Private Message System [part 04] ERROR

[Kez323]

When I load up the page, I get a blank while webpage. Ive checked the error log and it says this:

PHP Warning: Cannot modify header information - headers already sent by (output started at /home1/thewizki/public_html/chatk/core/init.inc.php:2) in /home1/thewizki/public_html/chatk/core/init.inc.php on line 8

Line 8 is this: header('HTTP/1.1 404 Not Found');

Heres part of my code:
[syntax=php]
$core_path = dirname(__FILE__);

if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){

header('HTTP/1.1 404 Not Found');
header('Location: index.php?page=inbox');

die();
}
[/syntax]
Whats wrong?

[Temor]

That problem usually means there is absolutely nothing wrong with line 8. The problem is somewhere else entirely!
I would have to take a gander at all of your code if possible.

[Kez323]

The whole of that class: (init.inc.php)
[syntax=php]
<?php

$core_path = dirname(__FILE__);

if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){

header('HTTP/1.1 404 Not Found');
header('Location: index.php?page=inbox');

die();
}

session_start();

mysql_connect('localhost', 'user', 'pass');
mysql_select_db('db_name');

include("{$core_path}/inc/user.inc.php");

if (isset($_POST['user_name'], $_POST['user_password'])){
if (($user_id = validate_crendenials($_POST['user_name'], $_POST['user_password'])) !== false){
$SESSION['user_id'] = $user_id;

header('Location: index.php?page=inbox');

die();
}
}

if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){
header('HTTP/1.1 403 Forbidden');
header('Location: index.php?page=login');

die();
}

$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";

?> [/syntax]

[Temor]

you forgot an Underscore in $_SESSION on line 22.
Not sure if that's the problem though, if it isn't, I'm gonna have to see the library files you have too.

[Kez323]

Didnt see that error, but nope, its still not fixed

Index.php: http://pastebin.com/vZuBX9wd
[syntax=php]<?php
include('core/init.inc.php');

?>
<html>
<head>

<link rel="stylesheet" type="text/css" href="ext/main.css">
</head>
<body>
<div id="wrap">
<?php
include($include_file);
?>
</div>
</body>
</html>[/syntax]

user.inc.php: http://pastebin.com/F7NsQupL
[syntax=php]<?php
//Checks a given Username & Password combo.
function validate_credentials($user_name, $user_password){
$user_name = mysql_real_escape_string($user_name);
$user_password sha1($user_password);

$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}'");

if (mysql_num_rows($result) != 1){
return false;
}
return mysql_result($result, 0); //return ID.

}

?>[/syntax]

login.page.inc.php: http://pastebin.com/N8K9gfG9
[syntax=php]<h1>Login</h1>
<?php
if (isset($_POST['user_name'], $_POST['user_password'])){
echo '<div class="msg error">Login Failed.</div>';
}

?>
<form action="index.php?page=login" method="post">
<div>
<label for="user_name">Username:</label>
<input type="text" name="user_name" id="user_name">
</div>
<div>
<label for="user_password">Password:</label>
<input type="password" name="user_password" id="user_password">
</div>
<div>
<input type="submit" value="Login" />
</div>
</form>[/syntax]

and init.inc.php (already sent)

[syntax=php] <?php

$core_path = dirname(__FILE__);

if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){

header('HTTP/1.1 404 Not Found');
header('Location: index.php?page=inbox');

die();
}

session_start();

mysql_connect('localhost', 'user', 'pass');
mysql_select_db('db_name');

include("{$core_path}/inc/user.inc.php");

if (isset($_POST['user_name'], $_POST['user_password'])){
if (($user_id = validate_crendenials($_POST['user_name'], $_POST['user_password'])) !== false){
$SESSION['user_id'] = $user_id;

header('Location: index.php?page=inbox');

die();
}
}

if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){
header('HTTP/1.1 403 Forbidden');
header('Location: index.php?page=login');

die();
}

$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";

?> [/syntax]

[Temor]

I prefer having all of the code here! It's easily readable as long as it's in syntax tags

I'll take a look at your code now.

/Edit; In your init.inc, is there whitespace before your <?php tag or is that just something that happened when you posted the code here? If there is a whitespace, remove it.

[Kez323]

After removing that white space, the error log says:

PHP Parse error: syntax error, unexpected T_STRING in /home1/kez/public_html/chat/core/inc/user.inc.php on line 5

[ScTech]

You're missing an "=" on line 5.

EDIT: After that error is solved there will be an SQL error that will not be displayed. This is because in your queries, you are using apostrophes ' instead of backticks ` around your table names.

[Kez323]

lol.. never ending problems.. sorted that, but when I login with correct details from the database still says "Login Failed."

[Temor]

lol.. never ending problems.. sorted that, but when I login with correct details from the database still says "Login Failed."

Well, that isn't very surprising... Your code is echoing " <div class="msg error">Login Failed.</div> " when you press the button... You still have work to do!

[Kez323]

But shouldn't be triggered?

if (($user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])) !== false){
$_SESSION['user_id'] = $user_id;

header('Location: index.php?page=inbox');
die();
}

[ScTech]

You need to post what you're including in index.php. Temor was going off login.page.inc.php doing that which only shows you displaying that on form submit.

[Kez323]

PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

Whats wrong with it?

[syntax=php]if (mysql_num_rows($result) !== 1){
return false;
}
return mysql_result($result, 0); //return ID.[/syntax]

[ScTech]

To know that, we need to see $result

[Kez323]

[syntax=php]$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = `{$user_name}` AND `user_password` = `{$user_password}`");[/syntax]

[ScTech]

You're using backticks around your variables. They need to be apostrophes. Keep the table/column names having backticks.