Hello, I'm trying to create user registration for a class website using WAMP. I have the register and activation pages working, but I am getting the same error for login, logout, forgot password, etc pages.

The error is:

An error occurred in script 'C:\wamp\www\login.php' on line 42: Cannot modify header information - headers already sent by (output started at C:\wamp\www\login.php:1)

<?php
// This is the login page for the site.

require_once ('includes/config.inc.php'); 
$page_title = 'Login';
include ('includes/header.html');

if (isset($_POST['submitted'])) {
	require_once ('..\mysqli_connect.php');
	
	// Validate the username:
	if (!empty($_POST['username'])) {
		$u = mysqli_real_escape_string ($dbc, $_POST['username']);
	} else {
		$u = FALSE;
		echo '<p class="error">You forgot to enter your username!</p>';
	}
	
	// Validate the password:
	if (!empty($_POST['pass'])) {
		$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
	} else {
		$p = FALSE;
		echo '<p class="error">You forgot to enter your password!</p>';
	}
	
	if ($u && $p) { // If everything's OK.
	
		// Query the database:
		$q = "SELECT user_id, fname FROM users WHERE (username='$u' AND pass=SHA1('$p'))";		
		$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
		
		if (@mysqli_num_rows($r) == 1) { // A match was made.

			// Register the values & redirect:
			$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
			mysqli_free_result($r);
			mysqli_close($dbc);
							
			$url = BASE_URL; // Define the URL:
			ob_end_clean(); // Delete the buffer.
			header("Location: $url");
			exit(); // Quit the script.
				
		} else { // No match was made.
			echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
		}
		
	} else { // If everything wasn't OK.
		echo '<p class="error">Please try again.</p>';
	}
	
	mysqli_close($dbc);

} // End of SUBMIT conditional.
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" /></p>
	<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the HTML footer.
include ('includes/footer.html');
?>

I've googled this issue and it seems that it is a whitespace issue? I've checked this in my header and config.inc.php files and there is no empty whitespace. Any ideas?

you're getting that error because you're outputting content before that statement

your line 6 is "include ('includes/header.html');"

Move your entire php code above your line 6

like this? I tried to login with this modified code and i am still getting the same error at header("Location: $url");

<?php
// This is the login page for the site.
//include ('includes/header.html');
require_once ('includes/config.inc.php'); 
$page_title = 'Login';
if (isset($_POST['submitted'])) {
	require_once ('..\mysqli_connect.php');
	
	// Validate the username:
	if (!empty($_POST['username'])) {
		$u = mysqli_real_escape_string ($dbc, $_POST['username']);
	} else {
		$u = FALSE;
		echo '<p class="error">You forgot to enter your username!</p>';
	}
	
	// Validate the password:
	if (!empty($_POST['pass'])) {
		$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
	} else {
		$p = FALSE;
		echo '<p class="error">You forgot to enter your password!</p>';
	}
	
	if ($u && $p) { // If everything's OK.
	
		// Query the database:
		$q = "SELECT user_id, fname FROM users WHERE (username='$u' AND pass=SHA1('$p'))";		
		$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
		
		if (@mysqli_num_rows($r) == 1) { // A match was made.

			// Register the values & redirect:
			$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
			mysqli_free_result($r);
			mysqli_close($dbc);	
			$url = 'home.php'; // Define the URL:
			header("Location: $url");
			exit(); // Quit the script.
				
		} else { // No match was made.
			echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
		}
		
	} else { // If everything wasn't OK.
		echo '<p class="error">Please try again.</p>';
	}
	
	mysqli_close($dbc);

} // End of SUBMIT conditional.
?>
<?php
include ('includes/header.html');
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" /></p>
	<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the HTML footer.
include ('includes/footer.html');
?>

Hi,

you may need to have line 38 (in the revised code) like this

header("Location: '".$url.'"");

sorry, ignore that last post. it wont fix anything

You still have a variable declaration before your php code bud. Move this: "$page_title = 'Login';" (your line 5 in the revised code) down as well. Try this:

<?php
// This is the login page for the site.
require_once ('includes/config.inc.php'); 

if (isset($_POST['submitted'])) {
	require_once ('..\mysqli_connect.php');
	
	// Validate the username:
	if (!empty($_POST['username'])) {
		$u = mysqli_real_escape_string ($dbc, $_POST['username']);
	} else {
		$u = FALSE;
		echo '<p class="error">You forgot to enter your username!</p>';
	}
	
	// Validate the password:
	if (!empty($_POST['pass'])) {
		$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
	} else {
		$p = FALSE;
		echo '<p class="error">You forgot to enter your password!</p>';
	}
	
	if ($u && $p) { // If everything's OK.
	
		// Query the database:
		$q = "SELECT user_id, fname FROM users WHERE (username='$u' AND pass=SHA1('$p'))";		
		$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
		
		if (@mysqli_num_rows($r) == 1) { // A match was made.

			// Register the values & redirect:
			$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
			mysqli_free_result($r);
			mysqli_close($dbc);	
			$url = 'home.php'; // Define the URL:
			header("Location: $url");
			exit(); // Quit the script.
				
		} else { // No match was made.
			echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
		}
		
	} else { // If everything wasn't OK.
		echo '<p class="error">Please try again.</p>';
	}
	
	mysqli_close($dbc);

} // End of SUBMIT conditional.

    $page_title = 'Login';
    include ('includes/header.html');
?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" /></p>
	<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the HTML footer.
include ('includes/footer.html');
?>

thanks for the help, I actually got it working by adding ob_end_clean() under $url = BASE_URL;.

But now I am having a new issue. When i try to login, no error appears, but the error message that i created- "Either the username and password entered do not match those on file or you have not yet activated your account." shows up when I know 100% that i am entering the correct username and password

here is the updated code:

<?php
// This is the login page for the site.
include ('includes/header.php');
require_once ('includes/config.inc.php'); 
$page_title = 'Login';

if (isset($_POST['submitted'])) {
	require_once ('..\mysqli_connect.php');
	
	// Validate the username:
	if (!empty($_POST['username'])) {
		$u = mysqli_real_escape_string ($dbc, $_POST['username']);
	} else {
		$u = FALSE;
		echo '<p class="error">You forgot to enter your username!</p>';
	}
	
	// Validate the password:
	if (!empty($_POST['pass'])) {
		$p = mysqli_real_escape_string ($dbc, $_POST['pass']);
	} else {
		$p = FALSE;
		echo '<p class="error">You forgot to enter your password!</p>';
	}
	
	if ($u && $p) { // If everything's OK.
	
		// Query the database:
		$q = "SELECT user_id, fname FROM users WHERE (username='$u' AND pass=SHA1('$p')) AND active IS NULL";		
		$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
		
		if (@mysqli_num_rows($r) == 1) { // A match was made.

			// Register the values & redirect:
			$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
			mysqli_free_result($r);
			mysqli_close($dbc);	
			
			$url = BASE_URL; // Define the URL
			ob_end_clean();
			header("Location: $url");
			//echo '<script type="text/javascript">window.location = "' . $url . '"</script>';
			exit(); // Quit the script.
				
		} else { // No match was made.
			echo '<p class="error">Either the username and password entered do not match those on file or you have not yet activated your account.</p>';
		}
		
	} else { // If everything wasn't OK.
		echo '<p class="error">Please try again.</p>';
	}
	
	mysqli_close($dbc);

} // End of SUBMIT conditional.

?>

<h1>Login</h1>
<p>Your browser must allow cookies in order to log in.</p>
<form action="login.php" method="post">
	<fieldset>
	<p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" /></p>
	<p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
	<div align="center"><input type="submit" name="submit" value="Login" /></div>
	<input type="hidden" name="submitted" value="TRUE" />
	</fieldset>
</form>

<?php // Include the HTML footer.
include ('includes/footer.html');
?>

That's exactly because of the ob_end_clean(). To put it simply, that function basically throws everything done prior to it out the window, so your login checks are no longer valid by the time you get to it.

Try the code I gave you and get back with the results.

I am still getting An error occurred in script 'C:\wamp\www\login.php' on line 37: Cannot modify header information - headers already sent by (output started at C:\wamp\www\login.php:1)

<?php
    // This is the login page for the site.
    require_once ('includes/config.inc.php');
     
    if (isset($_POST['submitted'])) {
    require_once ('..\mysqli_connect.php');
     
    // Validate the username:
    if (!empty($_POST['username'])) {
    $u = mysqli_real_escape_string ($dbc, $_POST['username']);
    } else {
    $u = FALSE;
    echo '<p class="error">You forgot to enter your username!</p>';
    }
     
    // Validate the password:
    if (!empty($_POST['pass'])) {
    $p = mysqli_real_escape_string ($dbc, $_POST['pass']);
    } else {
    $p = FALSE;
    echo '<p class="error">You forgot to enter your password!</p>';
    }
     
    if ($u && $p) { // If everything's OK.
     
    // Query the database:
    $q = "SELECT user_id, fname FROM users WHERE (username='$u' AND pass=SHA1('$p'))";
    $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
     
    if (@mysqli_num_rows($r) == 1) { // A match was made.
     
    // Register the values & redirect:
    $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
    mysqli_free_result($r);
    mysqli_close($dbc);
    $url = BASE_URL; // Define the URL:
    header("Location: $url");
    exit(); // Quit the script.
     
    } else { // No match was made.
    echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>';
    }
     
    } else { // If everything wasn't OK.
    echo '<p class="error">Please try again.</p>';
    }
     
    mysqli_close($dbc);
     
    } // End of SUBMIT conditional.
     
    $page_title = 'Login';
    include ('includes/header.php');
    ?>
     
    <h1>Login</h1>
    <p>Your browser must allow cookies in order to log in.</p>
    <form action="login.php" method="post">
    <fieldset>
    <p><b>Username:</b> <input type="text" name="username" size="20" maxlength="40" /></p>
    <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p>
    <div align="center"><input type="submit" name="submit" value="Login" /></div>
    <input type="hidden" name="submitted" value="TRUE" />
    </fieldset>
    </form>
     
    <?php // Include the HTML footer.
    include ('includes/footer.html');
    ?>

Also, here is my header.php code:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
    <head>
        <link rel="stylesheet" type="text/css" href="includes/stylesheet.css" />
		<title>Conference Home</title>
    </head>
 
    <body>
		<div id="banner">
			<img src="http://i.imgur.com/y2Gop.png" border="0" width="100%"/></a><br>
		</div>
		<div class="nav">
			<ul>
				<li><a id="active" href="home.php">Home</a></li>
				<li><a href="photo.php">Photo Gallery</a></li>
				<?php
				if(isset($_SESSION['user_id'])){
					echo '<li><a href = "schedule.php">Sign up for Seminar Sessions</a></li>';
					echo '<li><a href = "view_schedule.php">View your Schedule</a></li>';
					echo '<li><a href = "logout.php">Logout</a></li>';
					echo '<li><a href = "change_password.php">Change Password</a></li>';
					echo '<li><a href = "forgot_password.php">Forgot Password</a></li>';
				}
				else{
					echo '<li><a href = "register.php">Register!</a></li>';
					echo '<li><a href = "login.php">Login</a></li>';
				}
				?>
			</ul>
		</div>

actually scratch that above posts I got it working by adding "active" to line 27 like this:

$q = "SELECT user_id, fname FROM users WHERE (username='$u' AND pass=SHA1('$p')) AND active IS NULL";

I am now getting the "Either the email address and password entered do not match those on file or you have not yet activated your account." error again. I know 100% that I am entering the correct username/password. Is it possible that it thinks active is NOT NULL instead of null?

could be! instead of using NULL and NOT NULL. Trying using 0's and 1's. 0 for not active, 1 for active

the active field is null in the database, so should i try not null? And if that doesn't work where do i go from there?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.