I am creating a login system for a website, this code itself works fine until I include this login file on the index page. Then everytime It is run it displays the following errors,

Warning: Cannot modify header information - headers already sent by (output started at /home/swap/public_html/login script/index.php:11) in /home/swap/public_html/login script/login.php on line 43

Warning: Cannot modify header information - headers already sent by (output started at /home/swap/public_html/login script/index.php:11) in /home/swap/public_html/login script/login.php on line 44

Warning: Cannot modify header information - headers already sent by (output started at /home/swap/public_html/login script/index.php:11) in /home/swap/public_html/login script/login.php on line 45


I understand that the header();

header("Location:account.php");

statement that redirects the page to the members page if the login details are correct should be placed above any html but I am not sure how to re structure my If statements to do this.

<?php
include'database_conn.php';//connect to the database
if(isset($_COOKIE['ID_my_site']))//checks if there is a login cookie
	{
		$username = $_COOKIE['ID_my_site'];//if there is a cookie it logs you in and directs you to the  page
		$pass = $_COOKIE['Key_my_site'];
		$check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error());
		while($info = mysql_fetch_array( $check ))
		{
			if ($pass != $info['password'])
			{
			}
			else
			{
				header("Location: account.php");
			}
		}
	}
if (isset($_POST['submit'])) {//runs if form has been submitted
	if(!$_POST['email'] | !$_POST['pass']) {//makes sure the user has filled the form in
		die('You did not fill in a required field.');
	}
	if (!get_magic_quotes_gpc()) {
		$_POST['email'] = addslashes($_POST['email']);//checks the form against the database
	}
	$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error());//gives error is user doesnt exsist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
		die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
	}
	while($info = mysql_fetch_array( $check ))
	{
	$_POST['pass'] = stripslashes($_POST['pass']);
	$info['password'] = stripslashes($info['password']);
	$_POST['pass'] = md5($_POST['pass']);

	if ($_POST['pass'] != $info['password']) {//gives error if the password is wrong
		die('Incorrect password, please try again.');
	}
	else {
	$_POST['email'] = stripslashes($_POST['email']);//if login is ok we add a cookie
	$hour = time() + 3600;
	setcookie(ID_my_site, $_POST['email'], $hour);
	setcookie(Key_my_site, $_POST['pass'], $hour);
	header("Location:account.php");//else redirect them to  account area
			}
		}
	}
	else
	{
?>
		<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"><!--if they are not logged in they must do so-->
		<table border="0">
		<tr><td colspan=2><h1>Login</h1></td></tr>
		<tr><td>Email:</td><td>
		<input type="text" name="email" maxlength="40">
		</td></tr>
		<tr><td>Password:</td><td>
		<input type="password" name="pass" maxlength="50">
		</td></tr>
		<tr><td colspan="2" align="right">
		<input type="submit" name="submit" value="Login">
		</td></tr>
		</table>
		</form>
	<?php
}
?>

any help would be greatly appreciated.

On line 20 you are using a single "|" to mean "or". You need TWO since you are not doing bitwise OR-ing. Furthermore, that line should be: if(!isset($_POST['email']) || empty($_POST['email']) || !isset($_POST['pass']) || empty($_POST['pass']) ) Also, change mysql_fetch_array() to mysql_fetch_assoc() Lastly, IMMEDIATELY after the header("Location: account.php"); put exit();

Generally ur php page should be such that all php coding appears on top of page and before html tags.

The error you are getting because of there is some thing in output before header function executes.
There should be no html tags or blank spaces before header.
I think you have some html tags before login.php included in index.php.

Post index.php code, i will clear your doubt.

This is the index page that includes the login page

<body>
<div id="site_wrapper">
	<div id="header_wrapper">
		<div id="header"><p>Header</p></div>
		<div id="login">
		<?include'process.login.php';?>
		</div>
	</div>

That is the problem. Your index page already sent <body>.... by the time you call header() . So you cannot include your login in the middle of your index.php page. You need to do so right at the beginning:

try:

<?php
include'database_conn.php';//connect to the database
$form='';
if(isset($_COOKIE['ID_my_site']))//checks if there is a login cookie
{
		$username = $_COOKIE['ID_my_site'];//if there is a cookie it logs you in and directs you to the  page
		$pass = $_COOKIE['Key_my_site'];
		$check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error());
		while($info = mysql_fetch_assoc( $check ))
		{
			if ($pass == $info['password'])
			{
				header("Location: account.php");
				exit;
			}
		}
}

if (isset($_POST['submit'])) {//runs if form has been submitted
	if(!isset($_POST['email']) || !isset($_POST['pass']) || empty($_POST['email']) || empty($_POST['pass']) ) {//makes sure the user has filled the form in
		die('You did not fill in a required field.');
	}
	if (!get_magic_quotes_gpc()) {
		$_POST['email'] = addslashes($_POST['email']);//checks the form against the database
	}
	$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'") or die(mysql_error());//gives error is user doesnt exsist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) {
		die('That user does not exist in our database. <a href="register.php">Click Here to Register</a>');
	}
	while($info = mysql_fetch_assoc( $check ))
	{
		$_POST['pass'] = stripslashes($_POST['pass']);
		$info['password'] = stripslashes($info['password']);
		$_POST['pass'] = md5($_POST['pass']);

		if ($_POST['pass'] != $info['password']) {//gives error if the password is wrong
			die('Incorrect password, please try again.');
		}
		else {
			$_POST['email'] = stripslashes($_POST['email']);//if login is ok we add a cookie
			$hour = time() + 3600;
			setcookie(ID_my_site, $_POST['email'], $hour);
			setcookie(Key_my_site, $_POST['pass'], $hour);
			header("Location: account.php");//else redirect them to  account area
			exit;
		}
	}
}

$form=<<<FORM

		<form action="{$_SERVER['PHP_SELF']}" method="post"><!--if they are not logged in they must do so-->
		<table border="0">
		<tr><td colspan=2><h1>Login</h1></td></tr>
		<tr><td>Email:</td><td>
		<input type="text" name="email" maxlength="40">
		</td></tr>
		<tr><td>Password:</td><td>
		<input type="password" name="pass" maxlength="50">
		</td></tr>
		<tr><td colspan="2" align="right">
		<input type="submit" name="submit" value="Login">
		</td></tr>
		</table>
		</form>
FORM;

?>

index.php

<?include'process.login.php';?>
<body>
<div id="site_wrapper">
	<div id="header_wrapper">
		<div id="header"><p>Header</p></div>
		<div id="login">
		<?php
			echo $form;
		?>
		</div>
	</div>

Another option is you use another php page for process of login and use that page name in action of form.

<form action="login_action.php" method="post"><!--if they are not logged in they must do so-->
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>

login_action.php

<?php
include'database_conn.php';//connect to the database

if (isset($_POST['submit'])) 
{
	//runs if form has been submitted
	if(!$_POST['email'] | !$_POST['pass']) 
	{//makes sure the user has filled the form in
		die('You did not fill in a required field.');
	}
	if (!get_magic_quotes_gpc()) 
	{
		$_POST['email'] = addslashes($_POST['email']);//checks the form against the database
	}
	$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error());//gives error is user doesnt exsist
	$check2 = mysql_num_rows($check);
	if ($check2 == 0) 
	{
		die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
	}
	while($info = mysql_fetch_array( $check ))
	{
		$_POST['pass'] = stripslashes($_POST['pass']);
		$info['password'] = stripslashes($info['password']);
		$_POST['pass'] = md5($_POST['pass']);
	
		if ($_POST['pass'] != $info['password'])
		{//gives error if the password is wrong
			die('Incorrect password, please try again.');
		}
		else 
		{
			$_POST['email'] = stripslashes($_POST['email']);//if login is ok we add a cookie
			$hour = time() + 3600;
			setcookie(ID_my_site, $_POST['email'], $hour);
			setcookie(Key_my_site, $_POST['pass'], $hour);
			header("Location:account.php");//else redirect them to  account area
			exit;
		}
	}
}

?>

Thankyou so much for your help guys, the problem has now been solved. In the end I went for vibhadevit's suggestion of using a seperate page to process it, although I understood yours aswell hielo!
Thanks guys

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.