Jump to content

Please help me to understand...

elmas156

By elmas156
in PHP Coding Help

 Share

Recommended Posts

elmas156 Regular Member

elmas156

Posted
Posted

Ok, if you've helped with any of my questions before (thanks again to those who have) you know that I'm fairly new to php and still learning.  This brings me to another question...

 

I have read the post on header errors and I understand that in order to prevent these errors or warnings I need to  process a form BEFORE OUTPUTTING ANYTHING TO THE BROWSER.  The thing is, I'm having a problem understanding how I can do this with the code that I have written.  Can someone please look at my code and explain what is causing the header warning that I'm getting and help me to understand how to fix it?

 

Here's my code (warning message is following the code):

<?php
session_start(); // Starts the session.
?>

<html>

<head>
<title>Welcome to CaresAbout.us!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<SCRIPT TYPE="text/javascript">    <!-- THIS IS LINE 11 -->
<!--
function popup(mylink, windowname)
{
if (! window.focus)return true;
var href;
if (typeof(mylink) == 'string')
   href=mylink;
else
   href=mylink.href;
window.open(href, windowname, 'width=400,height=200,scrollbars=yes');
return false;
}
//-->
</SCRIPT>


<style type="text/css">
<!--
html { overflow: -moz-scrollbars-vertical; }
html { overflow-x: auto; }

body {
background-color: #000000;
background-image: url(bg.png);
background-position: 50% 50%;
background-repeat: repeat-y
}
body,td,th {
font-family: Arial, Helvetica, sans-serif;
font-size: 14px;
}
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
.bluelink {color: #0000CC}
.blacklink {color: #000000}
-->
</style>

</head>

<body>

<div align="center">
<noscript><font size="+2" color="#000000"><strong>Some features of this site will not operate without Javascript enabled!<br>Please <a href="http://www.heart.org/HEARTORG/form/enablescript.html" class="bluelink">enable Javascript</a> in your browser to have full access.</strong></font></noscript>
  <table width="1000" height="175" border="0" cellpadding="0" cellspacing="0" style="background: transparent url('headbg.png') top center no-repeat;">
    <tr>
  <td height="125" width="160"> </td>
  <td height="125"> </td>
  <td height="125"> </td>
  <td height="125" width="160"> </td>
</tr>
<tr>
  <td height="50" width="160"> </td>
  
  <?php

include("conf.inc.php"); // Includes the db and form info.
if ($_SESSION['logged'] == 1) { // User is already logged in.
    $_SESSION['email'] = $email;
header("Location: main.php"); // Goes to main page.
exit(); // Stops the rest of the script.
} else {
if (!isset($_POST['submit'])) { // If the form HAS NOT been submitted.
	echo "<td width=\"320\" height=\"50\" align=\"left\" valign=\"middle\"> </td>";
      	echo "<td width=\"360\" height=\"50\" align=\"left\" valign=\"middle\">";
	echo "<form name=\"form\" action=\"index.php\" method=\"POST\" style=\"margin-bottom:0;\">";
	echo "<a href=\"signup.php\" class=\"bluelink\">Sign Me Up!</a>                  ";
	echo "<a href=\"pwordhelp.php\" class=\"bluelink\" onMouseOver=\"window.name = 'main'\" onClick=\"return popup(this, 'notes')\">Forgot Password</a><br>";
	echo "<input type=\"text\" name=\"email\" size=\"17\" value=\"Email...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Email...') {this.value=''; this.style.color='#000000'}\">    ";
	echo "<input type=\"password\" name=\"pword\" size=\"17\" value=\"Password...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Password...') {this.value=''; this.style.color='#000000';}\"> ";
	echo "<input type=\"submit\" name=\"submit\" value=\"Submit\">";
	echo "</form>";
} else {    // If the form HAS been submitted
	$email = form($_POST['email']);
	$pword = md5($_POST['pword']); // Encrypts the password.

	$q = mysql_query("SELECT * FROM `signin` WHERE email = '$email' AND pword = '$pword'") or die (mysql_error()); // mySQL query
	$r = mysql_num_rows($q); // Checks to see if anything is in the db. 

	if (!$r) { // There is nothing in the db. The username/password do not match up.

		echo "<td width=\"108\" height=\"50\" align=\"left\" valign=\"middle\"> </td>";
      		echo "<td width=\"572\" height=\"50\" align=\"left\" valign=\"middle\">";
		echo "<form name=\"form\" action=\"index.php\" method=\"POST\" style=\"margin-bottom:0;\">";
		echo "                                                     <a href=\"signup.php\" class=\"bluelink\">Sign Me Up!</a>                 ";
		echo "<a href=\"pwordhelp.php\" class=\"bluelink\" onClick=\"return popup(this, 'notes')\">Forgot Password</a><br>";
		echo "<font color=\"#FF0000\"><strong>Incorrect Email or Password.</strong></font>   ";
		echo "<input type=\"text\" name=\"email\" size=\"17\" value=\"Email...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Email...') {this.value=''; this.style.color='#000000'}\">    ";
		echo "<input type=\"password\" name=\"pword\" size=\"17\" value=\"Password...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Password...') {this.value=''; this.style.color='#000000';}\"> ";
		echo "<input type=\"submit\" name=\"submit\" value=\"Submit\">";
		echo "</form>";

	} else {      // If the username/password is valid

		$_SESSION['logged'] = 1; // Sets the session.
		$_SESSION['email'] = $email;
		header("Location: main.php"); // THIS IS LINE 118
		exit(); // Stops the rest of the script.

	}
}
}
?>
  
  </td>
  <td height="50" width="160"> </td>
</tr>
  </table>
</div>

<?php

echo "<div align=\"center\">";
echo "<table width=\"1000\" height=\"395\"  border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
  echo "<tr>";
      echo "<td width=\"160\" align=\"center\" valign=\"top\">";
  // Begin Column 1.
  
  include("left.inc.php");
  	  
  // End Column 1.
  echo "</td>"; 
      echo "<td width=\"680\" align=\"center\" valign=\"top\" style=\"background: #FFFFFF url('bottombg.png') bottom center no-repeat;\">";
  // Begin Column 2.

  echo "<table width=\"650\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
  	  echo "<tr>";
  echo" <td align=\"left\" valign=\"top\">";
  echo "<p><img src=\"nothing.gif\" height=\"5\"><br><img src=\"silouhette.png\" height=\"215\" width=\"325\" align=\"right\"><img src=\"nothing.gif\" height=\"215\" width=\"10\" align=\"right\"><div align=\"justify\"><font size=\"+2\"> <br>Welcome students! Now you can contact the teachers and staff members of your school easily, safely, and TOTALLY ANONYMOUSLY!  Just follow these directions:</font></div></p>";
  echo "<p><font size=\"+1\">1. If you haven't already, <a href=\"signup.php\" class=\"bluelink\">sign up</a> for an account.  We will never ask for your name,<br>    all you need is an email address (get one free at <a href=\"http://www.google.com/mail\" class=\"bluelink\" target=\"_blank\">Google.com</a>).<br><img src=\"nothing.gif\" height=\"5\"><br></font>";
  echo "**  It is very important that your email address is correct because a notification will be sent to your email<br>     when you receive a message from a staff member, otherwise you will NEVER be contacted by email.<br><img src=\"nothing.gif\" height=\"10\"><br>";
  echo "<font size=\"+1\">2. Sign in to your account using your email address and password that you chose<br>    when you signed up.<br><img src=\"nothing.gif\" height=\"10\"><br>";
  echo "3. Once you are signed in, you will be able to send anonymous messages to staff<br>    members, reply to staff members' messages, and play some cool games too!</p>";
  echo "<p><div align=\"center\"><font size=\"+3\">Thank you for using CaresAbout.us!</font></p>";
  echo "</td>";
  echo "</tr>";
  echo "</table>";
  
  // End Column 2.
  echo "</td>";
  echo "<td width=\"160\" align=\"center\" valign=\"top\">";
  // Begin Column 3.
  
  include ("right.inc.php");
  
  //  End Column 3.
  echo "</td>";
  echo "</tr>";
echo "</table>";
echo "</div>";

include("foot.inc.php");

?>

</body>
</html>

 

Here's the warning message that I'm getting:

Warning: Cannot modify header information - headers already sent by (output started at /home/content/29/6879529/html/calhoun/index.php:11) in /home/content/29/6879529/html/calhoun/index.php on line 118

 

Link to comment
Share on other sites
elmas156 Regular Member

elmas156

Posted
  • Author
Posted

OK, so I changed some things up and it's working now but I want to make sure that my fix isn't just a band aid fix and that I've done it the correct way.  Does this code look to be correct or do you see anything that might cause problems in the future?  Thanks for your help.

 

<?php
session_start(); // Starts the session.

include("conf.inc.php"); // Includes the db and form info.
if ($_SESSION['logged'] == 1) { // User is already logged in.
    $_SESSION['email'] = $email;
    header("Location: main.php"); // Goes to main page.
    exit(); // Stops the rest of the script.
}

        $email = form($_POST['email']);
        $pword = md5($_POST['pword']); // Encrypts the password.
        
        $q = mysql_query("SELECT * FROM `signin` WHERE email = '$email' AND pword = '$pword'") or die (mysql_error()); // mySQL query
        $r = mysql_num_rows($q); // Checks to see if anything is in the db.

if ($r) {    
$_SESSION['logged'] = 1; // Sets the session.
$_SESSION['email'] = $email;
header("Location: main.php");
exit();
}

?>

<html>

<head>
<title>Welcome to CaresAbout.us!</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<SCRIPT TYPE="text/javascript">
<!--
function popup(mylink, windowname)
{
if (! window.focus)return true;
var href;
if (typeof(mylink) == 'string')
   href=mylink;
else
   href=mylink.href;
window.open(href, windowname, 'width=400,height=200,scrollbars=yes');
return false;
}
//-->
</SCRIPT>


<style type="text/css">
<!--
html { overflow: -moz-scrollbars-vertical; }
html { overflow-x: auto; }

body {
    background-color: #000000;
    background-image: url(bg.png);
    background-position: 50% 50%;
    background-repeat: repeat-y
}
body,td,th {
    font-family: Arial, Helvetica, sans-serif;
    font-size: 14px;
}
a:link {
    text-decoration: none;
}
a:visited {
    text-decoration: none;
}
a:hover {
    text-decoration: none;
}
a:active {
    text-decoration: none;
}
.bluelink {color: #0000CC}
.blacklink {color: #000000}
-->
</style>

</head>

<body>

<div align="center">
<noscript><font size="+2" color="#000000"><strong>Some features of this site will not operate without Javascript enabled!<br>Please <a href="http://www.heart.org/HEARTORG/form/enablescript.html" class="bluelink">enable Javascript</a> in your browser to have full access.</strong></font></noscript>
  <table width="1000" height="175" border="0" cellpadding="0" cellspacing="0" style="background: transparent url('headbg.png') top center no-repeat;">
    <tr>
      <td height="125" width="160"> </td>
      <td height="125"> </td>
      <td height="125"> </td>
      <td height="125" width="160"> </td>
    </tr>
    <tr>
      <td height="50" width="160"> </td>
      
      <?php

    if (!isset($_POST['submit'])) { // If the form HAS NOT been submitted.
    
        echo "<td width=\"320\" height=\"50\" align=\"left\" valign=\"middle\"> </td>";
          echo "<td width=\"360\" height=\"50\" align=\"left\" valign=\"middle\">";
        echo "<form name=\"form\" action=\"index.php\" method=\"POST\" style=\"margin-bottom:0;\">";
        echo "<a href=\"signup.php\" class=\"bluelink\">Sign Me Up!</a>                  ";
        echo "<a href=\"pwordhelp.php\" class=\"bluelink\" onMouseOver=\"window.name = 'main'\" onClick=\"return popup(this, 'notes')\">Forgot Password</a><br>";
        echo "<input type=\"text\" name=\"email\" size=\"17\" value=\"Email...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Email...') {this.value=''; this.style.color='#000000'}\">    ";
        echo "<input type=\"password\" name=\"pword\" size=\"17\" value=\"Password...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Password...') {this.value=''; this.style.color='#000000';}\"> ";
        echo "<input type=\"submit\" name=\"submit\" value=\"Submit\">";
        echo "</form>";
        
    } else { // There is nothing in the db. The username/password do not match up.
        
        echo "<td width=\"108\" height=\"50\" align=\"left\" valign=\"middle\"> </td>";
        echo "<td width=\"572\" height=\"50\" align=\"left\" valign=\"middle\">";
        echo "<form name=\"form\" action=\"index.php\" method=\"POST\" style=\"margin-bottom:0;\">";
        echo "                                                     <a href=\"signup.php\" class=\"bluelink\">Sign Me Up!</a>                 ";
        echo "<a href=\"pwordhelp.php\" class=\"bluelink\" onClick=\"return popup(this, 'notes')\">Forgot Password</a><br>";
        echo "<font color=\"#FF0000\"><strong>Incorrect Email or Password.</strong></font>   ";
        echo "<input type=\"text\" name=\"email\" size=\"17\" value=\"Email...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Email...') {this.value=''; this.style.color='#000000'}\">    ";
        echo "<input type=\"password\" name=\"pword\" size=\"17\" value=\"Password...\" style=\"color: #999999\" onfocus=\"if (this.value == 'Password...') {this.value=''; this.style.color='#000000';}\"> ";
        echo "<input type=\"submit\" name=\"submit\" value=\"Submit\">";
        echo "</form>";
            
    }

?>
      
      </td>
      <td height="50" width="160"> </td>
    </tr>
  </table>
</div>

<?php

echo "<div align=\"center\">";
echo "<table width=\"1000\" height=\"395\"  border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
  echo "<tr>";
      echo "<td width=\"160\" align=\"center\" valign=\"top\">";
      // Begin Column 1.
      
      include("left.inc.php");
            
      // End Column 1.
      echo "</td>"; 
      echo "<td width=\"680\" align=\"center\" valign=\"top\" style=\"background: #FFFFFF url('bottombg.png') bottom center no-repeat;\">";
      // Begin Column 2.

      echo "<table width=\"650\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">";
        echo "<tr>";
      echo" <td align=\"left\" valign=\"top\">";
      echo "<p><img src=\"nothing.gif\" height=\"5\"><br><img src=\"silouhette.png\" height=\"215\" width=\"325\" align=\"right\"><img src=\"nothing.gif\" height=\"215\" width=\"10\" align=\"right\"><div align=\"justify\"><font size=\"+2\"> <br>Welcome students! Now you can contact the teachers and staff members of your school easily, safely, and TOTALLY ANONYMOUSLY!  Just follow these directions:</font></div></p>";
      echo "<p><font size=\"+1\">1. If you haven't already, <a href=\"signup.php\" class=\"bluelink\">sign up</a> for an account.  We will never ask for your name,<br>    all you need is an email address (get one free at <a href=\"http://www.google.com/mail\" class=\"bluelink\" target=\"_blank\">Google.com</a>).<br><img src=\"nothing.gif\" height=\"5\"><br></font>";
      echo "**  It is very important that your email address is correct because a notification will be sent to your email<br>     when you receive a message from a staff member, otherwise you will NEVER be contacted by email.<br><img src=\"nothing.gif\" height=\"10\"><br>";
      echo "<font size=\"+1\">2. Sign in to your account using your email address and password that you chose<br>    when you signed up.<br><img src=\"nothing.gif\" height=\"10\"><br>";
      echo "3. Once you are signed in, you will be able to send anonymous messages to staff<br>    members, reply to staff members' messages, and play some cool games too!</p>";
      echo "<p><div align=\"center\"><font size=\"+3\">Thank you for using CaresAbout.us!</font></p>";
      echo "</td>";
      echo "</tr>";
      echo "</table>";
      
      // End Column 2.
      echo "</td>";
      echo "<td width=\"160\" align=\"center\" valign=\"top\">";
      // Begin Column 3.
      
      include ("right.inc.php");
      
      //  End Column 3.
      echo "</td>";
  echo "</tr>";
echo "</table>";
echo "</div>";

include("foot.inc.php");

?>

</body>
</html>

Link to comment
Share on other sites
Pikachu2000 Prolific Member

Pikachu2000

Posted
Posted

I didn't go over the entire script, but the changes look fine to me. I'd make one edit, though.

 

From this:

if ($r) {

 

To this:

if ($r == 1) {

 

Since you should only ever match one record in the database for each user, check that it matches one, and only one record. Any other result indicates either failure to match, or ambiguity. Ambiguity can indicate a serious problem with the data, in which case allowing a login probably isn't the best idea . . .

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.