<?php session_start(); if(array_key_exists('reg', $_GET)) { $reg=$_GET['reg']; }else { $reg=""; } if($reg==1) { $msg1="<font color=\"#FF0000\"><b>Your details have been added, please login</b></font>"; } if($reg==2) { $msg1="<font color=\"#FF0000\"><b>You have been successfully logged out.</b></font>"; } if(array_key_exists('Submit', $_POST)) { if( empty($_POST['uname']) && (empty($_POST['upass']))) { header("Location:Messages.php?msg=1"); exit(); } //transfer to shorter var $n=$_POST['uname']; $p=$_POST['upass']; //connect to db include('config.php'); $query="select * from user where uname='$n' and pw='$p' "; $result=mysql_query($query); $num=mysql_num_rows($result); if($num>0) { //put in session vars $mytime=time(); $mytime=date("H:i:s A",$mytime); $_SESSION['time'] = $mytime; $_SESSION['status'] = 'logged'; $_SESSION['username'] = $n; //goto next page header("location:welcome.php"); exit(); }else { $_SESSION['status'] = 'not logged'; header("Location:Messages.php?msg=2"); exit(); } } ?> PHP: The above error occurs on line 2 if that helps. Thanks Mike.
It doesn't look like you have any syntax errors in there. I copied and pasted the code and was able to run it with no problem. The problem may occur after a header() redirect. Try checking all of the files that you're redirecting to to see if one of them is busted. - Walkere
If I may point out you're also throwing un-sanitized user supplied data at your mysql database. Be careful with that... in fact don't do it. $n=$_POST['uname']; $p=$_POST['upass']; //connect to db include('config.php'); $query="select * from user where uname='$n' and pw='$p' "; $result=mysql_query($query); PHP:
Well, you are assuming that people will only enter real user names and passwords. What about people who enter stuff like this ' union select password from users where username like '%admin%' or '' = ' Read this... http://en.wikipedia.org/wiki/SQL_injection and this http://shiflett.org/articles/sql-injection Never trust user supplied data. You will get hacked that way.
Would appreciate some help!! I know that the data is not validated but i am living with that for the moment and attempting to remove the error message. Thanks Mike.
You should listen to RoscoeT. Check out the addslahes php function: http://no.php.net/manual/en/function.addslashes.php Run the addslashes function on the user supplied data before using it in any query. The problem is not really that you can get invalid data in the database, it's rather that SQL injection is used to gain unauthorized access to your data.
There is no syntax error in the piece of code you posted. Are you sure the code you posted is exact login.php file? Is there any auto_prepend_file in php configuration?
I have seen some strange behavior on some servers and in various similar situations. I would make sure there are no blank lines or white space between your <?php and the start of the file. There have been weird situations with non printing characters getting inserted in there. Also do check your php config for the prepend_file settings. As a simple test, comment out line #2 # session_start(); and see if that changes the error.
Don't i need the session_start()?? And another note: The Login button doesnt work :S Sorry for all the problems. Cheers Mike.
Since you still want to use session_start(), do the other thing RoscoeT said; make sure there is no white space (or any text for that matter) before your <?php. Normally if there's whitespace (a new line even) before you do your session_start(), it'd just not do it and maybe throw an error because headers must be altered before anything is sent. Not sure if this would throw your error though.. seems odd
run the following and tell us the results. <?php // page1.php session_start(); echo 'Welcome to page #1'; $_SESSION['favcolor'] = 'green'; $_SESSION['animal'] = 'cat'; $_SESSION['time'] = time(); // Works if session cookie was accepted echo '<br /><a href="page2.php">page 2</a>'; // Or maybe pass along the session id, if needed echo '<br /><a href="page2.php?' . SID . '">page 2</a>'; ?> PHP:
<?php #session_start(); if(array_key_exists('reg', $_REQUEST)) { $reg=$_REQUEST['reg']; }else { $reg=""; } if($reg==1) { $msg1="<font color=\"#FF0000\"><b>Your details have been added, please login</b></font>"; } if($reg==2) { $msg1="<font color=\"#FF0000\"><b>You have been successfully logged out.</b></font>"; } if(array_key_exists('Submit', $_POST)) { if( empty($_POST['uname']) && (empty($_POST['upass']))) { header("Location:Messages.php?msg=1"); exit(); } //transfer to shorter var $n=$_POST['uname']; $n=addslashes($n); $p=($_POST['upass']); $p=md5(addslashes($p)); //connect to db include('config.php'); $query="select * from user where uname='$n' and pw='$p' "; $result=mysql_query($query); $num=mysql_num_rows($result); if($num>0) { //put in session vars $mytime=time(); $mytime=date("H:i:s A",$mytime); $_SESSION['time'] = $mytime; $_SESSION['status'] = 'logged'; $_SESSION['username'] = $n; //goto next page header("Location:Welcome.php"); exit(); }else { $_SESSION['status'] = 'not logged'; header("Location:Messages.php?msg=2"); exit(); } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html><!-- InstanceBegin template="/Templates/Auth.dwt.php" codeOutsideHTMLIsLocked="false" --> <head> <!-- InstanceBeginEditable name="doctitle" --> <title>Login</title> <!-- InstanceEndEditable --> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <!-- InstanceBeginEditable name="head" --> <!-- InstanceEndEditable --> <link href="styleLog.css" rel="stylesheet" type="text/css"> </head> <body> <table width="100%" border="0" cellspacing="7" cellpadding="0"> <tr class="temptitle"> <td><!-- InstanceBeginEditable name="EditRegion4" -->Login<!-- InstanceEndEditable --></td> </tr> <tr> <td><!-- InstanceBeginEditable name="EditRegion3" --> <form name="form1" method="post" action="login.php"> <table width="81%" border="0" align="center" cellpadding="0" cellspacing="3"> <tr class="listtop"> <td colspan="3">Login Status: <?php if(isset($msg1)){echo $msg1;}?> </td> </tr> <tr> <td width="9%">Username</td> <td width="41%"><input name="uname" type="text" id="uname" size="40"></td> </tr> <tr> <td>Password</td> <td><input name="upass" type="password" id="upass" size="40"></td> </tr> <tr> <td colspan="2"><div align="center"><a href="password.php">Forgotten your password?</a>|<a href="register.php">Register</a> </div></td> </tr> <tr> <td> </td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </form> <!-- InstanceEndEditable --></td> </tr> <tr> <td><div align="center">Copyright 2008 </div></td> </tr> </table> </body> <!-- InstanceEnd --></html> PHP: This is the full coding for the page. The submit button still does not work :S