Hello all,
I am having problems with this code. Whenever I attempt to test the login system with a valid username and password, it says this: You have successfully logged in!
Warning: Cannot modify header information - headers already sent by (output started at /Applications/XAMPP/xamppfiles/htdocs/ucairwebsite/facultykadrmas/kadrmaspages/login_1/login_LDDB.php:1) in /Applications/XAMPP/xamppfiles/htdocs/ucairwebsite/facultykadrmas/kadrmaspages/login_1/login_LDDB.php on line 213
The "You have successfully logged in is what I have echoed, but the rest I am not sure of the rest. I hope you guys can help. What is weird is it works just fine when it is the only code on the page when I attempt to apply it to an html template it has these problems. I change the file extension to php, but there is still this problem. I would appreciate any help. Thanks!
`
<?php
//above is the start coding for any php page
//allow sessions to be passed so we can see if the user is logged in
//connect to the database so we can check, edit, or insert data to our users table
//$con sets the variable of connection and the three quotation marks are filled with the server, username, and password (localhost, root, and ucair in this case). If it does not connect, it will kill the connection with "die"
$con = mysql_connect('localhost', 'root', '') or die(mysql_error());
//This selects the specific database to access the tables and allow for data to be stored
$db = mysql_select_db('loginTut', $con) or die(mysql_error());
//include out functions file giving us access to the protect() function made earlier
//link to a bit of code to stop hackers
include "./functions.php";
//the end tag for php
?>
<?php
//If the user has submitted the form
if($_POST['submit']){
//protect the posted value then store them to variables
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$password = md5($password);
//Check if the username or password boxes were not filled in
if(!$username || !$password){
//if not display an error message
//echo ""; is the most common method to display messages
//else sets up alternate protocol
echo "<center>You need to fill in a <b>Username</b> and a <b>Password</b></center>";
}else{
//select all rows from the table where the username matches the one entered by the user. * means all (asterisk means all)
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");
$num = mysql_num_rows($res);
//check if there was not a match
if($num == 0){
//if not display an error message
echo "<center>The <b>Username</b> you supplied does not exist</center>";
}else{
//if there was a match continue checking
//select all rows where the username and password match the ones submitted by the user
$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");
$num = mysql_num_rows($res);
//check if there was not a match
if($num == 0){
//if not display error message
echo "<center>The <b>Password</b> you supplied does not match the one for that <b>username</b></center>";
}else{
//if there was continue checking
//split all fields fom the correct row into an associative array
$row = mysql_fetch_assoc($res);
//check to see if the user has not activated their account yet
if($row['active'] != 1){
//if not display error message
echo "<center>You have not yet <b>Activated</b> your account</center>";
}else{
//if they have log them in
//set the login session storing there id - we use this to see if they are logged in or not
$_SESSION['uid'] = $row['id'];
//show message
echo "<center>You have successfully logged in!</center>";
//update the online field to 50 seconds into the future
$time = date('U')+50;
mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION['uid']."'");
//redirect them to the usersonline page. Here they can access the members areas and connect to the main features of the site
header('Location: usersonline.php');
}
}
}
}
}
?>
`