Hi all:

I am pretty new to php and am currently trying to make a simple website with a login script. I am however having a problem with the header already being set. I understand that this is because of having whitespace or calling certain things before setting the header, but I am having trouble thinking of how to change the script. I was wondering if anyone could help me with this.

Here is the code:

<?php
Session_start();
include "wconfig.php";
if (isset($_POST['submit'])) {
$query = "SELECT username, password FROM user " .
         "WHERE username = '" . $_POST['username'] . "' " .
         "AND password = '" . $_POST['password'] . "' ";
    $result = mysql_query($query)
     or die(mysql_error());
 if (mysql_num_rows($result) ==1) {
     $_SESSION['user_logged'] = $_POST['username'];
     $_SESSION['user_password'] = $_POST['password'];
     header ("refresh: 5; URL=" .  $_POST['redirect'] ."");
     echo "you are being redirected to your original page request!<br>";
     echo "(If your browser doesn't support this, " . "<a href=\"" . $_POST['redirect']. "\">Click Here</a> )";
 } else {
?>
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
  <title> Bob and Anthony</title>
  <link rel="stylesheet" type="text/css" href="basic.css">
</head>
<body id="home">
<div id="container">
 <div id="masterhead">
 <div id="main-image">
 </div>
 <div id="side-image">
 </div>
 </div>
</div>
 <?php include('textfiles/navi.txt');?>
 <div id="content">
  <center>
   <p>
   Invalid Username and/or Password<br>
   Not registered?
   <a href="register.php">Click Here</a> to register.<br>
     <form action="login.php" method="post">
      <input type="hidden" name="redirect" value="<?php echo $_POST['redirect'];?>">
      Username: <input type="text" name="username"><br>
      Password: <input type="text" name="password"><br><br>
      <input type="submit" name="submit" value="Login">
     </form>
   </center>
   </div>
   <div id="sidebar">
   Please enter your username and password.
   <br>
   <br>
   Entering the wrong username and password will result in you being returned to this page.
   <br>
   <br>
   <br>
   </div>
 <?php include('textfiles/footer.txt');?>
</body>
</html>
<?php
   }
} else {
  if (isset($_GET['redirect'])){
    $redirect = $_GET['redirect'];
  } else {
    $redirect = "index.php";
  }
?>
<html>
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
  <title> Bob and Anthony</title>
  <link rel="stylesheet" type="text/css" href="basic.css">
</head>
<body id="home">
<div id="container">
 <div id="masterhead">
 <div id="main-image">
 </div>
 <div id="side-image">
 </div>
 </div>
</div>
 <?php include('textfiles/navi.txt');?>
 <div id="content">
  <center>
      <form action="login.php" method="post">
       <input type="hidden" name="redirect" value="<?php echo $redirect; ?>">
       Username: <input type="text" name="username"><br>
       Password: <input type="text" name="password"><br><br>
       <input type="submit" name="submit" value="Login">
     </form>
   </center>
   </div>
   <div id="sidebar">
   Please enter your username and password.
   <br>
   <br>
   Entering the wrong username and password will result in you being returned to this page.
   <br>
   <br>
   <br>
   </div>
 <?php include('textfiles/footer.txt');?>
</body>
</html>
<?php
}
?>

Thank you in advance for the help.

wconfig.php contains all the database information:

<?php
define('SQL_HOST','localhost');
define('SQL_USER','root');
define('SQL_PASS','');
define('SQL_DB','wedding');
$connect = mysql_connect(SQL_HOST, SQL_USER, SQL_PASS)
	or die('Could not connect to MySQL database. ' . mysql_error());
	$create = mysql_query("CREATE DATABASE IF NOT EXISTS wedding")
	 or die(mysql_error());
	mysql_select_db(SQL_DB,$connect)
	or die('Could not connect to MySQL database. ' . mysql_error());
?>

Your session_start on line 2 and the header on line 13 are probably conflicting as they both cause output to the browser (session_start creates a cookie). You may get some resolution by putting the session_start on the first line with the <?PHP (that's what I've read but I don't know the reason). If that doesn't help using ob_start and ob_end_clean before and after the session_start may let you work around it.

Thanks for the help, I have got the login script working now. Thank you for the advice guys.

Glad we helped :)
Mark it solved then!

If you will write two lines of code you should not see any error. Then if you replace big part of the code slowly, you will find where the error exactly is.
PHP is interpreter language, it is not a compiler language, so if you go slowly by each line of the code lines, you will be able to know the cause of the error.
If you have already removed space towards the bottom part of the PHP file.

<?php
session_start();
echo 'there should not be any error on header alreadys sent, by writing these two lines of code';
?>
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.