...

View Full Version : Warning: Cannot modify header information - headers already sent by (Help)



DaMenace
07-31-2007, 12:41 AM
I am trying to create a login that stores a cookie on the users computer using PHP. Everything works fine when the user inputs the wrong password (tells them that they are wrong), unless they enter the right password then I get this error message.

----------------------
Warning: Cannot modify header information - headers already sent by (output started at /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php:7) in /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php on line 88

Warning: Cannot modify header information - headers already sent by (output started at /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php:7) in /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php on line 89
----------------------

Does anyone know how I can fix this? I've looked at line 7 on the login page and nothing seems wrong there. I've also read some threads that say White Space is the main reason for this error, but I do not quite understand what that means.

Here is the code for the site - if anyone can tell what is going on that would be much apreciated.

---------------------

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Savage Life - Gears of War Clan</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="description" content="Savage Life is a Gears of war Clan, or team, that was created by Hollyw00d Cole, TGz Sh0tee, and Hulk Colegan to eliminate all opposing gears of war foes. We select only the players that play because they love to play, and are skilled at playing." />
<meta http-equiv="keywords" content="Gears of War Tournaments, gears of war tournament, gears of war, gear of war, gears of war 360, gears of war for xbox, gears of war for xbox 360, gears of war game, gears, savage life, clan, Gears of War Clan, Gears of War Team, Winners" />
<link rel="stylesheet" type="text/css" href="gearsStyle.css" />
</head>
<body>
<div class="all_banner"><img src="imgs/banners/sl-banner1.jpg" /></div>
<div class="all_menuBar">
<a class="all_menu" href="default.php">Home</a>
<a class="all_menu" href="about.php">About SL</a>
<a class="all_menu" href="members.php">SL Members</a>
<a class="all_menu" href="tournaments.php">SL Tournaments</a>
<a class="all_menu" href="blog.php">SL Blog</a>
<a class="all_menu" href="sponsor.php">Sponsors</a>
<a class="all_menu" href="request.php">Request to Join</a>
<a class="all_menu" href="login.php">SL LogIn</a>
</div>
<div class="login">
<?php

$username="**UserName**";
$databasePass="**PASSWORD**";
$database="**DATABASE**";
$server="**SERVER**";

mysql_connect($server,$username,$databasePass);
@mysql_select_db($database) or die( "Unable to select database");

if (isset($_COOKIE['gamerTag']))
{
$gamerTag=$_COOKIE['tag'];
$password=$_COOKIE['pass'];

$check=mysql_query("SELECT * FROM members WHERE gamerTag = '$gamerTag'")or die(mysql_error());

while($info=mysql_fetch_array($check))
{
if ($password!=$info['password'])
{
echo "AHHHHHH!";
}
else
{
echo "You are already logged in, what are you doing at this damn page!";
}
}
}

if (isset($_POST['submit']))
{
if (!$_POST['tag'] | !$_POST['pass'])
{
die('You did not fill in a required field.');
}

if (!get_magic_quotes_gpc())
{
$_POST['tag']=addslashes($_POST['tag']);
}

$check=mysql_query("SELECT * FROM members WHERE gamerTag = '".$_POST['tag']."'") or die(mysql_error());

$check2=mysql_num_rows($check);

if ($check2 == 0)
{
die('That user does not exist in our database. <a href="request.php">Click Here to Request to Join SL.</a>');
}

while ($info=mysql_fetch_array($check))
{
$_POST['pass']=stripslashes($_POST['pass']);
$info['password']=stripslashes($info['password']);
$_POST['pass']=md5($_POST['pass']);

if ($_POST['pass']!=$info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['tag']=stripslashes($_POST['tag']);
$hour=time() + 3600;
setcookie (tag, $_POST['tag'], $hour);
setcookie (pass,$_POST['pass'],$hour);
echo "****";
}
}
}
else
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
<th colspan=2>Login</th>
</tr>
<tr>
<td>Gamer Tag:</td>
<td><input type="text" name="tag" maxlength="40"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass" maxlength="50"></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>

<?php
}
?>
</div>
</body>
</html>

rafiki
07-31-2007, 12:43 AM
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Savage Life - Gears of War Clan</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="description" content="Savage Life is a Gears of war Clan, or team, that was created by Hollyw00d Cole, TGz Sh0tee, and Hulk Colegan to eliminate all opposing gears of war foes. We select only the players that play because they love to play, and are skilled at playing." />
<meta http-equiv="keywords" content="Gears of War Tournaments, gears of war tournament, gears of war, gear of war, gears of war 360, gears of war for xbox, gears of war for xbox 360, gears of war game, gears, savage life, clan, Gears of War Clan, Gears of War Team, Winners" />
<link rel="stylesheet" type="text/css" href="gearsStyle.css" />
</head>
<body>
<div class="all_banner"><img src="imgs/banners/sl-banner1.jpg" /></div>
<div class="all_menuBar">
<a class="all_menu" href="default.php">Home</a>
<a class="all_menu" href="about.php">About SL</a>
<a class="all_menu" href="members.php">SL Members</a>
<a class="all_menu" href="tournaments.php">SL Tournaments</a>
<a class="all_menu" href="blog.php">SL Blog</a>
<a class="all_menu" href="sponsor.php">Sponsors</a>
<a class="all_menu" href="request.php">Request to Join</a>
<a class="all_menu" href="login.php">SL LogIn</a>
</div>
<div class="login">
<?php

$username="**UserName**";
$databasePass="**PASSWORD**";
$database="**DATABASE**";
$server="**SERVER**";

mysql_connect($server,$username,$databasePass);
@mysql_select_db($database) or die( "Unable to select database");

if (isset($_COOKIE['gamerTag']))
{
$gamerTag=$_COOKIE['tag'];
$password=$_COOKIE['pass'];

$check=mysql_query("SELECT * FROM members WHERE gamerTag = '$gamerTag'")or die(mysql_error());

while($info=mysql_fetch_array($check))
{
if ($password!=$info['password'])
{
echo "AHHHHHH!";
}
else
{
echo "You are already logged in, what are you doing at this damn page!";
}
}
}

if (isset($_POST['submit']))
{
if (!$_POST['tag'] | !$_POST['pass'])
{
die('You did not fill in a required field.');
}

if (!get_magic_quotes_gpc())
{
$_POST['tag']=addslashes($_POST['tag']);
}

$check=mysql_query("SELECT * FROM members WHERE gamerTag = '".$_POST['tag']."'") or die(mysql_error());

$check2=mysql_num_rows($check);

if ($check2 == 0)
{
die('That user does not exist in our database. <a href="request.php">Click Here to Request to Join SL.</a>');
}

while ($info=mysql_fetch_array($check))
{
$_POST['pass']=stripslashes($_POST['pass']);
$info['password']=stripslashes($info['password']);
$_POST['pass']=md5($_POST['pass']);

if ($_POST['pass']!=$info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['tag']=stripslashes($_POST['tag']);
$hour=time() + 3600;
setcookie (tag, $_POST['tag'], $hour);
setcookie (pass,$_POST['pass'],$hour);
echo "****";
}
}
}
else
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
<th colspan=2>Login</th>
</tr>
<tr>
<td>Gamer Tag:</td>
<td><input type="text" name="tag" maxlength="40"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass" maxlength="50"></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>

<?php
}
?>
</div>
</body>
</html>

sorry had to do it for readability....
1st of all


if (!$_POST['tag'] | !$_POST['pass']) // you need 2 x | for an or so ||

apart from that i cant see anything wrong (im tired so may miss something obvious) but yeah i dont see headers being sent period let alone one after the other...

_Aerospace_Eng_
07-31-2007, 12:49 AM
Cookies need to be set before any output to the browser though TBH you aren't using cookies properly. It seems like you are trying to store valuable information in them. This is a very big security risk. I would use php sessions and then I would set up the error/success messages equal to varibles. Then in the php check to see if the errors/success variables are empty or not. If they aren't empty then echo them above the form.

<?php

$username="**UserName**";
$databasePass="**PASSWORD**";
$database="**DATABASE**";
$server="**SERVER**";

mysql_connect($server,$username,$databasePass);
@mysql_select_db($database) or die( "Unable to select database");

if (isset($_COOKIE['gamerTag']))
{
$gamerTag=$_COOKIE['tag'];
$password=$_COOKIE['pass'];

$check=mysql_query("SELECT * FROM members WHERE gamerTag = '$gamerTag'")or die(mysql_error());

while($info=mysql_fetch_array($check))
{
if ($password!=$info['password'])
{
echo "AHHHHHH!";
}
else
{
echo "You are already logged in, what are you doing at this damn page!";
}
}
}
if (isset($_POST['submit']))
{
if (!$_POST['tag'] || !$_POST['pass'])
{
die('You did not fill in a required field.');
}

if (!get_magic_quotes_gpc())
{
$_POST['tag']=addslashes($_POST['tag']);
}

$check=mysql_query("SELECT * FROM members WHERE gamerTag = '".$_POST['tag']."'") or die(mysql_error());

$check2=mysql_num_rows($check);

if ($check2 == 0)
{
die('That user does not exist in our database. <a href="request.php">Click Here to Request to Join SL.</a>');
}

while ($info=mysql_fetch_array($check))
{
$_POST['pass']=stripslashes($_POST['pass']);
$info['password']=stripslashes($info['password']);
$_POST['pass']=md5($_POST['pass']);

if ($_POST['pass']!=$info['password'])
{
die('Incorrect password, please try again.');
}
else
{
$_POST['tag']=stripslashes($_POST['tag']);
$hour=time() + 3600;
setcookie (tag, $_POST['tag'], $hour);
setcookie (pass,$_POST['pass'],$hour);
echo "****";
}
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Savage Life - Gears of War Clan</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="description" content="Savage Life is a Gears of war Clan, or team, that was created by Hollyw00d Cole, TGz Sh0tee, and Hulk Colegan to eliminate all opposing gears of war foes. We select only the players that play because they love to play, and are skilled at playing." />
<meta http-equiv="keywords" content="Gears of War Tournaments, gears of war tournament, gears of war, gear of war, gears of war 360, gears of war for xbox, gears of war for xbox 360, gears of war game, gears, savage life, clan, Gears of War Clan, Gears of War Team, Winners" />
<link rel="stylesheet" type="text/css" href="gearsStyle.css" />
</head>
<body>
<div class="all_banner"><img src="imgs/banners/sl-banner1.jpg" /></div>
<div class="all_menuBar"> <a class="all_menu" href="default.php">Home</a> <a class="all_menu" href="about.php">About SL</a> <a class="all_menu" href="members.php">SL Members</a> <a class="all_menu" href="tournaments.php">SL Tournaments</a> <a class="all_menu" href="blog.php">SL Blog</a> <a class="all_menu" href="sponsor.php">Sponsors</a> <a class="all_menu" href="request.php">Request to Join</a> <a class="all_menu" href="login.php">SL LogIn</a> </div>
<div class="login">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
<th colspan=2>Login</th>
</tr>
<tr>
<td>Gamer Tag:</td>
<td><input type="text" name="tag" maxlength="40"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="pass" maxlength="50"></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
</tr>
</table>
</form>
</div>
</body>
</html>
That should give you a start. I didn't change your cookies to sessions and I didn't assign your error/success messages to variables either. Your queries are also open to mysql injection as you don't clean your post variables properly. You should be using mysql_real_escape_string.

DaMenace
07-31-2007, 01:15 AM
So, I'm pretty new with PHP and SQL. So, what do you mean by clean my post variables properly? How would I use a mysql_real_escape_string to prevent mysql injection? And thanks, I don't get the error anymore, but now I have to get the page to actually do what I want it to do. Thank you both very much for your input. Any further knowledge is always helpful. Thanks for your time.

StupidRalph
07-31-2007, 02:11 AM
The PHP manual is a really helpful resource for a beginner as well as a veteran programmer. mysql_real_escape_string() (http://www.php.net/mysql-real-escape-string)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum