I am creating a login system for a website, this code itself works fine until I include this login file on the index page. Then everytime It is run it displays the following errors,
Warning: Cannot modify header information - headers already sent by (output started at /home/swap/public_html/login script/index.php:11) in /home/swap/public_html/login script/login.php on line 43
Warning: Cannot modify header information - headers already sent by (output started at /home/swap/public_html/login script/index.php:11) in /home/swap/public_html/login script/login.php on line 44
Warning: Cannot modify header information - headers already sent by (output started at /home/swap/public_html/login script/index.php:11) in /home/swap/public_html/login script/login.php on line 45
I understand that the header();
header("Location:account.php");
statement that redirects the page to the members page if the login details are correct should be placed above any html but I am not sure how to re structure my If statements to do this.
<?php
include'database_conn.php';//connect to the database
if(isset($_COOKIE['ID_my_site']))//checks if there is a login cookie
{
$username = $_COOKIE['ID_my_site'];//if there is a cookie it logs you in and directs you to the page
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE email = '$email'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: account.php");
}
}
}
if (isset($_POST['submit'])) {//runs if form has been submitted
if(!$_POST['email'] | !$_POST['pass']) {//makes sure the user has filled the form in
die('You did not fill in a required field.');
}
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);//checks the form against the database
}
$check = mysql_query("SELECT * FROM users WHERE email = '".$_POST['email']."'")or die(mysql_error());//gives error is user doesnt exsist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=register.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
if ($_POST['pass'] != $info['password']) {//gives error if the password is wrong
die('Incorrect password, please try again.');
}
else {
$_POST['email'] = stripslashes($_POST['email']);//if login is ok we add a cookie
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['email'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
header("Location:account.php");//else redirect them to account area
}
}
}
else
{
?>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"><!--if they are not logged in they must do so-->
<table border="0">
<tr><td colspan=2><h1>Login</h1></td></tr>
<tr><td>Email:</td><td>
<input type="text" name="email" maxlength="40">
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="50">
</td></tr>
<tr><td colspan="2" align="right">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
<?php
}
?>
any help would be greatly appreciated.