Jump to content


Login Form errors

Started by Forgotten, Nov 06 2005 12:37 PM

10 replies to this topic

#1 Forgotten

    Young Padawan

  • Members
  • Pip
  • 63 posts

Posted 06 November 2005 - 12:37 PM

Hello, I followed a tutorial on how to make an almost flawless login script with MD5 password hashing, SIDs, and of course, page protection. I have some errors and I am wondering if anyone can help me out.

LOGIN.PHP
<?php include('header.php'); ?>
	<tr valign="top" height="20">
  <td valign="top" height="20">
 	 <?php
    $path = $_SERVER['PHP_SELF'];
    $title = basename($path);        // $file is set to "index.php"
    $title = basename($path, ".php"); // $file is set to "index"
    echo "<h1>$title</h1>";
 	 ?>
  </td>
	</tr>
	<tr>
  <td valign="top" width="580">

 	 <?php
    if ($_POST) { //If user has submitted data from form
   	 if ($_POST['username'] == "" || $_POST['password'] == "") { //If any of the fields are empty
      $error = "One or more fields are empty, please fill in all the fields";
   	 } else { //Fields are not empty
      session_start(); // Needed to initialise session variables (i.e. start session :D)
      $_SESSION['username'] == $_POST['username'];
      $_SESSION['password'] == $_POST['password'];
      header("location: admin.php?sid=".strip_tags(session_id())."); //Redirect to protected.php, but can be whatever you want (your staff index page)
   	 }
    }
    if (isset($_GET['id'])) {//if the id var exists in the url
   	 $error = "One or more fields you have entered are incorrect, please try again";
    } 
 	 ?>

 	 <form method="POST" action="login.php">
 	 <p>Username:<input type="text" name="username" size="20"></p>
 	 <p>Password: <input type="password" name="password" size="20"></p>
 	 <p><input type="submit" value="Login" name="Submit"></p>
 	 </form>
 	 <?php
    echo $error;
 	 ?>
  </td>
  <td valign="top" width="136"><h3>Affiliates:</h3><br /><?php include('affiliates.php'); ?></td>
	</tr>
<?php include('footer.php'); ?>

FUNCTIONS.PHP
<?php
$database = "REMOVED";
$dbusername = "REMOVED";
$dbpassword = "REMOVED";
$dbhost = "localhost";

function connectToDatabase() {
	global $database, $dbusername, $dbpassword, $dbhost; //make the vars accessible from inside the function
	$link = mysql_connect($dbhost, $dbusername, $dbpassword) or die('Could not connect: ' . mysql_error()); //connect
	mysql_select_db($database) or die('Could not select database'); //select the db to use
}
?>

<?php
function authenticateUser() {
	session_start();
	$query = "SELECT username FROM users WHERE username = '".$_SESSION['username']."' AND password = '".md5($_SESSION[password])."';"; //Select from database the username & password the user entered
	$result = mysql_query($query) or die('Query failed: ' . mysql_error()); //Query the db
	if (!isset($_GET['sid'])) { // If the sid URL var exists in the url
  header("location: login.php?id=1"); //does not exists
	} else { //sid exists
  if ($_GET['sid'] != session_id()) { //check URL sid with current sid
 	 header("location: login.php?id=1"); //does not match
  }
	}
	if (!mysql_num_rows($result)) { //If no match
  header("location: login.php?id=0"); //redirect to login page with username/password error
	}
}
?>


ANY PAGE THAT IS PROTECTED (MUST LOGIN FIRST)
<?php
include_once("functions.php");
connectToDatabase();
authenticateUser();
?>
<!-- continue page here -->

There errors I get are the following:

When attempting to load the page login.php:

Quote

Parse error: parse error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/djill/public_html/v2/login.php on line 26

When attempting to load a protected page (eg admin.php):

Quote

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/djill/public_html/v2/functions.php:14) in /home/djill/public_html/v2/functions.php on line 16

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/djill/public_html/v2/functions.php:14) in /home/djill/public_html/v2/functions.php on line 16

Warning: Cannot modify header information - headers already sent by (output started at /home/djill/public_html/v2/functions.php:14) in /home/djill/public_html/v2/functions.php on line 20

Warning: Cannot modify header information - headers already sent by (output started at /home/djill/public_html/v2/functions.php:14) in /home/djill/public_html/v2/functions.php on line 27

<!-- Entire page shows -->


Thanks very much!

#2 Squid

    Young Padawan

  • Members
  • Pip
  • 132 posts
  • Location:Netherlands
  • Interests:Webdesign, php coding, visual basic programming

Posted 06 November 2005 - 02:10 PM

About the login.php:

<?php include('header.php'); ?>
<tr valign="top" height="20">
 <td valign="top" height="20">
  <?php
   $path = $_SERVER['PHP_SELF'];
   $title = basename($path);        // $file is set to "index.php"
   $title = basename($path, ".php"); // $file is set to "index"
   echo "<h1>$title</h1>";
  ?>
 </td>
</tr>
<tr>
 <td valign="top" width="580">

  <?php
   if ($_POST) { //If user has submitted data from form
    if ($_POST['username'] == "" || $_POST['password'] == "") { //If any of the fields are empty
     $error = "One or more fields are empty, please fill in all the fields";
    } else { //Fields are not empty
     session_start(); // Needed to initialise session variables (i.e. start session :D)
     $_SESSION['username'] == $_POST['username'];
     $_SESSION['password'] == $_POST['password'];
     header("location: admin.php?sid=".strip_tags(session_id())."); //Redirect to protected.php, but can be whatever you want (your staff index page)
    }
   }
   if (isset($_GET['id'])) {//if the id var exists in the url
    $error = "One or more fields you have entered are incorrect, please try again";
   } 
  ?>

I'm guessing, from what I've seen in a quick way, that there's one too many '}' on line 26:

protected.php, but can be whatever you want (your staff index page)
}
}

Remove one and try it again.. In the meanwhile I'll try looking what's wrong.

#3 Forgotten

    Young Padawan

  • Members
  • Pip
  • 63 posts

Posted 06 November 2005 - 02:42 PM

I dont see what you mean by removing one of the '}'. Which one do I remove?

And from what I can tell, the if structure is as follows:

if {
  if {
    //code
  }else{
    //code
  }
}
if {
  //code
}

that looks valid to me, I dont think it has to do with a '}'

#4 rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 06 November 2005 - 02:57 PM

T_WHITE_SPACE is not a closing brace, it normally would include the "}" if it was (maybe a $ sometimes, don't quote me though).

As for the first error, this is where Dreamweaver comes in handy. Code coloring helps you pick out when something goes semi-wrong.
} else { //Fields are not empty
     session_start(); // Needed to initialise session variables (i.e. start session :D)
     $_SESSION['username'] == $_POST['username'];
     $_SESSION['password'] == $_POST['password'];
     header("location: admin.php?sid=".strip_tags(session_id())); //Redirect to protected.php, but can be whatever you want (your staff index page)
    }
   }
You had an extra quote after the strip_tags() that shouldn't have been there.

As for the session error, try these links first.
http://php.net/manua...tion.header.php
http://www.pixel2lif...showtopic=11768

#5 Forgotten

    Young Padawan

  • Members
  • Pip
  • 63 posts

Posted 06 November 2005 - 04:36 PM

rc69, on Nov 6 2005, 07:57 PM, said:

T_WHITE_SPACE is not a closing brace, it normally would include the "}" if it was (maybe a $ sometimes, don't quote me though).

As for the first error, this is where Dreamweaver comes in handy.  Code coloring helps you pick out when something goes semi-wrong.
} else { //Fields are not empty
     session_start(); // Needed to initialise session variables (i.e. start session :D)
     $_SESSION['username'] == $_POST['username'];
     $_SESSION['password'] == $_POST['password'];
     header("location: admin.php?sid=".strip_tags(session_id())); //Redirect to protected.php, but can be whatever you want (your staff index page)
    }
   }
You had an extra quote after the strip_tags() that shouldn't have been there.

As for the session error, try these links first.
http://php.net/manua...tion.header.php
http://www.pixel2lif...showtopic=11768
ok awesome, the login.php page now works but when I try to login (usr & pass) I get this error:

Quote

<!-- Page shows -->

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/djill/public_html/v2/header.php:6) in /home/djill/public_html/v2/login.php on line 20

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/djill/public_html/v2/header.php:6) in /home/djill/public_html/v2/login.php on line 20

Warning: Cannot modify header information - headers already sent by (output started at /home/djill/public_html/v2/header.php:6) in /home/djill/public_html/v2/login.php on line 23

<!-- Rest of Page shows (login form) -->

and as for the sessions, you say its because header information MUST be the first thing to be called before anything else? And adding ob_start() will somehow fix this?

Please give an example on how to use it... thanks

(Going to try it) According to PHP.net, using it like so

Quote

<?php

<!-- Omitted Code... -->

if (!isset($_GET['sid'])) { // If the sid URL var exists in the url
  function outputone() {
  header("location: login.php?id=1"); //does not exists
  }
  ob_start("outputone");
} else { //sid exists
  if ($_GET['sid'] != session_id()) { //check URL sid with current sid
  function outputtwo() {
    header("location: login.php?id=1"); //does not match
  }
  ob_start("outputtwo");
  }
}
if (!mysql_num_rows($result)) { //If no match
  function outputthree() {
  header("location: login.php?id=0"); //redirect to login page with
username/password error
  }
  ob_start("outputthree");
}
}

ob_end_flush();

?>

Edited by Forgotten, 06 November 2005 - 04:41 PM.

#6 Squid

    Young Padawan

  • Members
  • Pip
  • 132 posts
  • Location:Netherlands
  • Interests:Webdesign, php coding, visual basic programming

Posted 06 November 2005 - 04:41 PM

Forgotten, on Nov 6 2005, 07:42 PM, said:

I dont see what you mean by removing one of the '}'. Which one do I remove?

And from what I can tell, the if structure is as follows:

if {
  if {
    //code
  }else{
    //code
  }
}
if {
  //code
}

that looks valid to me, I dont think it has to do with a '}'
Yes you're right, I missed one, my apolagies.

#7 Forgotten

    Young Padawan

  • Members
  • Pip
  • 63 posts

Posted 06 November 2005 - 08:19 PM

its ok, got any idea what to do now?

#8 rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 06 November 2005 - 08:38 PM

Well, you managed to take what php.net said a little to well, and after actually reading the page, i see where you got confused.

<?php
// Omitted Code... 
ob_start();
if (!isset($_GET['sid'])) { // If the sid URL var exists in the url
  header("location: login.php?id=1"); //does not exists
} else { //sid exists
  if ($_GET['sid'] != session_id()) { //check URL sid with current sid
    header("location: login.php?id=1"); //does not match
  }
  if (!mysql_num_rows($result)) { //If no match
    header("location: login.php?id=0"); //redirect to login page with 
username/password error
  }
}

ob_end_flush();
?>
http://www.pixel2life.com/forums/index.php...indpost&p=59326 = explaination

#9 Forgotten

    Young Padawan

  • Members
  • Pip
  • 63 posts

Posted 06 November 2005 - 09:39 PM

has made no difference.

#10 rc69

    PHP Master PD

  • P2L Staff
  • PipPipPipPip
  • 3,827 posts
  • Gender:Male
  • Location:Here
  • Interests:Web Development

Posted 07 November 2005 - 04:11 PM

Break down of the error.
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/djill/public_html/v2/header.php:6) in /home/djill/public_html/v2/login.php on line 20
Can't send the cookie... headers already sent on line 6 in header.php
headers trying to be sent from login.php on line 20... sorry.

In other words, you need to place the ob_start() before line 6 of header.php, or do this
<?php
ob_start();
 include('header.php');
?>
<tr valign="top" height="20">
 <td valign="top" height="20">
  <?php
   $title = basename($_SERVER['PHP_SELF'], ".php"); // $file is set to "index"
   echo "<h1>$title</h1>";
  ?>
 </td>
</tr>
<tr>
 <td valign="top" width="580">

  <?php
   if ($_POST) { //If user has submitted data from form
    if ($_POST['username'] == "" || $_POST['password'] == "") { //If any of the fields are empty
     $error = "One or more fields are empty, please fill in all the fields";
    } else { //Fields are not empty
     session_start(); // Needed to initialise session variables (i.e. start session :D)
     $_SESSION['username'] == $_POST['username'];
     $_SESSION['password'] == $_POST['password'];
     header("location: admin.php?sid=".strip_tags(session_id())); //Redirect to protected.php, but can be whatever you want (your staff index page)
    }
   }
   if (isset($_GET['id'])) {//if the id var exists in the url
    $error = "One or more fields you have entered are incorrect, please try again";
   }
ob_end_flush();
  ?>

  <form method="POST" action="login.php">
  <p>Username:<input type="text" name="username" size="20"></p>
  <p>Password: <input type="password" name="password" size="20"></p>
  <p><input type="submit" value="Login" name="Submit"></p>
  </form>
  <?php
   echo $error;
  ?>
 </td>
 <td valign="top" width="136"><h3>Affiliates:</h3><br /><?php include('affiliates.php'); ?></td>
</tr>
<?php include('footer.php'); ?>
I also corrected something you took to literally again with basename().

#11 Forgotten

    Young Padawan

  • Members
  • Pip
  • 63 posts

Posted 07 November 2005 - 07:30 PM

GREAT IT WORKS! BWAHAHAHA!!!

all it needed was:

1. your above post
2. moving ob_start(); to the very beginning of functions.php!

:D I feel pretty oh so pretty... *sings*
Back to Programming and General Web Design · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Pixel2Life Forum
  2. Help Section
  3. Programming and General Web Design