what's wrong with this? i keep getting Warning: Cannot modify header information - headers already sent by (output started at /home/*****i/public_html/***/***/****/*****.php:1) in /home/****/public_html/******/******/admin.php on line 57 Code (markup): <?php session_start(); require_once("includes/dbconnect.php"); //Load the settings require_once("includes/functions.php"); //Load the functions $msg=""; //LOGIN VARIABLES $username = (!empty($_REQUEST['username']))?strip_tags(str_replace("'","`",$_REQUEST['username'])):''; $password = (!empty($_REQUEST['password']))?strip_tags(str_replace("'","`",$_REQUEST['password'])):''; // LOGIN if(!empty($_REQUEST["login"]) && $_REQUEST['login']=="yes"){ if($username=="" || $password=="") { $msg = "Empty username and/or password."; } else { $sSQL = "SELECT * FROM `bs_settings` WHERE `username`='".$username."'"; $result = mysql_query($sSQL) or die("Invalid query: " . mysql_error()); if(mysql_num_rows($result)>0){ $row=mysql_fetch_assoc($result); if(md5($password)!=$row["password"]){ $msg = "Wrong username and/or password"; } else { $_SESSION['idUser']= $row["id"]; $_SESSION['username']= $row["username"]; $_SESSION['accesslevel']= 1899; $_SESSION['logged_in'] = true; //addLog($row["id"],"Successfully logged in."); } } else { $msg = "Wrong username (username) and/or password"; } } } if($_SESSION["logged_in"]==true){ header("Location: admin-index.php"); } else { ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <title>Booking System v1.2</title> <link rel="stylesheet" href="css/bs-admin.css" type="text/css" /> </head> <body> <div id="content"> <h1>Admin</h1> <div class="login_container"> <div class="login"> <?php echo $msg; ?> <form method="post" action="admin.php" enctype="multipart/form-data" name="ff1"> Username: <input type="text" id="username" name="username" size="30" /><br /> Password: <input type="password" id="password" name="password" size="30" /><br /> <input type="submit" name="submit" value="Submit" tabindex="2"/> <input type="hidden" value="yes" name="login" /> </form> </div> </div> </div> </body> </html> <?php } ?> PHP: thank you
Hi! Try This Command At Top Of Your Page And At Bottom Of Your Page. <?php // At Start Page ob_start(); ?> All Your PHP Or HTML CODE <?php // At End Page ob_flush(); ?>
You should escape user submitted input before using it within querys. Replace: $username = (!empty($_REQUEST['username']))?strip_tags(str_replace("'","`",$_REQUEST['username'])):''; $password = (!empty($_REQUEST['password']))?strip_tags(str_replace("'","`",$_REQUEST['password'])):''; PHP: With: $username = (!empty($_REQUEST['username'])) ? mysql_real_escape_string(strip_tags($_REQUEST['username'])) : ''; $password = (!empty($_REQUEST['password'])) ? mysql_real_escape_string(strip_tags($_REQUEST['password'])) : ''; PHP: Also; although their aint much significiant difference I'd use ob_end_flush(); over ob_flush(), and unless your expecting the requests to be from either $_GET or $_POST I'd define which (instead of using $_REQUEST).