i want to restrict access to only admin so i entred this onto my page at http://www.mywebsite.com/members/index.php?section=news

Code:

<?php session_start();
require_once '../settings.php';
checkLogin ('1'); ?>


on setting.php i have it as

Code:

function checkLogin ( $levels )
{
session_start ();
global $db;
$kt = split ( ' ', $levels );

if ( ! $_SESSION['logged_in'] ) {

$access = FALSE;

if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie

$query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query
$row = $db->getRow ( $query );

//let's see if we pass the validation, no monkey business
if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {
//we set the sessions so we don't repeat this step over and over again
$_SESSION['user_id'] = $row->ID;
$_SESSION['logged_in'] = TRUE;

//now we check the level access, we might not have the permission
if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
//we do?! horray!
$access = TRUE;
}
}
}
}
}
else {
$access = FALSE;

if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
$access = TRUE;
}
}

if ( $access == FALSE ) {
echo "error";
}
}

the problem is that when i user who is not the admin enters the page it shows error at the top then the rest of the page benith... surly it shud just say error and protect the rest of the information

if i loggin as admin the the word error does not show :S

Look that script tells the page to echo error if $access is false and then display the page content because you've closed the PHP tags after the include and log in check. So you have to tell it to echo error if $access = false and tell it to show the page when $access = true.
for settings.php:
elseif ( $access ==TRUE ) {
?>

For the news page add this at the end of your code:
<?php
}
?>

This should fix the problem. If not please post back. Please be aware though that these are general instructions and you might wanna play around with it a bit.

hey thanks for that but im still a little confused

hey guys im still stuck... any advances onto how to solve this?

// ------------------------------------------------------------------------

/**
* checkLogin
*
* Applies restrictions to visitors based on membership and level access
* Also handles cookie based "remember me" feature
*
* @access public
* @param string
* @return bool TRUE/FALSE
*/


function checkLogin ( $levels )
{
session_start ();
global $db;
$kt = split ( ' ', $levels );

if ( ! $_SESSION['logged_in'] ) {

$access = FALSE;

if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie

$query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query
$row = $db->getRow ( $query );

//let's see if we pass the validation, no monkey business
if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {
//we set the sessions so we don't repeat this step over and over again
$_SESSION['user_id'] = $row->ID;
$_SESSION['logged_in'] = TRUE;

//now we check the level access, we might not have the permission
if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
//we do?! horray!
$access = TRUE;
}
}
}
}
}
else {
$access = FALSE;

if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
$access = TRUE;
}
}

if ( $access == FALSE ) {
echo "error";
}
}

how can i edit the code so that a user who is not admin gets sent to a different page... and error page??

how can i edit the code so that a user who is not admin gets sent to a different page... and error page??
to send the user to other page, use header function:


header("Location: http://where.users.go/error-here.php");


I presume you know that you must don't echo/print nothing before header and you know where to put this line in your script. I guess will replace echo "error" but I don't follow your code, so it's just a guess.

regards

could i not use something like
if ($access == FALSE) {

exit("You are not an administrator, access to this page is restricted to administrators");

}

i thought i could but makes me have a blank page

how can i edit the code so that a user who is not admin gets sent to a different page... and error page??

for this use header

could i not use something like
if ($access == FALSE) {

exit("You are not an administrator, access to this page is restricted to administrators");

}

i thought i could but makes me have a blank page
you could use this instead, but in this case the user is not send anywhere.

combined method:
use header to redirect to a error page

that means:

if($access == FALSE){
header("Location: put the path here/noadmin-error.php");
}


noadmin-error.php

<?php
echo "You are not an administrator, access to this page is restricted to administrators";
// some code/link/button to help user to go somewhere from here
?>


regards

thnaks thats helping i just get an error Warning: Cannot modify header information - headers already sent by (output started at /home/runningp/public_html/members/index.php:4) in /home/runningp/public_html/functions.php on line 57

problem is on my index.php it looks like this

<?php ini_set('error_reporting', E_ALL);
session_start();
?>
<style type="text/css">
<!--
body {
margin-left: 1px;
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
}
-->
</style>
<?php include ("../header.php");

require_once '../settings.php';
$id = $_SESSION['user_id']; ?>

<table colspan='0' width="100%" cellpadding="0" bgcolor="#FFFFFF">
<tr>
<td width="13%" height="505" align="center" valign="top"><table width="100%" height="505" align="center" bgcolor="#D6E0E0">
<tr>
<td height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p>
<p><? if($id == 1){
echo "<a href=\"admin/index.php\">Admin Index</a>\n";
}?></p></td>
</tr>
<tr>
<td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><a href="http://www.runningprofiles.com/logout.php">Logout</a></td>
</tr>


</table></td>
<td width="87%" align="left" valign="top">

<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";
if (file_exists($file)) {
require($file);
}
?></td>
</tr>

</table></td>
</tr>
</table>

and there is no header on line 4 :S

function checkLogin ( $levels )
{
session_start ();
global $db;
$kt = split ( ' ', $levels );

if ( ! $_SESSION['logged_in'] ) {

$access = FALSE;

if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie

$query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query
$row = $db->getRow ( $query );

//let's see if we pass the validation, no monkey business
if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {
//we set the sessions so we don't repeat this step over and over again
$_SESSION['user_id'] = $row->ID;
$_SESSION['logged_in'] = TRUE;

//now we check the level access, we might not have the permission
if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
//we do?! horray!
$access = TRUE;
}
}
}
}
}
else {
$access = FALSE;

if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
$access = TRUE;
}
}

if ( $access == FALSE ) {
header('Location: http://www.runningprofiles.com/members/index.php?section=error');
}
}


redirected it as http://www.runningprofiles.com/members/index.php?section=error as in my main index i have this <?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";
if (file_exists($file)) {
require($file);
}
?>

I presume you know that you must don't echo/print nothing before header and you know where to put this line in your script. I guess will replace echo "error" but I don't follow your code, so it's just a guess.
the style element is output too, despite the fact that is not echo/print, is in page


problem is on my index.php it looks like this

if you want to check something you must do before output anything from your index.php


move:

<?php include ("../header.php");

require_once '../settings.php';
$id = $_SESSION['user_id']; ?>

before <style ..., maybe will work

regards

so how can i check somthing before outputing on index.php when index is my main file that every 1 can access :S

so how can i check somthing before outputing on index.php when index is my main file that every 1 can access :S

index.php:

<?php
// here is the checking code before anything else in the file,
// that means BEFORE OUTPUTING SOMETHING
// you can put anything here if you don't print/echo aka output

// the following part is output
?>
<style type="ugly"/>

<?php
// what's inside this tags is not output if I don't print/echo/var_dump/print_r/...
?>


regards

ok so i tried lkike you said and did this <?php ini_set('error_reporting', E_ALL);
session_start();
include ("../header.php");
require_once '../settings.php';
?>
<style type="text/css">
<!--
body {
margin-left: 1px;
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
}
-->
</style>
<?php
$id = $_SESSION['user_id']; ?>
<table colspan='0' width="100%" cellpadding="0" bgcolor="#FFFFFF">
<tr>
<td width="13%" height="505" align="center" valign="top"><table width="100%" height="505" align="center" bgcolor="#D6E0E0">
<tr>
<td height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p>
<p><? if ($id == 1) {
echo "<a href=\"admin/index.php\">Admin Index</a>\n";
} ?></p></td>
</tr>
<tr>
<td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><a href="http://www.runningprofiles.com/logout.php">Logout</a></td>
</tr>
</table></td>
<td width="87%" align="left" valign="top">
<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/" . $section . ".php";
if (file_exists($file)) {
require ($file);
}
?></td>
</tr>
</table></td>
</tr> and yet still gtting the error

ok so i tried lkike you said and did this
...
and yet still gtting the error

try to comment this:
<?php // ini_set('error_reporting', E_ALL);

the session start, is called twice, once here and once in the call of checkLogin. This have nothing to do with this error but is not normal.

session_start();
include ("../header.php");
require_once '../settings.php';
?>
<style type="text/css">

other thing, where did you call checkLogin? I don't see anywhere, it must be somewhere before style.

regards

i check it within functionn.... i did what you said nd i still gt the error

i check it within functionn.... i did what you said nd i still gt the error
where in your code did you call checkLogin?

regards

ok what it does issss

on my new.php file i have this

<?php session_start();
require_once '../settings.php';
checkLogin ('1');
?>
<p>News Page</p>

ok what it does issss

on my new.php file i have this

<?php session_start();
require_once '../settings.php';
checkLogin ('1');
?>
<p>News Page</p>


I don't know if is what you want, but I guess that work:


You have tried to access (none) your ip has been logged xxx.xxx.xxx.xxx


this is the output for new.php from your server. This is what you want?

regards

nooooo lol thats wrong page :P


what it is that when a user is logged on then the admin can see certain pages but the users cant...thats all i really want lol

bmping

i tried to do this

<?php
ini_set('error_reporting', E_ALL);
session_start();
include ("../header.php");
require_once '../settings.php';
$id = $_SESSION['user_id'];
?>

<style type="text/css">
<!--
body {
margin-left: 1px;
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
}
-->
</style>
<table colspan='0' width="100%" cellpadding="0" bgcolor="#FFFFFF">
<tr>
<td width="13%" height="505" align="center" valign="top"><table width="100%" height="505" align="center" bgcolor="#D6E0E0">
<tr>
<td height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p>
<p><? if($id == 1){ echo "<a href=\"admin/index.php\">Admin Index</a>\n";}?></p>
</td>
</tr>
<tr>
<td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><a href="http://www.runningprofiles.com/logout.php">Logout</a>
</td>
</tr>
</table>
</td>
<td width="87%" align="left" valign="top">
<?php
if (isset($_GET['section'])) {
$section = $_GET['section'];
} else {
$section = 'main';
}
$file = "include/".$section.".php";
if (file_exists($file)) {
require($file);
}
?>
</td>
</tr>
</table>
</td>
</tr>
</table>

but it still keeps telling me that Warning: Cannot modify header information - headers already sent by (output started at /home/runningp/public_html/header.php:2) in /home/runningp/public_html/functions.php on line 57

header only has <title>Home - RunningProfiles</title>
<style type="text/css">
<!--
.style1 {
font-size: 110px;
font-family: Chiller;
color: 0000000;
font-style: italic;
font-weight: bold;
}
-->
</style>
<table width="100%" height="120">
<tr>
<td bordercolor="#000000" bgcolor="99b3b4"><table width="100%">
<tr>
<td width="10%">&nbsp;</td>
<td width="80%"><div align="center" class="style1">Running Profiles</div></td>
<td width="10%">&nbsp;</td>
</tr>
</table></td>
</tr>
</table>

line 57 is header('Location: http://www.runningprofiles.com/members/error.php');

line 57 is header('Location: http://www.runningprofiles.com/members/error.php');

include and family works like you cut and past the content of that file instead of include line.
You have output before calling header function. The problem is very simple, you must move the code, keeping in mind how include work and the logic flow, before any html or php echo/print and you are the only one that can solve this.

regards

Seems to me it's working now?
http://www.runningprofiles.com/members/error.php

Headers should be sent before all output. This means, your sessions_start() should be called before you output anythin else. Output can be tricky. For instance, if error_reporting is set to (E_ALL) and you receive a notice, headers cannot be sent anymore. So set error_reporting(0) to test your headers.

Second, even a space before the starting <?php is being processed as output. You can use as much spaces as you like within the <?php ?> tags, but be careful not to use spaces outside of those tags.

Good luck!

hey im affread its not still working lol

i keep getting Warning: Cannot modify header information - headers already sent by (output started at /home/runningp/public_html/members/index.php:8) in /home/runningp/public_html/functions.php on line 57

and i have tried everything

ok im as stuck as anything here i have tryed moveing my bits around with no such luck... so in 1 last effort that sum 1 will be able to help i will post all the code and you might be able to see why its so hard to do :(

ok so first is my index.php

<?php
ini_set('error_reporting', E_ALL);
session_start();
require_once '../settings.php';
$id = $_SESSION['user_id'];
include ("../header.php");
?>
<style type="text/css">
<!--
body {
margin-left: 1px;
margin-top: 1px;
margin-right: 1px;
margin-bottom: 1px;
}
-->
</style>

<table colspan='0' width="100%" cellpadding="0" bgcolor="#FFFFFF">
<tr>
<td width="13%" height="505" align="center" valign="top"><table width="100%" height="505" align="center" bgcolor="#D6E0E0">
<tr>
<td height="58" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><p>Menu</p>
<p><? if($id == 1){ echo "<a href=\"admin/index.php\">Admin Index</a>\n";}?></p>
</td>
</tr>
<tr>
<td height="361" colspan="2" align="center" valign="top" bgcolor="#D6E0E0"><a href="http://www.runningprofiles.com/logout.php">Logout</a>
</td>
</tr>
</table>
</td>
<td width="87%" align="left" valign="top">
<? $page = $_GET['page'];
if (ereg('[A-Za-z0-9]',$page) ) {
if (file_exists('include/'.$page.'.php')) {
include('include/'.$page.'.php');
} else {
include('include/main.php');
}
} else {
include('include/main.php');
}?>
</td>
</tr>
</table>
</td>
</tr>
</table>
</td>
</tr>
</table>


then i have my news.php

<?php session_start();
require_once '../settings.php';
checkLogin ('1');
?>
<p>News Page</p> basicly all i want to do is if the user is an admin they can see news page and if not the gat sent away this is done by finctions.php

<?php
// ------------------------------------------------------------------------

/**
* checkLogin
*
* Applies restrictions to visitors based on membership and level access
* Also handles cookie based "remember me" feature
*
* @access public
* @param string
* @return bool TRUE/FALSE
*/


function checkLogin ( $levels )
{
session_start ();
global $db;
$kt = split ( ' ', $levels );

if ( ! $_SESSION['logged_in'] ) {

$access = FALSE;

if ( isset ( $_COOKIE['cookie_id'] ) ) {//if we have a cookie

$query = 'SELECT * FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $_COOKIE['cookie_id'] );

if ( $db->RecordCount ( $query ) == 1 ) {//only one user can match that query
$row = $db->getRow ( $query );

//let's see if we pass the validation, no monkey business
if ( $_COOKIE['authenticate'] == md5 ( getIP () . $row->Password . $_SERVER['USER_AGENT'] ) ) {
//we set the sessions so we don't repeat this step over and over again
$_SESSION['user_id'] = $row->ID;
$_SESSION['logged_in'] = TRUE;

//now we check the level access, we might not have the permission
if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
//we do?! horray!
$access = TRUE;
}
}
}
}
}
else {
$access = FALSE;

if ( in_array ( get_level_access ( $_SESSION['user_id'] ), $kt ) ) {
$access = TRUE;
}
}

if ( $access == FALSE ) {
header('Location: http://www.runningprofiles.com/members/error.php');
}
}

// ------------------------------------------------------------------------

/**
* get_level_access
*
* Returns the level access of a given user
*
* @param string
* @access public
* @return string
*/

function get_level_access ( $user_id )
{
global $db;
$row = $db->getRow ( 'SELECT Level_access FROM ' . DBPREFIX . 'users WHERE ID = ' . $db->qstr ( $user_id ) );
return $row->Level_access;
}

// ------------------------------------------------------------------------

/**
* logout
*
* Handles logouts
*
* @param none
* @access public
*/

function logout ()
{
//session must be started before anything
session_start ();

//if we have a valid session
if ( $_SESSION['logged_in'] == TRUE )
{
//unset the sessions (all of them - array given)
unset ( $_SESSION );
//destroy what's left
session_destroy ();
}

//It is safest to set the cookies with a date that has already expired.
if ( isset ( $_COOKIE['cookie_id'] ) && isset ( $_COOKIE['authenticate'] ) ) {
/**
* uncomment the following line if you wish to remove all cookies
* (don't forget to comment ore delete the following 2 lines if you decide to use clear_cookies)
*/
//clear_cookies ();
setcookie ( "cookie_id", '', time() - KEEP_LOGGED_IN_FOR, COOKIE_PATH );
setcookie ( "authenticate", '', time() - KEEP_LOGGED_IN_FOR, COOKIE_PATH );
}

//redirect the user to the default "logout" page
header ( "Location: " . REDIRECT_ON_LOGOUT );
}

// ------------------------------------------------------------------------

/**
* clear_cookies
*
* Clears the cookies
* Not used by default but present if needed
*
* @param none
* @access public
*/

function clear_cookies ()
{
// unset cookies
if ( isset( $_SERVER['HTTP_COOKIE'] ) ) {
$cookies = explode ( ';', $_SERVER['HTTP_COOKIE'] );
//loop through the array of cookies and set them in the past
foreach ( $cookies as $cookie ) {
$parts = explode ( '=', $cookie );
$name = trim ( $parts [ 0 ] );
setcookie ( $name, '', time() - KEEP_LOGGED_IN_FOR );
setcookie ( $name, '', time() - KEEP_LOGGED_IN_FOR, '/' );
}
}
}

// ------------------------------------------------------------------------

/**
* set_login_sessions - sets the login sessions
*
* @access public
* @param string
* @return none
*/

function set_login_sessions ( $user_id, $password, $remember )
{
//start the session


//set the sessions
$_SESSION['user_id'] = $user_id;
$_SESSION['logged_in'] = TRUE;

//do we have "remember me"?
if ( $remember ) {
setcookie ( "cookie_id", $user_id, time() + KEEP_LOGGED_IN_FOR, COOKIE_PATH );
setcookie ( "authenticate", md5 ( getIP () . $password . $_SERVER['USER_AGENT'] ), time() + KEEP_LOGGED_IN_FOR, COOKIE_PATH );
}
}

// ------------------------------------------------------------------------

/**
* Validate if email
*
* Determines if the passed param is a valid email
*
* @access public
* @param string
* @return bool
*/

function valid_email ( $str )
{
return ( ! preg_match ( "/^([a-z0-9\+_\-]+)(\.[a-z0-9\+_\-]+)*@([a-z0-9\-]+\.)+[a-z]{2,6}$/ix", $str ) ) ? FALSE : TRUE;
}

// ------------------------------------------------------------------------

/**
* Check unique
*
* Performs a check to determine if one parameter is unique in the database
*
* @access public
* @param string
* @param string
* @return bool
*/


function checkUnique ( $field, $compared )
{
global $db;

$query = $db->getRow ( "SELECT COUNT(*) as total FROM `" . DBPREFIX . "users` WHERE " . $field . " = " . $db->qstr ( $compared ) );

if ( $query->total == 0 ) {
return TRUE;
}
else {
return FALSE;
}
}

// ------------------------------------------------------------------------

/**
* Validate if numeric
*
* Validates string against numeric characters
*
* @access public
* @param string
* @return bool
*/


function numeric ( $str )
{
return ( ! ereg ( "^[0-9\.]+$", $str ) ) ? FALSE : TRUE;
}

// ------------------------------------------------------------------------

/**
* Validate if alfa numeric
*
* Validates string against alpha numeric characters
*
* @access public
* @param string
* @return bool
*/

function alpha_numeric ( $str )
{
return ( ! preg_match ( "/^([-a-z0-9])+$/i", $str ) ) ? FALSE : TRUE;
}

// ------------------------------------------------------------------------

/**
* Create a Random String
*
* Useful for generating passwords or hashes.
*
* @access public
* @param string type of random string. Options: alunum, numeric, nozero, unique
* @param none
* @return string
*/


function random_string ( $type = 'alnum', $len = 8 )
{
switch ( $type )
{
case 'alnum' :
case 'numeric' :
case 'nozero' :

switch ($type)
{
case 'alnum' : $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
break;
case 'numeric' : $pool = '0123456789';
break;
case 'nozero' : $pool = '123456789';
break;
}

$str = '';
for ( $i=0; $i < $len; $i++ )
{
$str .= substr ( $pool, mt_rand ( 0, strlen ( $pool ) -1 ), 1 );
}
return $str;
break;
case 'unique' : return md5 ( uniqid ( mt_rand () ) );
break;
}
}

// ------------------------------------------------------------------------

/**
* Get username - Returns the username of the logged in member based on session ID
*
* @access public
* @param string
* @return string/bool
*/


function get_username ( $id )
{
global $db;

$query = "SELECT `Username` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

if ( $db->RecordCount ( $query ) == 1 )
{
$row = $db->getRow ( $query );

return $row->Username;
}
else {
return FALSE;
}
}
// ------------------------------------------------------------------------

/**
* Get id - Returns the username of the logged in member based on session ID
*
* @access public
* @param string
* @return string/bool
*/

function get_id ( $id )
{
global $db;

$query = "SELECT `ID` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

if ( $db->RecordCount ( $query ) == 1 )
{
$row = $db->getRow ( $query );

return $row->ID;
}
else {
return FALSE;
}
}
/**
* Get email- Returns the email of the logged in member based on session ID
*
* @access public
* @param string
* @return string/bool
*/
function get_email ( $id )
{
global $db;

$query = "SELECT `Email` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

if ( $db->RecordCount ( $query ) == 1 )
{
$row = $db->getRow ( $query );

return $row->Email;
}
else {
return FALSE;
}
}
// ------------------------------------------------------------------------

/**
* Is admin - Determines if the logged in member is an admin
*
* @access public
* @param string
* @return bool
*/


function isadmin ( $id )
{
global $db;

$query = "SELECT `Level_access` FROM `" . DBPREFIX . "users` WHERE `ID` = " . $db->qstr ( $id );

if ( $db->RecordCount ( $query ) == 1 )
{
$row = $db->getRow ( $query );

if ( $row->Level_access == 1 )
{
return TRUE;
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}

// ------------------------------------------------------------------------

/**
* html2txt - converts html to text
*
* @access public
* @param string
* @return string
*/

function html2txt ( $document )
{
$search = array("'<script[^>]*?>.*?</script>'si", // strip out javascript
"'<[\/\!]*?[^<>]*?>'si", // strip out html tags
"'([\r\n])[\s]+'", // strip out white space
"'@<![\s\S]*?–[ \t\n\r]*>@'",
"'&(quot|#34|#034|#x22);'i", // replace html entities
"'&(amp|#38|#038|#x26);'i", // added hexadecimal values
"'&(lt|#60|#060|#x3c);'i",
"'&(gt|#62|#062|#x3e);'i",
"'&(nbsp|#160|#xa0);'i",
"'&(iexcl|#161);'i",
"'&(cent|#162);'i",
"'&(pound|#163);'i",
"'&(copy|#169);'i",
"'&(reg|#174);'i",
"'&(deg|#176);'i",
"'&(#39|#039|#x27);'",
"'&(euro|#8364);'i", // europe
"'&a(uml|UML);'", // german
"'&o(uml|UML);'",
"'&u(uml|UML);'",
"'&A(uml|UML);'",
"'&O(uml|UML);'",
"'&U(uml|UML);'",
"'&szlig;'i",
);
$replace = array( "",
"",
" ",
"\"",
"&",
"<",
">",
" ",
chr(161),
chr(162),
chr(163),
chr(169),
chr(174),
chr(176),
chr(39),
chr(128),
"ä",
"ö",
"ü",
"Ä",
"Ö",
"Ü",
"ß",
);

$text = preg_replace($search,$replace,$document);

return trim ( $text );
}

// ------------------------------------------------------------------------

/**
* send_email - Handles all emailing from one place
*
* @access public
* @param string
* @return bool TRUE/FALSE
*/

function send_email ( $subject, $to, $body )
{
require ( BASE_PATH . "/lib/phpmailer/class.phpmailer.php" );

$mail = new PHPMailer();

//do we use SMTP?
if ( USE_SMTP ) {
$mail->IsSMTP();
$mail->SMTPAuth = true;
$mail->Host = SMTP_HOST;
$mail->Port = SMTP_PORT;
$mail->Password = SMTP_PASS;
$mail->Username = SMTP_USER;
}

$mail->From = ADMIN_EMAIL;
$mail->FromName = DOMAIN_NAME;
$mail->AddAddress( $to );
$mail->AddReplyTo ( ADMIN_EMAIL, DOMAIN_NAME );
$mail->Subject = $subject;
$mail->Body = $body;
$mail->WordWrap = 100;
$mail->IsHTML ( MAIL_IS_HTML );
$mail->AltBody = html2txt ( $body );

if ( ! $mail->Send() ) {
if ( RUN_ON_DEVELOPMENT ) {
echo $mail->ErrorInfo;//spit that bug out :P
}
return FALSE;
}
else {
return TRUE;
}
}

/**
* ip_first - let's get a clean ip
*
* @access public
* @param string
* @return string
*/

function ip_first ( $ips )
{
if ( ( $pos = strpos ( $ips, ',' ) ) != false ) {
return substr ( $ips, 0, $pos );
}
else {
return $ips;
}
}

/**
* ip_valid - will try to determine if a given ip is valid or not
*
* @access public
* @param string
* @return bool
*/

function ip_valid ( $ips )
{
if ( isset( $ips ) ) {
$ip = ip_first ( $ips );
$ipnum = ip2long ( $ip );
if ( $ipnum !== -1 && $ipnum !== false && ( long2ip ( $ipnum ) === $ip ) ) {
if ( ( $ipnum < 167772160 || $ipnum > 184549375 ) && // Not in 10.0.0.0/8
( $ipnum < - 1408237568 || $ipnum > - 1407188993 ) && // Not in 172.16.0.0/12
( $ipnum < - 1062731776 || $ipnum > - 1062666241 ) ) // Not in 192.168.0.0/16
return true;
}
}
return false;
}

/**
* getIP - returns the IP of the visitor
*
* @access public
* @param none
* @return string
*/

function getIP ()
{
$check = array(
'HTTP_X_FORWARDED_FOR', 'HTTP_X_FORWARDED', 'HTTP_FORWARDED_FOR',
'HTTP_FORWARDED', 'HTTP_VIA', 'HTTP_X_COMING_FROM', 'HTTP_COMING_FROM',
'HTTP_CLIENT_IP'
);

foreach ( $check as $c ) {
if ( ip_valid ( &$_SERVER [ $c ] ) ) {
return ip_first ( $_SERVER [ $c ] );
}
}

return $_SERVER['REMOTE_ADDR'];
}



/**
* sanitize - a real sanitizer
*
* @access public
* @param none
* @return string
*/

function sanitize ( $var, $santype = 3 )
{
if ( $santype == 1 ) {
return strip_tags ( $var );
}
if ( $santype == 2 ) {
return htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' );
}
if ( $santype == 3 ) {
if ( ! get_magic_quotes_gpc () ) {
return addslashes ( htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' ) );
}
else {
return htmlentities ( strip_tags ( $var ), ENT_QUOTES, 'UTF-8' );
}
}
}
?>
and also header with is coming up alot in my errors is only [code]<title>Home - RunningProfiles</title>
<style type="text/css">
<!--
.style1 {
font-size: 110px;
font-family: Chiller;
color: 0000000;
font-style: italic;
font-weight: bold;
}
-->
</style>
<table width="100%" height="120">
<tr>
<td bordercolor="#000000" bgcolor="99b3b4"><table width="100%">
<tr>
<td width="10%">&nbsp;</td>
<td width="80%"><div align="center" class="style1">Running Profiles</div></td>
<td width="10%">&nbsp;</td>
</tr>
</table></td>
</tr>
</table> [/php]

so i want my news.php to show up if admin opens it in here <?php session_start();
require_once '../settings.php';
checkLogin ('1');
?>

but i get the error Warning: Cannot modify header information - headers already sent by (output started at /home/runningp/public_html/members/index.php:8) in /home/runningp/public_html/functions.php on line 57