (username, password, email)
VALUES ('".$_POST['username']."', '".$_POST['pass']."', '".$_POST['email']."')";
$add_member = mysql_query($insert);
$insert2 = "INSERT INTO slots (username)
VALUES ('".$_POST['username']."')
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<form action="register.php" method="post">
<table border="0">
<tr><td>Username:</td><td>
<input type="text" name="username" maxlength="60">
</td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="60">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>
<tr><th colspan=2><input type="submit" name="submit" value="Register"></th></tr> </table>
</form>
<?php
}
?>
</body>
</html> |
| pckid2 wrote: |
| Code: | <?php
print "<font face = 'Arial'>";
...
$hour = time() + 3600;
setcookie(WiiPages, $_POST['username'], $hour); |
|
You can't send headers (the setcookie() call) after "normal" output (the print).
Either restructure your code or wrap it all inside a ob_start() thing.
| pckid2 wrote: |
| Code: | $add_member = mysql_query($insert);
$insert2 = "INSERT INTO slots (username)
VALUES ('".$_POST['username']."')
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<form action="register.php" method="post"> |
|
$insert2 = "INSERT ..." . $_POST . "')<ENTER>?><ENTER><ENTER><h1>..." and somewhere after that your error shows up.
Correct the string.Okay, I've fixed login.php, but register.php is still brok. Any ideas?
| pckid2 wrote: |
Okay, I've fixed login.php, but register.php is still brok. Any ideas? | pckid2 wrote: | $insert2 = "INSERT INTO slots (username)
VALUES ('".$_POST['username']."')
?>
<h1>Registered</h1>
<p>Thank you, you have registered - you may now login</a>.</p>
<?php
}
else
{
?>
<form action="register.php" method="post"> |
|
| pckid2 wrote: |
| Quote: | | Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING in /home/pckid2/domains/peterjosling.co.uk/public_html/wiipages/register.php on line 58 |
|
The T_CONSTANT_ENCAPSED_STRING is the "register" thing right after you close the string you started after the $_POST['username'].first things first.
don't ever put not sanitized data without filtering to your sql query. It's dangerous. use addslashes or your database specific function, mysql_real_escape_string for example. I know you're just starting, but start good.
Try to separate the view layer (html) and the script layer (google about MVC )
don't use so long variable name for your query. Always use the same name $q is convenient.
if(trim($_POST['username'])){
$q = "INSERT INTO slots (username) VALUES ". addslashes($_POST['username']). "') ";
// query stuff...
}
