Private Message System [part 04] ERROR

[Kez323]

When I load up the page, I get a blank while webpage. Ive checked the error log and it says this:

PHP Warning: Cannot modify header information - headers already sent by (output started at /home1/thewizki/public_html/chatk/core/init.inc.php:2) in /home1/thewizki/public_html/chatk/core/init.inc.php on line 8

Line 8 is this: header('HTTP/1.1 404 Not Found');

Heres part of my code:

$core_path = dirname(__FILE__);
 
	if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){
   
	   header('HTTP/1.1 404 Not Found');
	   header('Location: index.php?page=inbox');
       
	   die();
	}

Whats wrong?

[Temor]

That problem usually means there is absolutely nothing wrong with line 8. The problem is somewhere else entirely!
I would have to take a gander at all of your code if possible.

[Kez323]

The whole of that class: (init.inc.php)

	<?php
 
	$core_path = dirname(__FILE__);
 
	if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){
   
	   header('HTTP/1.1 404 Not Found');
	   header('Location: index.php?page=inbox');
       
	   die();
	}
 
	session_start();
 
	mysql_connect('localhost', 'user', 'pass');
	mysql_select_db('db_name');
 
	include("{$core_path}/inc/user.inc.php");
 
	if (isset($_POST['user_name'], $_POST['user_password'])){
	    if (($user_id = validate_crendenials($_POST['user_name'], $_POST['user_password'])) !== false){
	            $SESSION['user_id'] = $user_id;
               
	                header('Location: index.php?page=inbox');
               
	                die();
	        }
	}
 
	if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){
	    header('HTTP/1.1 403 Forbidden');
	    header('Location: index.php?page=login');
       
	        die();
	}
 
	$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";
 
	?>                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

[Temor]

you forgot an Underscore in $_SESSION on line 22.
Not sure if that's the problem though, if it isn't, I'm gonna have to see the library files you have too.

[Kez323]

Didnt see that error, but nope, its still not fixed

Index.php: http://pastebin.com/vZuBX9wd

<?php
include('core/init.inc.php');

?>
<html>
<head>
	
	<link rel="stylesheet" type="text/css" href="ext/main.css">
</head>
<body>
	<div id="wrap">
		<?php
		include($include_file);
		?>
	</div>
</body>
</html>

user.inc.php: http://pastebin.com/F7NsQupL

<?php
//Checks a given Username & Password combo.
function validate_credentials($user_name, $user_password){
	$user_name = mysql_real_escape_string($user_name);
	$user_password sha1($user_password);
	
	$result = mysql_query("SELECT 'user_id' FROM 'users' WHERE 'user_name' = '{$user_name}' AND 'user_password' = '{$user_password}'");

	if (mysql_num_rows($result) != 1){
		return false;
	} 
	return mysql_result($result, 0); //return ID.
	
}
	
?>

login.page.inc.php: http://pastebin.com/N8K9gfG9

<h1>Login</h1>
<?php
if (isset($_POST['user_name'], $_POST['user_password'])){
	echo '<div class="msg error">Login Failed.</div>';
}

?>
<form action="index.php?page=login" method="post">
	<div>
		<label for="user_name">Username:</label>
		<input type="text" name="user_name" id="user_name">
	</div>
	<div>
		<label for="user_password">Password:</label>
		<input type="password" name="user_password" id="user_password">
	</div>
	<div>
		<input type="submit" value="Login" />
	</div>
</form>

and init.inc.php (already sent)

   <?php
 
        $core_path = dirname(__FILE__);
 
        if (empty($_GET['page']) || in_array("{$_GET['page']}.page.inc.php", scandir("{$core_path}/pages")) == false){
   
           header('HTTP/1.1 404 Not Found');
           header('Location: index.php?page=inbox');
       
           die();
        }
 
        session_start();
 
        mysql_connect('localhost', 'user', 'pass');
        mysql_select_db('db_name');
 
        include("{$core_path}/inc/user.inc.php");
 
        if (isset($_POST['user_name'], $_POST['user_password'])){
            if (($user_id = validate_crendenials($_POST['user_name'], $_POST['user_password'])) !== false){
                    $SESSION['user_id'] = $user_id;
               
                        header('Location: index.php?page=inbox');
               
                        die();
                }
        }
 
        if (empty($_SESSION['user_id']) && $_GET['page'] !== 'login'){
            header('HTTP/1.1 403 Forbidden');
            header('Location: index.php?page=login');
       
                die();
        }
 
        $include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";
 
        ?>                          

[Temor]

I prefer having all of the code here! It's easily readable as long as it's in syntax tags

I'll take a look at your code now.

/Edit; In your init.inc, is there whitespace before your <?php tag or is that just something that happened when you posted the code here? If there is a whitespace, remove it.

[Kez323]

After removing that white space, the error log says:

PHP Parse error: syntax error, unexpected T_STRING in /home1/kez/public_html/chat/core/inc/user.inc.php on line 5

[ScTech]

You're missing an "=" on line 5.

EDIT: After that error is solved there will be an SQL error that will not be displayed. This is because in your queries, you are using apostrophes ' instead of backticks ` around your table names.

[Kez323]

lol.. never ending problems.. sorted that, but when I login with correct details from the database still says "Login Failed."

[Temor]

lol.. never ending problems.. sorted that, but when I login with correct details from the database still says "Login Failed."

Well, that isn't very surprising... Your code is echoing " <div class="msg error">Login Failed.</div> " when you press the button... You still have work to do!

[Kez323]

But shouldn't be triggered?

if (($user_id = validate_credentials($_POST['user_name'], $_POST['user_password'])) !== false){
$_SESSION['user_id'] = $user_id;

header('Location: index.php?page=inbox');
die();
}

[ScTech]

You need to post what you're including in index.php. Temor was going off login.page.inc.php doing that which only shows you displaying that on form submit.

[Kez323]

PHP Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource

Whats wrong with it?

if (mysql_num_rows($result) !== 1){
		return false;
	} 
	return mysql_result($result, 0); //return ID.

[ScTech]

To know that, we need to see $result

[Kez323]

$result = mysql_query("SELECT `user_id` FROM `users` WHERE `user_name` = `{$user_name}` AND `user_password` = `{$user_password}`");

[ScTech]

You're using backticks around your variables. They need to be apostrophes. Keep the table/column names having backticks.