Problem with headers in php - Developers

Hi there :) I'm trying to leaŕn PHP, I've read a guide to making a login system: [url]http://php.about.com/od/finishedphp1/ss/php_login_code.htm[/url] Problem is that when I insert my "header & menu" it gives me this error: [code] Warning: Cannot modify header information - headers already sent by (output started at /var/www/friends/friend_login.php:10) in /var/www/friends/friend_login.php on line 80 Warning: Cannot modify header information - headers already sent by (output started at /var/www/friends/friend_login.php:10) in /var/www/friends/friend_login.php on line 81 Warning: Cannot modify header information - headers already sent by (output started at /var/www/friends/friend_login.php:10) in /var/www/friends/friend_login.php on line 84 [/code] I tried googling it, found a couple of fixes but none of them worked :S Any ideas? Deleting everything from [code]<html>[/code] to: [code]<div class="main_white"><br><div align="left">[/code] Fixes the problem but then it doesn't have my header and menu :S Here's the code: [code] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> Eax's Webpage </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php // Connects to your Database #mysql_connect("your.hostaddress.com", "username", "password") or #die(mysql_error()); #mysql_select_db("Database_Name") or die(mysql_error()); include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=friend_make_user.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> <br> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code]

[quote]Warning: Cannot modify header information - headers already sent by[/quote] You can't send the headers ([i]header()[/i] or echo '[i]<html>[/i]') before editing cookies, you also can't send headers twice. How could you not decipher that error message? Put all your php code above the <html> tag.

I tried this: [code] <?php // Connects to your Database #mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()); #mysql_select_db("Database_Name") or die(mysql_error()); include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=friend_make_user.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } else { // if they are not logged in ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> <br> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code] Didn't work :S

The error would be handy. [code]snip[/code]

You disgust me, you use cookies.

You cannot have any whitespace before your php code when using headers. Anything before the php tag will cause a header to be generated before your code is executed.

Added some cleaned up code in the parts above, you had a silly amount of closing brackets and missed like, 3 semi-colons. L2Indent please.

[QUOTE=Benjy355;16789472]The error would be handy.[/QUOTE] How so? [QUOTE=Wipmuck;16789493]You disgust me, you use cookies.[/QUOTE] Why does that disgust you? [QUOTE=tjl;16789496]You cannot have any whitespace before your php code when using headers. Anything before the php tag will cause a header to be generated before your code is executed.[/QUOTE] There is no whitespace :S [editline]09:24AM[/editline] [QUOTE=Benjy355;16789535]Added some cleaned up code in the parts above, you had a silly amount of closing brackets and missed like, 3 semi-colons. L2Indent please.[/QUOTE] Thanks :) But it seems they were used for something. [code] Parse error: syntax error, unexpected $end in /var/www/friends/friend_login.php on line 108 [/code]

[QUOTE=Eax;16789536]How so?[/quote] So you could [b]KNOW WHAT LINES ARE FUCKED UP[/b]? I'm leaving this thread now. [code]snip[/code] Fix'd, bad bracket on the end of the first while statement. [b]Edit:[/b] Not fix'd; me trying to indent your code failed :| Wasn't a bad bracket.

[QUOTE=Benjy355;16789549]So you could [b]KNOW WHAT LINES ARE FUCKED UP[/b]? [/QUOTE] Thanks. Funny story: [b]THE LINES DIDN'T TELL SHIT![/b], I tried looking at them, fixing/changing them. Didn't do jack shit.

Post all relevant code and mark lines that the errors refer to along with the associated error. The errors never lie.

[QUOTE=Benjy355;16789549] [b]Edit:[/b] Not fix'd; me trying to indent your code failed :| Wasn't a bad bracket.[/QUOTE] Yeah, I just noticed too >_< But by looking at the brackets it does seem like some are missing Oo

[QUOTE=Eax;16789598]Thanks. Funny story: [b]THE LINES DIDN'T TELL SHIT![/b], I tried looking at them, fixing/changing them. Didn't do jack shit.[/QUOTE] Unexpected $end means that somewhere some sort of statement, declaration, or anything that requires {}'s is missing a }. If you try to add one improperly, your code will stay broken.

Did you forget that your error is the actual problem you're trying to solve here? Why would you NOT post it? Because you couldn't fix it by looking at it? Isn't that why you posted the thread? Post the error, always.

[QUOTE=tjl;16789625]Post all relevant code and mark lines that the errors refer to along with the associated error. The errors never lie.[/QUOTE] Okay. [B]Original Code:[/B] [code] <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php // Connects to your Database #mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()); #mysql_select_db("Database_Name") or die(mysql_error()); include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted if (isset($_POST['submit'])) { // if form has been submitted // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } else { // if they are not logged in ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr><td colspan=2><h1>Login</h1></td></tr> <tr><td>Username:</td><td> <input type="text" name="username" maxlength="40"> </td></tr> <tr><td>Password:</td><td> <input type="password" name="pass" maxlength="50"> </td></tr> <tr><td colspan="2" align="right"> <input type="submit" name="submit" value="Login"> </td></tr> </table> </form> <?php } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code] [B]Errors:[/B] [code] Warning: Cannot modify header information - headers already sent by (output started at /var/www/friends/friend_login.php:10) in /var/www/friends/friend_login.php on line 79 Warning: Cannot modify header information - headers already sent by (output started at /var/www/friends/friend_login.php:10) in /var/www/friends/friend_login.php on line 80 Warning: Cannot modify header information - headers already sent by (output started at /var/www/friends/friend_login.php:10) in /var/www/friends/friend_login.php on line 83 [/code] [B]Lines with errors:[/B] [code] setcookie(ID_my_site, $_POST['username'], $hour); <- Line 79 setcookie(Key_my_site, $_POST['pass'], $hour); <- Line 80 header("Location: friend_loggedin_show.php"); <- Line 81 [/code] [B]Relevant includes:[/B] [I]db_mysql.php[/I] [code] <?php mysql_connect("localhost", "root", "notmypassword") or die(mysql_error()); mysql_select_db("venner_skole") or die(mysql_error()); ?> [/code] [I]main_header.html[/I] [code] <meta http-equiv="Content-type" content="text/html;charset=UTF8" /> <div class="header_main"><h1><a href="index.php"><b> .: Eax's Realms :. </b></a></h1> </div> <div class="white_space">There is no meaning to life, but to breed. Eax 3rd of may 2009 - 20:34</div> <div class="header_blue"> &nbsp&nbsp&nbsp&nbsp&nbsp  <a href="index.php">Home</a> | <a href="blag.php">Blag</a> | <a href="projects.php">Projects</a> | <a href="downloads.php">Downloads</a> | <a href="http://forum.eax.dk">Forums</a> </div> [/code] [I]index_header.html[/I] [code] <div class="header_grey"> &nbsp&nbsp&nbsp&nbsp&nbsp&nbsp <a href="index.php">Index</a>&nbsp|&nbsp <a href="about.php">About</a> | </div> [/code] That should be the relevant stuiff :)

I recommend setting cookies in JavaScript instead of PHP. It can do it in the middle of a page. I can send you some functions if you want.

The errors were the first thing in the first post :O [editline]09:44AM[/editline] [QUOTE=bl4h;16789724]I recommend setting cookies in JavaScript instead of PHP. It can do it in the middle of a page. I can send you some functions if you want.[/QUOTE] Yes please :) Thank you :)

[code]// This code is from www.quirksmode.org/js/cookies.html function createCookie(name,value,days) { if (days) { var date = new Date(); date.setTime(date.getTime()+(days*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } else var expires = ""; document.cookie = name+"="+value+expires+"; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function eraseCookie(name) { createCookie(name,"",-1); }[/code] I didn't code this, link at the top is the source. Example: createCookie('password', 'passwordgoeshere', '7'); Creates the cookie "password" with the value "passwordgoeshere" that will last 7 days.

[QUOTE=bl4h;16789740][code]// This code is from www.quirksmode.org/js/cookies.html function createCookie(name,value,days) { if (days) { var date = new Date(); date.setTime(date.getTime()+(days*24*60*60*1000)); var expires = "; expires="+date.toGMTString(); } else var expires = ""; document.cookie = name+"="+value+expires+"; path=/"; } function readCookie(name) { var nameEQ = name + "="; var ca = document.cookie.split(';'); for(var i=0;i < ca.length;i++) { var c = ca[i]; while (c.charAt(0)==' ') c = c.substring(1,c.length); if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length); } return null; } function eraseCookie(name) { createCookie(name,"",-1); }[/code] I didn't code this, link at the top is the source. Example: createCookie('password', 'passwordgoeshere', '7'); Creates the cookie "password" with the value "passwordgoeshere" that will last 7 days.[/QUOTE] Okay thanks :) Trying to implement it now.

Fixed code and horrible indenting [code] <?php // Connects to your Database #mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()); #mysql_select_db("Database_Name") or die(mysql_error()); include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { //whatever } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted $showform = true; if (isset($_POST['submit'])) { // if form has been submitted $showform = false; // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel="stylesheet" href="css/index.css" type="text/css" /> <title>.: Eax's Webpage :.</title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'; include 'index_header.html'; ?> <div class="main_white"> <br /> <div align="left"> <?php if ($showform) { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr> <td colspan="2"> <h1> Login </h1> </td> </tr> <tr> <td> Username: </td> <td> <input type="text" name="username" maxlength="40" /> </td> </tr> <tr> <td> Password: </td> <td> <input type="password" name="pass" maxlength="50" /> </td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" name="submit" value="Login" /> </td> </tr> </table> </form> <?php } ?> </div> </div> <?php include 'footer.php'; ?> </div> </body> </html> [/code]

[QUOTE=h2ooooooo;16789783]Fixed code and horrible indenting [code] <?php // Connects to your Database #mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()); #mysql_select_db("Database_Name") or die(mysql_error()); include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { //whatever } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted $showform = true; if (isset($_POST['submit'])) { // if form has been submitted $showform = false; // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>'); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel="stylesheet" href="css/index.css" type="text/css" /> <title>.: Eax's Webpage :.</title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'; include 'index_header.html'; ?> <div class="main_white"> <br /> <div align="left"> <?php if ($showform) { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr> <td colspan="2"> <h1> Login </h1> </td> </tr> <tr> <td> Username: </td> <td> <input type="text" name="username" maxlength="40" /> </td> </tr> <tr> <td> Password: </td> <td> <input type="password" name="pass" maxlength="50" /> </td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" name="submit" value="Login" /> </td> </tr> </table> </form> <?php } ?> </div> </div> <?php include 'footer.php'; ?> </div> </body> </html> [/code][/QUOTE] Thanks a lot :) I see you placed the header and such at the bottom. Anything else you fixed? :)

No, except for indenting your code, and moving it all on top, and placing a reference (showform) instead of placing the whole code where you're going to show your form. However you should think into fixing $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error()); to $check = mysql_query("SELECT * FROM users WHERE username = '" . addslashes($_POST['username']) . "'") or die(mysql_error()); because people would be able to SQL inject it (deleting your whole database for example.) Imagine this $check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'") Alright fine, my username is "abc", QUERY: SELECT * FROM users WHERE username = 'abc' That's completely fine, now look at this. My name is not abc any more, now it's [code]abc'; DELETE * FROM users; SELECT * FROM users WHERE username = 'abc[/code] What SQL query would that lead to? This. SELECT * FROM users WHERE username = 'abc'; DELETE * FROM users; SELECT * FROM users WHERE username = 'abc' Which would select every user called abc, then delete every single user, and then trying to select again, but there's no users left.

Isn't mysql_real_escape_string and htmlentities more safer than addslashes?

Use [url=http://www.php.net/pdo]PHP Data Objects[/url] instead of raw SQL query strings. Example: [code] /* Connect to database */ $db = new PDO('mysql:localhost;dbname=foo', 'username', 'password'); /* Prepare a query */ $stmt = $db->prepare('SELECT * from users where username = :username'); $stmt->bindParam(':username', $_POST['username'], PDO::PARAM_STR); /* Run the query and get the results */ $stmt->execute(); while ($row = $stmt->fetch()) { /* Do stuff with results */ } [/code] Since the parameter values are given separately from the SQL, no funny business with quotes is possible. This is much safer than having to remember to always call mysql_real_escape_string() or addslashes() on every user-supplied value that you pass to the database. The ':username' in the $db->prepare() string is a placeholder for a parameter whose value is given later with an $stmt->bindParam() call. The name of the placeholder doesn't have any meaning to PHP; you could call it ':foo' instead and it would work the same. You can also use numbered parameters: [code] $stmt = $db->prepare('SELECT * from users where username = ?'); $stmt->bindParam(1, $_POST['username'], PDO::PARAM_STR); /* Additional parameters would be bound with 2, 3, etc. */ [/code]

@Wyzard: Okay thanks :) Will change it when I make the whole thing works :) Thanks a lot ^_^ New problem has arised that I really cannot get my head around. The problem is that whenever I log in and there is MORE than 1 user it somehow feels like logging into number 2 all the time. I think the problem lies in the login script. Can someone find the error please? friend_login.php [code] <?php // Connects to your Database include 'db_mysql.php'; //Checks if there is a login cookie if(isset($_COOKIE['ID_my_site'])) //if there is, it logs you in and directes you to the members page { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '" . addslashes($_POST['username']) . "'") or die(mysql_error()); while($info = mysql_fetch_array( $check )) { if ($pass != $info['password']) { //whatever } else { header("Location: friend_loggedin_show.php"); } } } //if the login form is submitted $showform = true; if (isset($_POST['submit'])) { // if form has been submitted $showform = false; // makes sure they filled it in if(!$_POST['username'] | !$_POST['pass']) { die('You did not fill in a required field.'); } // checks it against the database if (!get_magic_quotes_gpc()) { $_POST['email'] = addslashes($_POST['email']); } $check = mysql_query("SELECT * FROM users WHERE username = '" . addslashes($_POST['username']) . "'") or die(mysql_error()); //Gives error if user dosen't exist $check2 = mysql_num_rows($check); if ($check2 == 0) { die( #'That user does not exist in our database. <a href=friend_make_user.php>Click Here to Register</a>' header("Location: friend_user_not_found.php") ); } while($info = mysql_fetch_array( $check )) { $_POST['pass'] = stripslashes($_POST['pass']); $info['password'] = stripslashes($info['password']); $_POST['pass'] = md5($_POST['pass']); //gives error if the password is wrong if ($_POST['pass'] != $info['password']) { die('Incorrect password, please try again.'); } else { // if login is ok then we add a cookie $_POST['username'] = stripslashes($_POST['username']); $hour = time() + 3600; setcookie(ID_my_site, $_POST['username'], $hour); setcookie(Key_my_site, $_POST['pass'], $hour); //then redirect them to the members area header("Location: friend_loggedin_show.php"); } } } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel="stylesheet" href="css/index.css" type="text/css" /> <title>.: Eax's Webpage :.</title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'; include 'index_header.html'; ?> <div class="main_white"> <div align="left"> <?php if ($showform) { ?> <form action="<?php echo $_SERVER['PHP_SELF']?>" method="post"> <table border="0"> <tr> <td colspan="2"> <h1> Login </h1> </td> </tr> <tr> <td> Username: </td> <td> <input type="text" name="username" maxlength="40" /> </td> </tr> <tr> <td> Password: </td> <td> <input type="password" name="pass" maxlength="50" /> </td> </tr> <tr> <td colspan="2" align="right"> <input type="submit" name="submit" value="Login" /> <FORM> <INPUT TYPE="BUTTON" VALUE="Register" ONCLICK="window.location.href='friend_make_user.php'"> </FORM> </td> </tr> </table> </form> <br> <?php } ?> </div> </div> <?php include 'footer.php'; ?> </div> </body> </html> [/code] BUT! I think the problem could also lie in [I]friend_loggedin_show.php[/I]: [code] <?php // Connect to database include 'db_mysql.php'; //checks cookies to make sure they are logged in if(isset($_COOKIE['ID_my_site'])) { $username = $_COOKIE['ID_my_site']; $pass = $_COOKIE['Key_my_site']; $check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error()); while($info = mysql_fetch_array( $check )) { //if the cookie has the wrong password, they are taken to the login page if ($pass != $info['password']) { header("Location: friend_login.php"); } //otherwise they are shown the admin area else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <link rel=stylesheet href="css/index.css" type="text/css"> <title> .: Eax's Webpage :. </title> </head> <body style="color: white; background-color: white;"> <div align="center"> <?php include 'main_header.html'?> <?php include 'index_header.html'?> <div class="main_white"><br><div align="left"> <?php # Get the userid $sql1 = "SELECT * FROM users"; $result1 = mysql_query($sql1) or print ("Can't select entries from table users.<br />" . $sql1 . "<br />" . mysql_error()); while($row1 = mysql_fetch_array($result1)) { $userid = stripslashes($row1['userid']); $username = stripslashes($row1['username']); } echo "<h1>".$userid." "."Hello ".$username."</h1><p><br><hr width=\"100\%\" color=\"1793d1\"></p><br>"; #Print the shit (check it) $sql = "SELECT * FROM user_friends WHERE ownerid = '$userid' ORDER BY vennerid DESC "; $result = mysql_query($sql) or print ("Can't select entries from table user_friends.<br />" . $sql . "<br />" . mysql_error()); while($row = mysql_fetch_array($result)) { $navn = stripslashes($row['navn']); $email = stripslashes($row['email']); $notes = stripslashes($row['notes']); $addresse = stripslashes($row['addresse']); $telefon = stripslashes($row['telefon']); ?> <p></p> <?php echo "Navn: ".$navn; ?><br><?php echo "Addresse: ".$addresse; ?><br><?php echo "Telefon: ".$telefon; ?><br><?php echo "Email: ".$email; ?><br><?php echo "Noter: ".$notes; ?><br><?php ?> <br><hr width="100%" color="1793d1"></p><br> <?php } echo " <br><FORM><INPUT TYPE=\"BUTTON\" VALUE=\"Add friend\" ONCLICK=\"window.location.href='friend_post.php'\"> <INPUT TYPE=\"BUTTON\" VALUE=\"Log Out\" ONCLICK=\"window.location.href='friend_logout.php'\"></FORM>"; #<br><a href=friend_logout.php><font color=\"black\"><u>Logout</u></font></a>"; ?><br><?php } } } else //if the cookie does not exist, they are taken to the login screen { header("Location: friend_login.php"); } ?> </div> </div> <?php include 'footer.php'?></div> </body> </html> [/code] SORRY for my horrible indentation & style of coding.

I don't understand what the difficulty of indenting is. It's as simple as pie :)

$check2 = mysql_num_rows($check); if ($check2 == 0) { die( #'That user does not exist in our database. <a href=friend_make_user.php>Click Here to Register</a>' header("Location: friend_user_not_found.php") ); } Let's see. 1. What the heck is the # doing there? 2. Where's the semicolon at the end of the line? 3. Why is it ending with ); ? 4. Are you placing a headertag INSIDE a die tag, and also, you're sending headers after a message. Again, as this whole thread shows, you can't do this. Headers must be sent before ANY OTHER CHARACTER.

[QUOTE=h2ooooooo;16797141]$check2 = mysql_num_rows($check); if ($check2 == 0) { die( #'That user does not exist in our database. <a href=friend_make_user.php>Click Here to Register</a>' header("Location: friend_user_not_found.php") ); } Let's see. 1. What the heck is the # doing there? 2. Where's the semicolon at the end of the line? 3. Why is it ending with ); ? 4. Are you placing a headertag INSIDE a die tag, and also, you're sending headers after a message. Again, as this whole thread shows, you can't do this. Headers must be sent before ANY OTHER CHARACTER.[/QUOTE] 1. I qouted it out from the original code as I prefer redirecting people to the "User not found page". 2. Shouldn't there be? 3: -||- 4. Okay. How will you redirect to another page in php then? :) Thanks :)

[code] $check2 = mysql_num_rows($check); if ($check2 == 0) { die("That user does not exist in our database. <a href=/"friend_make_user.php/">Click Here to Register</a>"); header("Location: friend_user_not_found.php"); } [/code] Cleaned that bit up. Edit: Wait that can't be possible, what you've done there is simply exiting the script so the header() isn't even being called so it won't change the page. [code]$check2 = mysql_num_rows($check); if ($check2 == 0) { header("Location: friend_user_not_found.php"); }[/code] Also why are you running a loop to check if the password is correct? Why not just check if there is a row with the username and the password supplied.

[QUOTE=kebabs;16797979]$check2 = mysql_num_rows($check); if ($check2 == 0) { die("That user does not exist in our database. <a href=/"friend_make_user.php/">Click Here to Register</a>"); header("Location: friend_user_not_found.php"); } Cleaned that bit up. Also why are you running a loop to check if the password is correct? Why not just check if there is a row with the username and the password supplied.[/QUOTE] Thanks :) Sounds intelligent but how would I do it? Get this error when I insert your piece: [code] Parse error: syntax error, unexpected T_STRING in /var/www/friends/friend_login.php on line 49 [/code]