This problem is MIND BOGGLING

Andrius

11-30-2006, 09:06 AM

ok this is the dumbest thing I have come across in a while... the PHP code on itself works perfectly but when inserted into this page... it ceases to work. and by not working I mean it refreshes the page it's on (eg: http://www.getliveevents.com/Admin_login.php will become http://www.getliveevents.com/Admin_login.php?do=login after submit is pressed)

FULL CODE WITH PHP INSERTED IS BELOW:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">

</style></head>

<body>
<div align="center">
<table width="1000" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td> </td>
<td width="102" height="163"><img src="Images/1.gif" width="102" height="163" /></td>
<td width="482" height="163"><img src="Images/2.gif" width="482" height="163" /></td>
<td width="233" height="163"><img src="Images/3.gif" width="233" height="163" /></td>
<td width="117" height="163"><img src="Images/4.gif" width="117" height="163" /></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td width="102" height="77"><img src="Images/5.gif" width="102" height="77" /></td>
<td background="Images/6_bg.gif"><div align="center"><img src="Images/banner_top.jpg" width="468" height="60" /></div></td>
<td width="233" height="77"><img src="Images/7.gif" width="233" height="77" /></td>
<td width="117" height="77"><img src="Images/8.gif" width="117" height="77" /></td>
<td> </td>
</tr>
<tr>
<td width="32" height="40"><img src="Images/9.gif" width="32" height="40" /></td>
<td width="102" height="40"><img src="Images/10.gif" width="102" height="40" /></td>
<td width="482" height="40"><img src="Images/11.gif" width="482" height="40" /></td>
<td width="233" height="40"><img src="Images/12.gif" width="233" height="40" /></td>
<td width="117" height="40"><img src="Images/13.gif" width="117" height="40" /></td>
<td width="34" height="40"><img src="Images/14.gif" width="34" height="40" /></td>
</tr>
<tr>
<td width="32" height="80"><img src="Images/15.gif" width="32" height="80" /></td>
<td width="102" height="80"><img src="Images/16.gif" width="102" height="80" /></td>
<td height="80" colspan="2"><img src="Images/17.gif" width="715" height="80" /></td>
<td width="117" height="80"><img src="Images/18.gif" width="117" height="80" /></td>
<td width="34" height="80"><img src="Images/19.gif" width="34" height="80" /></td>
</tr>
<tr>
<td height="100%" background="Images/20_runner_BG.gif"> </td>
<td height="100%" valign="top"><div align="right"><img src="Images/banner_left.jpg" width="100" height="487" /></div></td>
<td height="100%" colspan="2" valign="top" background="Images/bg_inner.gif"><div align="center"><?php
session_start(); # 9
include("Includes/conn.php"); #10
switch (@$_GET['do']) #11
{
case "login": #13
$connection = mysql_connect($host, $user,$password) #14
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database."); #17

$sql = "SELECT username FROM getlive_admin
WHERE username='$_POST[fusername]'"; #20
$result = mysql_query($sql)
or die("Couldn't execute query."); #22
$num = mysql_num_rows($result); #23
if ($num == 1) // login name was found #24
{
$sql = "SELECT username FROM getlive_admin
WHERE username='$_POST[fusername]'
AND password=password('$_POST[fpassword]')";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2."); #30
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct #32
{
$_SESSION['auth']="yes"; #34
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname; #36
$today = date("Y-m-d h:i:s"); #37
$sql = "INSERT INTO getlive_login (username, logintime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Admin_index.php"); #41
}
else // password is not correct #43
{
unset($_GET['do']); #45
$message="<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br></font>";
include("Includes/admin_login_form.inc"); #49
}
} #51
elseif ($num == 0) // login name not found #52
{
unset($_GET['do']); #54
$message = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name you entered does not
exist! Please try again.<br></font>";
include("Includes/admin_login_form.inc");
}
break; #59

case "new": #61
foreach($_POST as $field => $value) #62
{
if (ereg("(Name)",$field)) #75
{
if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $field is not a valid name.
Please try again.<br></font>";
include("/Includes/admin_login_form.inc");
exit();
}
}
$$field = strip_tags(trim($value)); #86
} // end foreach
if (!ereg("^[0-9)(xX -]{7,20}$",$corp_phone)) #96
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_phone is not a valid phone number.
Please try again.<br></font>";
include("Includes/admin_login_form.inc");
exit();
}
if (!ereg("^.+@.+\\..+$",$corp_email)) #115
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_email is not a valid email address.
Please try again.<br></font>";
include("Includes/admin_login_form.inc");
exit();
} #122
/* check to see if login name already exists */
$connection = mysql_connect($host,$user,$password)
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");
$sql = "SELECT username FROM getlive_admin
WHERE username='$newname'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($num > 0) #133
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $newname already used. Select another
Member ID. <br></font>";
include("Includes/admin_login_form.inc");
exit();
}
else #141
{
$today = date("Y-m-d"); #143
$sql = "INSERT INTO getlive_admin (username,createDate,password,corp_name,corp_phone,corp_email)
VALUES ('$newname','$today',password('$newpass'),'$corp_name','$corp_phone','$corp_email')";
mysql_query($sql); #150
$_SESSION['auth']="yes"; #151
$_SESSION['logname'] = $newname; #152
/* send email to new member */ #153
$emess = "A new Member Account has been setup. ";
$emess.= "Your new Member ID and password are: ";
$emess.= "\n\n\t$newname\n\t$newpass\n\n";
$emess.= "We appreciate your interest in our Live Shows";
$emess.= " at GetLiveEvents.com. \n\n";
$emess.= "If you have any questions or problems,";
$emess.= " email support@getliveevents.com";
$ehead="From: member-desk@GetLiveEvents.com\r\n"; #161
$subj = "Your new Member Account from GetLiveEvents.com";
$mailsend=mail("$corp_email","$subj","$emess","$ehead");
header("Location: New_member.php"); #164
}
break; #166

default: #168
include("Includes/admin_login_form.inc");
}
?>

</div></td>
<td height="100%" valign="top"><div align="right"><img src="Images/banner_right.jpg" width="100" height="487" /></div></td>
<td height="100%" background="Images/21_runner_BG.gif"> </td>
</tr>
</table>
</div>
</body>
</html>

WORKING CODE BY ITSELF:

<?php
/* Program: Login.php
* Desc: Login program for the Members Only section of the
* pet store. It provides two options: (1) login
* using an existing Login Name and (2) enter a new
* login name. Login Names and passwords are stored
* in a MySQL database.
*/
session_start(); # 9
include("Includes/conn.php"); #10
switch (@$_GET['do']) #11
{
case "login": #13
$connection = mysql_connect($host, $user,$password) #14
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database."); #17

$sql = "SELECT username FROM getlive_admin
WHERE username='$_POST[fusername]'"; #20
$result = mysql_query($sql)
or die("Couldn't execute query."); #22
$num = mysql_num_rows($result); #23
if ($num == 1) // login name was found #24
{
$sql = "SELECT username FROM getlive_admin
WHERE username='$_POST[fusername]'
AND password=password('$_POST[fpassword]')";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2."); #30
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct #32
{
$_SESSION['auth']="yes"; #34
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname; #36
$today = date("Y-m-d h:i:s"); #37
$sql = "INSERT INTO getlive_login (username, logintime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Admin_index.php"); #41
}
else // password is not correct #43
{
unset($_GET['do']); #45
$message="<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br></font>";
include("Includes/admin_login_form.inc"); #49
}
} #51
elseif ($num == 0) // login name not found #52
{
unset($_GET['do']); #54
$message = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name you entered does not
exist! Please try again.<br></font>";
include("Includes/admin_login_form.inc");
}
break; #59

case "new": #61
foreach($_POST as $field => $value) #62
{
if (ereg("(Name)",$field)) #75
{
if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $field is not a valid name.
Please try again.<br></font>";
include("/Includes/admin_login_form.inc");
exit();
}
}
$$field = strip_tags(trim($value)); #86
} // end foreach
if (!ereg("^[0-9)(xX -]{7,20}$",$corp_phone)) #96
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_phone is not a valid phone number.
Please try again.<br></font>";
include("Includes/admin_login_form.inc");
exit();
}
if (!ereg("^.+@.+\\..+$",$corp_email)) #115
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_email is not a valid email address.
Please try again.<br></font>";
include("Includes/admin_login_form.inc");
exit();
} #122
/* check to see if login name already exists */
$connection = mysql_connect($host,$user,$password)
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");
$sql = "SELECT username FROM getlive_admin
WHERE username='$newname'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($num > 0) #133
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $newname already used. Select another
Member ID. <br></font>";
include("Includes/admin_login_form.inc");
exit();
}
else #141
{
$today = date("Y-m-d"); #143
$sql = "INSERT INTO getlive_admin (username,createDate,password,corp_name,corp_phone,corp_email)
VALUES ('$newname','$today',password('$newpass'),'$corp_name','$corp_phone','$corp_email')";
mysql_query($sql); #150
$_SESSION['auth']="yes"; #151
$_SESSION['logname'] = $newname; #152
/* send email to new member */ #153
$emess = "A new Member Account has been setup. ";
$emess.= "Your new Member ID and password are: ";
$emess.= "\n\n\t$newname\n\t$newpass\n\n";
$emess.= "We appreciate your interest in our Live Shows";
$emess.= " at GetLiveEvents.com. \n\n";
$emess.= "If you have any questions or problems,";
$emess.= " email support@getliveevents.com";
$ehead="From: member-desk@GetLiveEvents.com\r\n"; #161
$subj = "Your new Member Account from GetLiveEvents.com";
$mailsend=mail("$corp_email","$subj","$emess","$ehead");
header("Location: New_member.php"); #164
}
break; #166

default: #168
include("Includes/admin_login_form.inc");
}
?>

Andrius

11-30-2006, 09:07 PM

bump^

CFMaBiSmAd

11-30-2006, 09:16 PM

The code uses a session_start(); Sessions must be started prior to any content is sent to the browser.

Checking your server logs or setting error_reporting to E_ALL will expose the warnings that are occurring.

Andrius

11-30-2006, 10:44 PM

moved the code <?php session start(); ?> to the very beginning of the file. same issue. Revised code below:

<?php
session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Untitled Document</title>
<style type="text/css">

</style></head>

<body>
<div align="center">
<table width="1000" height="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td> </td>
<td width="102" height="163"><img src="Images/1.gif" width="102" height="163" /></td>
<td width="482" height="163"><img src="Images/2.gif" width="482" height="163" /></td>
<td width="233" height="163"><img src="Images/3.gif" width="233" height="163" /></td>
<td width="117" height="163"><img src="Images/4.gif" width="117" height="163" /></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td width="102" height="77"><img src="Images/5.gif" width="102" height="77" /></td>
<td background="Images/6_bg.gif"><div align="center"><img src="Images/banner_top.jpg" width="468" height="60" /></div></td>
<td width="233" height="77"><img src="Images/7.gif" width="233" height="77" /></td>
<td width="117" height="77"><img src="Images/8.gif" width="117" height="77" /></td>
<td> </td>
</tr>
<tr>
<td width="32" height="40"><img src="Images/9.gif" width="32" height="40" /></td>
<td width="102" height="40"><img src="Images/10.gif" width="102" height="40" /></td>
<td width="482" height="40"><img src="Images/11.gif" width="482" height="40" /></td>
<td width="233" height="40"><img src="Images/12.gif" width="233" height="40" /></td>
<td width="117" height="40"><img src="Images/13.gif" width="117" height="40" /></td>
<td width="34" height="40"><img src="Images/14.gif" width="34" height="40" /></td>
</tr>
<tr>
<td width="32" height="80"><img src="Images/15.gif" width="32" height="80" /></td>
<td width="102" height="80"><img src="Images/16.gif" width="102" height="80" /></td>
<td height="80" colspan="2"><img src="Images/17.gif" width="715" height="80" /></td>
<td width="117" height="80"><img src="Images/18.gif" width="117" height="80" /></td>
<td width="34" height="80"><img src="Images/19.gif" width="34" height="80" /></td>
</tr>
<tr>
<td height="100%" background="Images/20_runner_BG.gif"> </td>
<td height="100%" valign="top"><div align="right"><img src="Images/banner_left.jpg" width="100" height="487" /></div></td>
<td height="100%" colspan="2" valign="top" background="Images/bg_inner.gif"><div align="center"><?php
/* Program: Login.php
* Desc: Login program for the Members Only section of the
* pet store. It provides two options: (1) login
* using an existing Login Name and (2) enter a new
* login name. Login Names and passwords are stored
* in a MySQL database.
*/
# 9
include("Includes/conn.php"); #10
switch (@$_GET['do']) #11
{
case "login": #13
$connection = mysql_connect($host, $user,$password) #14
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database."); #17

$sql = "SELECT username FROM getlive_admin
WHERE username='$_POST[fusername]'"; #20
$result = mysql_query($sql)
or die("Couldn't execute query."); #22
$num = mysql_num_rows($result); #23
if ($num == 1) // login name was found #24
{
$sql = "SELECT username FROM getlive_admin
WHERE username='$_POST[fusername]'
AND password=password('$_POST[fpassword]')";
$result2 = mysql_query($sql)
or die("Couldn't execute query 2."); #30
$num2 = mysql_num_rows($result2);
if ($num2 > 0) // password is correct #32
{
$_SESSION['auth']="yes"; #34
$logname=$_POST['fusername'];
$_SESSION['logname'] = $logname; #36
$today = date("Y-m-d h:i:s"); #37
$sql = "INSERT INTO getlive_login (username, logintime)
VALUES ('$logname','$today')";
mysql_query($sql) or die("Can't execute query.");
header("Location: Admin_index.php"); #41
}
else // password is not correct #43
{
unset($_GET['do']); #45
$message="<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.<br></font>";
include("Includes/admin_login_form.inc"); #49
}
} #51
elseif ($num == 0) // login name not found #52
{
unset($_GET['do']); #54
$message = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'>The Login Name you entered does not
exist! Please try again.<br></font>";
include("Includes/admin_login_form.inc");
}
break; #59

case "new": #61
foreach($_POST as $field => $value) #62
{
if (ereg("(Name)",$field)) #75
{
if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $field is not a valid name.
Please try again.<br></font>";
include("/Includes/admin_login_form.inc");
exit();
}
}
$$field = strip_tags(trim($value)); #86
} // end foreach
if (!ereg("^[0-9)(xX -]{7,20}$",$corp_phone)) #96
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_phone is not a valid phone number.
Please try again.<br></font>";
include("Includes/admin_login_form.inc");
exit();
}
if (!ereg("^.+@.+\\..+$",$corp_email)) #115
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $corp_email is not a valid email address.
Please try again.<br></font>";
include("Includes/admin_login_form.inc");
exit();
} #122
/* check to see if login name already exists */
$connection = mysql_connect($host,$user,$password)
or die ("Couldn't connect to server.");
$db = mysql_select_db($database, $connection)
or die ("Couldn't select database.");
$sql = "SELECT username FROM getlive_admin
WHERE username='$newname'";
$result = mysql_query($sql)
or die("Couldn't execute query.");
$num = mysql_numrows($result);
if ($num > 0) #133
{
unset($_GET['do']);
$message_new = "<font color='#FFFFFF' size='1' face='Verdana, Arial, Helvetica, sans-serif'> $newname already used. Select another
Member ID. <br></font>";
include("Includes/admin_login_form.inc");
exit();
}
else #141
{
$today = date("Y-m-d"); #143
$sql = "INSERT INTO getlive_admin (username,createDate,password,corp_name,corp_phone,corp_email)
VALUES ('$newname','$today',password('$newpass'),'$corp_name','$corp_phone','$corp_email')";
mysql_query($sql); #150
$_SESSION['auth']="yes"; #151
$_SESSION['logname'] = $newname; #152
/* send email to new member */ #153
$emess = "A new Member Account has been setup. ";
$emess.= "Your new Member ID and password are: ";
$emess.= "\n\n\t$newname\n\t$newpass\n\n";
$emess.= "We appreciate your interest in our Live Shows";
$emess.= " at GetLiveEvents.com. \n\n";
$emess.= "If you have any questions or problems,";
$emess.= " email support@getliveevents.com";
$ehead="From: member-desk@GetLiveEvents.com\r\n"; #161
$subj = "Your new Member Account from GetLiveEvents.com";
$mailsend=mail("$corp_email","$subj","$emess","$ehead");
header("Location: New_member.php"); #164
}
break; #166

default: #168
include("Includes/admin_login_form.inc");
}
?>

</div></td>
<td height="100%" valign="top"><div align="right"><img src="Images/banner_right.jpg" width="100" height="487" /></div></td>
<td height="100%" background="Images/21_runner_BG.gif"> </td>
</tr>
</table>
</div>
</body>
</html>

CFMaBiSmAd

11-30-2006, 11:02 PM

What did the error_reporting setting show?

The reason I ask is that there is also a header("Location: Admin_index.php"); statement that won't work due to the HTML that is output to the browser and warning messages would be output due to this as well.

Andrius

11-30-2006, 11:09 PM

actually not the server admin on this host so I can't change those settings. If you'd like you could add me to your MSN and we can go from there and I could send you the files to look at? starbucks_addict@hotmail.com

header("Location: Admin_index.php"); was meant for after the admin logs in (the page it sends the admin to if login is correct)

CFMaBiSmAd

11-30-2006, 11:14 PM

Put the following in after your first opening php tag -
error_reporting(E_ALL);http://www.php.net/manual/en/function.error-reporting.php

Andrius

11-30-2006, 11:19 PM

Warning: Cannot modify header information - headers already sent by (output started at /homepages/34/d152933052/htdocs/Admin_login.php:12) in /homepages/34/d152933052/htdocs/Admin_login.php on line 120

line 120 = header("Location: Admin_index.php"); #41

so how would I get this script on this page and working correctly? this has been bugging me for days now and it's rather important to get working lol

you are a HUUUGE help by the way I really really appreciate your time with this matter

CFMaBiSmAd

11-30-2006, 11:34 PM

For the most immediate problem, change the header(...); statement to these two lines -
echo "<meta http-equiv=\"refresh\" content=\"0;URL=Admin_index.php\">";
exit();

In general, if a page is going to redirect to another page, even if this is within conditional logic, there is not much point in outputting content to the browser until after the logic decides to redirect or stay on the same page.

Andrius

11-30-2006, 11:46 PM

works like a charm! so now on the admin pages I want to keep the public out of I just add this to the top of each page?

<?
session_start(); # 7

if (@$_SESSION['auth'] != "yes") # 9
{
header("Location: Login.php");
exit();
}
?>