PDA

View Full Version : redirecting after submit problem?

golgotha
12-10-2006, 01:05 AM
Hi. I have a login form written in php that uses itself as the action (<form action="<?php echo $_SERVER['../PHP_SELF']?>" method="post">).

When the user enters their username and passwd, the page reloads. If submit was clicked, then the input is checked against the database. If it matches, the user authenticates and is logged in. Their home page should then load.

The problem is that I am getting this error:
Warning: Cannot modify header information - headers already sent by (output started at .../test/04/include/header.php:6) in ...test/04/include/body_login.php on line 58

I know am getting that error because I have already included several files and outputted HTML.

What I want is the user's home page to load after they click the submit button, but I don't know another way to do it besides the header() function.

Any suggestions?

the login page is here: http://www.arationalmind.com/test/04/home.php
this is the login code:

<td width = "80%" valign = "top">

<?php
// file: login.php
// database connect script.
// credit to http://www.free2code.net for the code concept

require 'include/db_connect.php';

if($logged_in == 1) {
die('You are already logged in, '.$_SESSION['user_name'].'.');

}

if (isset($_POST['submit'])) { // if form has been submitted


/* check they filled in both fields and then authenticate */
if(!$_POST['uname'] | !$_POST['passwd']) {
die('You did not fill in a required field.');
}

// authenticate.

if (!get_magic_quotes_gpc()) {
$_POST['uname'] = addslashes($_POST['uname']);
}

$check = $db_object->query("SELECT user_name, password FROM user_login WHERE user_name = '".$_POST['uname']."'");

if (DB::isError($check) || $check->numRows() == 0) {
die('That user_name does not exist in our database.');
}

$info = $check->fetchRow();

// check passwords match

$_POST['passwd'] = stripslashes($_POST['passwd']);
$info['password'] = stripslashes($info['password']);
$_POST['passwd'] = md5($_POST['passwd']);

if ($_POST['passwd'] != $info['password']) {
die('Incorrect password, please try again.');
}

// if we get here user_name and password are correct,
//register session variables and set last login time.

$date = date('m d, Y');

$update_login = $db_object->query("UPDATE user_login SET last_login = '$date' WHERE user_name = '".$_POST['uname']."'");

$_POST['uname'] = stripslashes($_POST['uname']);
$_SESSION['user_name'] = $_POST['uname'];
$_SESSION['password'] = $_POST['passwd'];
$db_object->disconnect();
header("Location: http://www.arationalmind.com/test/04/home.php");
exit;

} else { // if form hasn't been submitted

?>
<form action="<?php echo $_SERVER['../PHP_SELF']?>" method="post">
<table align="center" border="1" cellspacing="0" cellpadding="3">
<tr><td colspan="2">&nbsp;&nbsp;&nbsp;Login</td></tr>
<tr><td>Username:</td><td>
<input type="text" name="uname" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="passwd" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<center><a href="http://www.arationalmind.com/test/04/register.php">Register an Account</a></center>
<?php
}
?>
</b></p>

</td>
MrSpandex
12-10-2006, 01:46 AM
If their home page is the same as everyone's (The normal situation), then why not just check the login there?

EDIT: Re-reading your code, it seems like your trying to do log-in on the home page itself. Perhaps try http_redirect() (http://us2.php.net/manual/en/function.http-redirect.php)?

You can even include another session variable, $SESSION['logged'] perhaps, that would allow the script to skip log for returning users. It can also check if the username/password in the session is correct so that someone couldn't just enter that apge in their URL bar.

The other option is to have another page that the form POSTs to that only checks their info and redirects them. That way nothing is printed when the redirect occurs.
golgotha
12-10-2006, 02:28 AM
That's right, the login form is inside a table. The table is generated with the following script, home.php. As you can see, home.php is simply a list of includes, with an if statement that changes the body based on whether the user is logged in or not:
<?php
// file: home.php
// desc: if user is logged in, display the internal page. if user is logged out, display template page with no funcions.

//check login status
include("include/db_connect.php");
include("include/header.php");
include("include/top.php");
if ($logged_in == 1) {
include("include/sidebar_main.php");
include("include/body_main.php");

}
else {
include("include/sidebar_guest.php");
include("include/body_login.php");
}
include("include/footer.php");
?>

So, the first time they visit home.php, they will see a login form with a link to a registration form. I will also add a "forgot password link", but I'm not there yet. After they register a username and passwd, they can login.
The only thing that will change, after login, is the sidebar which will then show some links to functions, and the body which will change to reflect what page they are on.

btw this project is an online timesheet.

(This is my first time using php. While it is very interesting, there is a great deal of info to get your head around.)