Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Warning: Cannot modify header information - headers already sent by (Help)

    I am trying to create a login that stores a cookie on the users computer using PHP. Everything works fine when the user inputs the wrong password (tells them that they are wrong), unless they enter the right password then I get this error message.

    ----------------------
    Warning: Cannot modify header information - headers already sent by (output started at /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php:7) in /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php on line 88

    Warning: Cannot modify header information - headers already sent by (output started at /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php:7) in /misc/16/185/551/037/8/user/web/gow-savagelife.com/login.php on line 89
    ----------------------

    Does anyone know how I can fix this? I've looked at line 7 on the login page and nothing seems wrong there. I've also read some threads that say White Space is the main reason for this error, but I do not quite understand what that means.

    Here is the code for the site - if anyone can tell what is going on that would be much apreciated.

    ---------------------

    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>Savage Life - Gears of War Clan</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <meta http-equiv="description" content="Savage Life is a Gears of war Clan, or team, that was created by Hollyw00d Cole, TGz Sh0tee, and Hulk Colegan to eliminate all opposing gears of war foes. We select only the players that play because they love to play, and are skilled at playing." />
    <meta http-equiv="keywords" content="Gears of War Tournaments, gears of war tournament, gears of war, gear of war, gears of war 360, gears of war for xbox, gears of war for xbox 360, gears of war game, gears, savage life, clan, Gears of War Clan, Gears of War Team, Winners" />
    <link rel="stylesheet" type="text/css" href="gearsStyle.css" />
    </head>
    <body>
    <div class="all_banner"><img src="imgs/banners/sl-banner1.jpg" /></div>
    <div class="all_menuBar">
    <a class="all_menu" href="default.php">Home</a>
    <a class="all_menu" href="about.php">About SL</a>
    <a class="all_menu" href="members.php">SL Members</a>
    <a class="all_menu" href="tournaments.php">SL Tournaments</a>
    <a class="all_menu" href="blog.php">SL Blog</a>
    <a class="all_menu" href="sponsor.php">Sponsors</a>
    <a class="all_menu" href="request.php">Request to Join</a>
    <a class="all_menu" href="login.php">SL LogIn</a>
    </div>
    <div class="login">
    <?php

    $username="**UserName**";
    $databasePass="**PASSWORD**";
    $database="**DATABASE**";
    $server="**SERVER**";

    mysql_connect($server,$username,$databasePass);
    @mysql_select_db($database) or die( "Unable to select database");

    if (isset($_COOKIE['gamerTag']))
    {
    $gamerTag=$_COOKIE['tag'];
    $password=$_COOKIE['pass'];

    $check=mysql_query("SELECT * FROM members WHERE gamerTag = '$gamerTag'")or die(mysql_error());

    while($info=mysql_fetch_array($check))
    {
    if ($password!=$info['password'])
    {
    echo "AHHHHHH!";
    }
    else
    {
    echo "You are already logged in, what are you doing at this damn page!";
    }
    }
    }

    if (isset($_POST['submit']))
    {
    if (!$_POST['tag'] | !$_POST['pass'])
    {
    die('You did not fill in a required field.');
    }

    if (!get_magic_quotes_gpc())
    {
    $_POST['tag']=addslashes($_POST['tag']);
    }

    $check=mysql_query("SELECT * FROM members WHERE gamerTag = '".$_POST['tag']."'") or die(mysql_error());

    $check2=mysql_num_rows($check);

    if ($check2 == 0)
    {
    die('That user does not exist in our database. <a href="request.php">Click Here to Request to Join SL.</a>');
    }

    while ($info=mysql_fetch_array($check))
    {
    $_POST['pass']=stripslashes($_POST['pass']);
    $info['password']=stripslashes($info['password']);
    $_POST['pass']=md5($_POST['pass']);

    if ($_POST['pass']!=$info['password'])
    {
    die('Incorrect password, please try again.');
    }
    else
    {
    $_POST['tag']=stripslashes($_POST['tag']);
    $hour=time() + 3600;
    setcookie (tag, $_POST['tag'], $hour);
    setcookie (pass,$_POST['pass'],$hour);
    echo "****";
    }
    }
    }
    else
    {
    ?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr>
    <th colspan=2>Login</th>
    </tr>
    <tr>
    <td>Gamer Tag:</td>
    <td><input type="text" name="tag" maxlength="40"></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><input type="password" name="pass" maxlength="50"></td>
    </tr>
    <tr>
    <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
    </tr>
    </table>
    </form>

    <?php
    }
    ?>
    </div>
    </body>
    </html>

  • #2
    Senior Coder rafiki's Avatar
    Join Date
    Aug 2006
    Location
    Floating around somewhere...
    Posts
    2,046
    Thanks
    19
    Thanked 42 Times in 42 Posts
    PHP Code:
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>Savage Life - Gears of War Clan</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <meta http-equiv="description" content="Savage Life is a Gears of war Clan, or team, that was created by Hollyw00d Cole, TGz Sh0tee, and Hulk Colegan to eliminate all opposing gears of war foes. We select only the players that play because they love to play, and are skilled at playing." />
    <meta http-equiv="keywords" content="Gears of War Tournaments, gears of war tournament, gears of war, gear of war, gears of war 360, gears of war for xbox, gears of war for xbox 360, gears of war game, gears, savage life, clan, Gears of War Clan, Gears of War Team, Winners" />
    <link rel="stylesheet" type="text/css" href="gearsStyle.css" />
    </head>
    <body>
    <div class="all_banner"><img src="imgs/banners/sl-banner1.jpg" /></div>
    <div class="all_menuBar">
    <a class="all_menu" href="default.php">Home</a>
    <a class="all_menu" href="about.php">About SL</a>
    <a class="all_menu" href="members.php">SL Members</a>
    <a class="all_menu" href="tournaments.php">SL Tournaments</a>
    <a class="all_menu" href="blog.php">SL Blog</a>
    <a class="all_menu" href="sponsor.php">Sponsors</a>
    <a class="all_menu" href="request.php">Request to Join</a>
    <a class="all_menu" href="login.php">SL LogIn</a>
    </div>
    <div class="login">
    <?php

    $username
    ="**UserName**";
    $databasePass="**PASSWORD**";
    $database="**DATABASE**";
    $server="**SERVER**";

    mysql_connect($server,$username,$databasePass);
    @
    mysql_select_db($database) or die( "Unable to select database");

    if (isset(
    $_COOKIE['gamerTag']))
    {
    $gamerTag=$_COOKIE['tag'];
    $password=$_COOKIE['pass'];

    $check=mysql_query("SELECT * FROM members WHERE gamerTag = '$gamerTag'")or die(mysql_error());

    while(
    $info=mysql_fetch_array($check))
    {
    if (
    $password!=$info['password'])
    {
    echo 
    "AHHHHHH!";
    }
    else
    {
    echo 
    "You are already logged in, what are you doing at this damn page!";
    }
    }
    }

    if (isset(
    $_POST['submit']))
    {
    if (!
    $_POST['tag'] | !$_POST['pass'])
    {
    die(
    'You did not fill in a required field.');
    }

    if (!
    get_magic_quotes_gpc())
    {
    $_POST['tag']=addslashes($_POST['tag']);
    }

    $check=mysql_query("SELECT * FROM members WHERE gamerTag = '".$_POST['tag']."'") or die(mysql_error());

    $check2=mysql_num_rows($check);

    if (
    $check2 == 0)
    {
    die(
    'That user does not exist in our database. <a href="request.php">Click Here to Request to Join SL.</a>');
    }

    while (
    $info=mysql_fetch_array($check))
    {
    $_POST['pass']=stripslashes($_POST['pass']);
    $info['password']=stripslashes($info['password']);
    $_POST['pass']=md5($_POST['pass']);

    if (
    $_POST['pass']!=$info['password'])
    {
    die(
    'Incorrect password, please try again.');
    }
    else
    {
    $_POST['tag']=stripslashes($_POST['tag']);
    $hour=time() + 3600;
    setcookie (tag$_POST['tag'], $hour);
    setcookie (pass,$_POST['pass'],$hour);
    echo 
    "****";
    }
    }
    }
    else
    {
    ?>
    <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
    <table border="0">
    <tr>
    <th colspan=2>Login</th>
    </tr>
    <tr>
    <td>Gamer Tag:</td>
    <td><input type="text" name="tag" maxlength="40"></td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><input type="password" name="pass" maxlength="50"></td>
    </tr>
    <tr>
    <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
    </tr>
    </table>
    </form>

    <?php
    }
    ?>
    </div>
    </body>
    </html>
    sorry had to do it for readability....
    1st of all
    PHP Code:
    if (!$_POST['tag'] | !$_POST['pass']) // you need 2 x | for an or so || 
    apart from that i cant see anything wrong (im tired so may miss something obvious) but yeah i dont see headers being sent period let alone one after the other...
    Last edited by rafiki; 07-30-2007 at 11:47 PM.

  • #3
    Supreme Master coder! _Aerospace_Eng_'s Avatar
    Join Date
    Dec 2004
    Location
    In a place far, far away...
    Posts
    19,291
    Thanks
    2
    Thanked 1,043 Times in 1,019 Posts
    Cookies need to be set before any output to the browser though TBH you aren't using cookies properly. It seems like you are trying to store valuable information in them. This is a very big security risk. I would use php sessions and then I would set up the error/success messages equal to varibles. Then in the php check to see if the errors/success variables are empty or not. If they aren't empty then echo them above the form.
    PHP Code:
    <?php

    $username
    ="**UserName**";
    $databasePass="**PASSWORD**";
    $database="**DATABASE**";
    $server="**SERVER**";

    mysql_connect($server,$username,$databasePass);
    @
    mysql_select_db($database) or die( "Unable to select database");

    if (isset(
    $_COOKIE['gamerTag']))
    {
        
    $gamerTag=$_COOKIE['tag'];
        
    $password=$_COOKIE['pass'];
        
        
    $check=mysql_query("SELECT * FROM members WHERE gamerTag = '$gamerTag'")or die(mysql_error());
        
        while(
    $info=mysql_fetch_array($check))
        {
            if (
    $password!=$info['password'])
            {
                echo 
    "AHHHHHH!";
            }
            else
            {
                echo 
    "You are already logged in, what are you doing at this damn page!";
            }
        }
    }
    if (isset(
    $_POST['submit']))
    {
        if (!
    $_POST['tag'] || !$_POST['pass'])
        {
            die(
    'You did not fill in a required field.');
        }

        if (!
    get_magic_quotes_gpc())
        {
            
    $_POST['tag']=addslashes($_POST['tag']);
        }

        
    $check=mysql_query("SELECT * FROM members WHERE gamerTag = '".$_POST['tag']."'") or die(mysql_error());

        
    $check2=mysql_num_rows($check);

        if (
    $check2 == 0)
        {
            die(
    'That user does not exist in our database. <a href="request.php">Click Here to Request to Join SL.</a>');
        }

        while (
    $info=mysql_fetch_array($check))
        {
            
    $_POST['pass']=stripslashes($_POST['pass']);
            
    $info['password']=stripslashes($info['password']);
            
    $_POST['pass']=md5($_POST['pass']);

            if (
    $_POST['pass']!=$info['password'])
            {
                die(
    'Incorrect password, please try again.');
            }
            else
            {
                
    $_POST['tag']=stripslashes($_POST['tag']);
                
    $hour=time() + 3600;
                
    setcookie (tag$_POST['tag'], $hour);
                
    setcookie (pass,$_POST['pass'],$hour);
                echo 
    "****";
            }
        }
    }
    ?>
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
    <html>
    <head>
    <title>Savage Life - Gears of War Clan</title>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <meta http-equiv="description" content="Savage Life is a Gears of war Clan, or team, that was created by Hollyw00d Cole, TGz Sh0tee, and Hulk Colegan to eliminate all opposing gears of war foes. We select only the players that play because they love to play, and are skilled at playing." />
    <meta http-equiv="keywords" content="Gears of War Tournaments, gears of war tournament, gears of war, gear of war, gears of war 360, gears of war for xbox, gears of war for xbox 360, gears of war game, gears, savage life, clan, Gears of War Clan, Gears of War Team, Winners" />
    <link rel="stylesheet" type="text/css" href="gearsStyle.css" />
    </head>
    <body>
    <div class="all_banner"><img src="imgs/banners/sl-banner1.jpg" /></div>
    <div class="all_menuBar"> <a class="all_menu" href="default.php">Home</a> <a class="all_menu" href="about.php">About SL</a> <a class="all_menu" href="members.php">SL Members</a> <a class="all_menu" href="tournaments.php">SL Tournaments</a> <a class="all_menu" href="blog.php">SL Blog</a> <a class="all_menu" href="sponsor.php">Sponsors</a> <a class="all_menu" href="request.php">Request to Join</a> <a class="all_menu" href="login.php">SL LogIn</a> </div>
    <div class="login">
        <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
            <table border="0">
                <tr>
                    <th colspan=2>Login</th>
                </tr>
                <tr>
                    <td>Gamer Tag:</td>
                    <td><input type="text" name="tag" maxlength="40"></td>
                </tr>
                <tr>
                    <td>Password:</td>
                    <td><input type="password" name="pass" maxlength="50"></td>
                </tr>
                <tr>
                    <td colspan="2" align="right"><input type="submit" name="submit" value="Login"></td>
                </tr>
            </table>
        </form>
    </div>
    </body>
    </html>
    That should give you a start. I didn't change your cookies to sessions and I didn't assign your error/success messages to variables either. Your queries are also open to mysql injection as you don't clean your post variables properly. You should be using mysql_real_escape_string.
    ||||If you are getting paid to do a job, don't ask for help on it!||||

  • #4
    New to the CF scene
    Join Date
    Jul 2007
    Posts
    2
    Thanks
    0
    Thanked 0 Times in 0 Posts
    So, I'm pretty new with PHP and SQL. So, what do you mean by clean my post variables properly? How would I use a mysql_real_escape_string to prevent mysql injection? And thanks, I don't get the error anymore, but now I have to get the page to actually do what I want it to do. Thank you both very much for your input. Any further knowledge is always helpful. Thanks for your time.

  • #5
    Senior Coder
    Join Date
    Mar 2003
    Location
    Atlanta
    Posts
    1,037
    Thanks
    14
    Thanked 30 Times in 28 Posts
    The PHP manual is a really helpful resource for a beginner as well as a veteran programmer. mysql_real_escape_string()
    Most of my questions/posts are fairly straightforward and simple. I post long verbose messages in an attempt to be thorough.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •