Need help (header error)

what's wrong with this? i keep getting

Warning: Cannot modify header information - headers already sent by (output started at /home/*****i/public_html/***/***/****/*****.php:1) in /home/****/public_html/******/******/admin.php on line 57

Code (markup):

<?php
	session_start();
    require_once("includes/dbconnect.php"); //Load the settings
	require_once("includes/functions.php"); //Load the functions
	$msg="";
	
	//LOGIN VARIABLES
	$username = (!empty($_REQUEST['username']))?strip_tags(str_replace("'","`",$_REQUEST['username'])):'';
	$password = (!empty($_REQUEST['password']))?strip_tags(str_replace("'","`",$_REQUEST['password'])):'';
	
	// LOGIN
	if(!empty($_REQUEST["login"]) && $_REQUEST['login']=="yes"){
		if($username=="" || $password=="")
		{
			$msg = "Empty username and/or password.";
			
		} else {
		
		
			$sSQL = "SELECT * FROM `bs_settings` WHERE `username`='".$username."'";
			$result = mysql_query($sSQL) or die("Invalid query: " . mysql_error());	
			if(mysql_num_rows($result)>0){
				$row=mysql_fetch_assoc($result);
	
				if(md5($password)!=$row["password"]){
						$msg = "Wrong username and/or password";
				} else {
				
					$_SESSION['idUser']= $row["id"];
					$_SESSION['username']= $row["username"];
					$_SESSION['accesslevel']= 1899;
					$_SESSION['logged_in'] = true;

					//addLog($row["id"],"Successfully logged in.");
				}
				
			} else {
				$msg = "Wrong username (username) and/or password";
			}
		} 
	}
	
	if($_SESSION["logged_in"]==true){ 
	header("Location: admin-index.php");
	} else {
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Booking System v1.2</title>
<link rel="stylesheet" href="css/bs-admin.css" type="text/css" />
</head>
<body>
<div id="content">
<h1>Admin</h1>
    <div class="login_container"> 
        <div class="login">
        <?php echo $msg; ?>
        <form method="post" action="admin.php" enctype="multipart/form-data"  name="ff1">
                
                    
                    Username: <input type="text" id="username" name="username" size="30" /><br />
                    Password: &nbsp;<input type="password" id="password" name="password"  size="30" /><br />
                    
                    <input type="submit" name="submit" value="Submit" tabindex="2"/>			
                
                    <input type="hidden" value="yes" name="login"  />
        </form>
        </div>
    </div>
</div>
</body>
</html>
<?php  } ?>

PHP:

thank you

 

Hi!

Try This Command At Top Of Your Page And At Bottom Of Your Page.

<?php
// At Start Page
ob_start();
?>

All Your PHP Or HTML CODE

<?php
// At End Page
ob_flush();
?>

 

wow thank you it worked like a charm

 

Your Most Welcome My Friend

 

You should escape user submitted input before using it within querys.

Replace:

$username = (!empty($_REQUEST['username']))?strip_tags(str_replace("'","`",$_REQUEST['username'])):'';
$password = (!empty($_REQUEST['password']))?strip_tags(str_replace("'","`",$_REQUEST['password'])):'';

PHP:

With:

$username = (!empty($_REQUEST['username'])) ? mysql_real_escape_string(strip_tags($_REQUEST['username'])) : '';
$password = (!empty($_REQUEST['password'])) ? mysql_real_escape_string(strip_tags($_REQUEST['password'])) : '';

PHP:

Also; although their aint much significiant difference I'd use ob_end_flush(); over ob_flush(), and unless your expecting the requests to be from either $_GET or $_POST I'd define which (instead of using $_REQUEST).