I have membership registration code which enables people create a profile. However it creates an error “Cannot modify header information - headers already sent”
Can anyone advise what the header is or what this means?
Is it peice of code which records if someone is logged in? If so how do I apply this?
if(!$error) {
$query = mysql_query("INSERT INTO organisermembers (companyname, password, emailaddress) VALUES ('".$companyname."', '".mysql_real_escape_string(md5($password))."', '".$emailaddress."')");
if($query) {
$message = "Hello ".$_POST['companyname'].",\\r\
\\r\
Thanks for registering! We hope you enjoy your stay.\\r\
\\r\
Thanks,\\r\
John Doe";
$headers = "From: ".$website['name']." <".$website['emailaddress'].">\\r\
";
mail($_POST['emailaddress'], "Welcome", $message, $headers);
setcookie("user", mysql_insert_id(), $time);
setcookie("pass", mysql_real_escape_string(md5($password)), $time);
header("Location: index.php");
} else {
$error = "There was a problem with the registration. Please try again.";
}
}
}
A header is a command to the browser. You can use Location to tell the browser, redirect to the page/url I give you, you can use CONTENT-ENCODING to set a specific encoding to the page, etc. setcookie uses a header to tell the browser to write a cookie on the user’s computer. So since these are instructions to the browser, that is why they need to be at the top of the page. By the time you start writing output (HTML or TEXT) the browser is already done executing any instructions and is only focused on writing your content to the screen.
Thanks, alot clearer now. So is there a header that should be used to confirm whether someone is logged into a database as a member or does the header Location: index.php redirect the user to the homepage once someone has logged in?
header(“Location: index.php”) is redirecting the user to the home page once someone logs in. It is technically your decision on whether you want to redirect them or not, or leave them on the page the registration page (or redirect to a confirmation page for that matter).
A header does not and cannot confirm whether someone is logged in. You have to code that behavior. To do that, you would need to read your cookies using the $_COOKIE[‘name of your cookie’] super-global variable and then query those values against your database to verify the user is valid.
I have the following page at the top of the page. Is there something I am missing to read if someone is logged in, is there anything which could be reading if someone is logged in. Is there code that reads if someone is logged in that I need to add to the homepage?
<login code
<?php
if(isset($_POST['submit'])){
$companyname = mysql_real_escape_string(trim($_POST['companyname']));
$password = trim($_POST['password']);
$password1 = mysql_real_escape_string(trim($_POST['password1']));
$emailaddress = mysql_real_escape_string(trim($_POST['emailaddress']));
if(!isset($companyname) || empty($companyname)) {
$error = "You need to enter a Company Name.";
}
if(preg_match("/[a-zA-Z0-9-.+]+@[a-zA-Z0-9-]+.[a-zA-Z]+/", $companyname) == 0 && !$error) {
$error = "The Company Name you entered is not valid.";
}
if((!isset($password) || empty($password)) && !$error) {
$error = "You need to enter a password.";
}
if((!isset($password1) || empty($password1)) && !$error) {
$error = "You need to enter your password twice.";
}
if($password != $password1 && !$error) {
$error = "The passwords you entered did not match.";
}
if((!isset($emailaddress) || empty($emailaddress)) && !$error) {
$error = "You need to enter an email.";
}
if(preg_match("/[a-zA-Z0-9-.+]+@[a-zA-Z0-9-]+.[a-zA-Z]+/", $emailaddress) == 0 && !$error) {
$error = "The email you entered is not valid.";
}
$query = mysql_query("SELECT userid FROM organisermembers WHERE emailaddress = '".$emailaddress."' LIMIT 1");
if(mysql_num_rows($query) > 0 && !$error) {
$error = "Sorry, that email is already in use!";
}
if(!$error) {
$query = mysql_query("INSERT INTO organisermembers (companyname, password, emailaddress) VALUES ('".$companyname."', '".mysql_real_escape_string(md5($password))."', '".$emailaddress."')");
if($query) {
$message = "Hello ".$_POST['companyname'].",\\r\
\\r\
Thanks for registering! We hope you enjoy your stay.\\r\
\\r\
Thanks,\\r\
John Doe";
$headers = "From: ".$website['name']." <".$website['emailaddress'].">\\r\
";
mail($_POST['emailaddress'], "Welcome", $message, $headers);
setcookie("user", mysql_insert_id(), $time);
setcookie("pass", mysql_real_escape_string(md5($password)), $time);
header("Location: /index.php");
} else {
$error = "There was a problem with the registration. Please try again.";
}
}
}
?>
That looks more like a registration setup than a login page.
A login page would look more like the following:
<?php
if(isset($_POST['submit'])){
$password = trim($_POST['password']);
$emailaddress = mysql_real_escape_string(trim($_POST['emailaddress']));
if((!isset($password) || empty($password)) && !$error) {
$error = "You need to enter a password.";
}
if((!isset($emailaddress) || empty($emailaddress)) && !$error) {
$error = "You need to enter an email.";
}
if(preg_match("/[a-zA-Z0-9-.+]+@[a-zA-Z0-9-]+.[a-zA-Z]+/", $emailaddress) == 0 && !$error) {
$error = "The email you entered is not valid.";
}
if(!$error) {
$query = mysql_query("SELECT id FROM organisermembers WHERE emailaddress='$emailaddress' AND password='".mysql_real_escape_string(md5($password))."'");
if($query && mysql_num_rows($query) == 1) {
$row = mysql_fetch_assoc($query);
setcookie("user", $row['id'], $time);
setcookie("pass", mysql_real_escape_string(md5($password)), $time);
} else {
$error = "There was a problem with the login. Please try again.";
}
}
}
?>
Yes your right sorry, that is a registration setup. What I would like to do is to add a email authentication script once someone registers for the site.
Is the code that reads if someone is logged in on everypage or is it just on the homepage?