i tried to combine the login system and the template system and get a bunch of errors, how can i fix it?
but when i disable a few parts of the code, i get other error-msg instead of these, but it is not finished at all.310 (net::ERR_TOO_MANY_REDIRECTS):
.htaccessWarning: Cannot modify header information - headers already sent by (output started at /hp/cd/ac/bz/www/index.php:11) in /hp/cd/ac/bz/www/template/pages/login.page.inc.php on line 15
RewriteEngine On RewriteRule ^([a-zA-Z_]+)/?$ index.php?page=$1 [QSA]index.php
<?php include('template/init.inc.php');?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Name</title>
<link rel="stylesheet" type="text/css" href="css/game/style.css"/>
</head>
<body>
<div class="wrapper">
<ul>
<li><a href="home">Home</a></li>
<li><a href="login">Login</a></li>
<li><a href="registrieren">Registrieren</a></li>
</ul>
<div class="content">
<?php
include($include_file);
?>
</div>
</div>
</body>
</html>
init.inc.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
////////Login//////////////////
@session_start();
$exeptions = array('registrieren', 'login');
$accesspage = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
if(in_array($accesspage, $exeptions) === FALSE){
if(isset($_SESSION['username']) === FALSE){
//header('Location: login');
//die("fehler");
}
}
mysql_connect('mysql3.1blu.de','s159243_1661146','hellsing12');
mysql_select_db('db159243x1661146');
$accesspath = dirname(__FILE__);
include("{$accesspath}/pages/inc/user.inc.php");
////////Templatesystem////////
if(empty($_GET['page'])){
header('Location: home');
die();
}
$core_path = dirname(__FILE__);
$pages = scandir("{$core_path}/pages");
unset($pages[0], $pages[1]);
foreach($pages as &$page){
$page = substr($page, 0, strpos($page, '.'));
}
if(in_array($_GET['page'], $pages)){
$include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";
}else{
$include_file = "{$core_path}/pages/home.page.inc.php";
}
////////////////////////////
?>
registrieren.page.inc.php
<?php
$errors = array();
if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
if(empty($_POST['username'])){
$errors[] = 'The username cannot be empty.';
}
if(empty($_POST['password']) || empty($_POST['repeat_password'])){
$errors[] = 'The password cannot be empty.';
}
if($_POST['password'] !== $_POST['repeat_password']){
$errors[] = 'The Password verification failed.';
}
if(user_exists($_POST['username'])){
$errors[] = 'The username is already taken.';
}
if(empty($errors)){
add_user($_POST['username'], $_POST['password']);
$_SESSION['username'] = htmlentities($_POST['username']);
//header('Location: overview');
//die();
}
}
?>
<?php
if(empty($errors) === false){
?>
<ul>
<?php
foreach($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
<form action ="" method="POST">
<p>
<label for="username">Username:</label>
<input type="text" name="username" class="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" class="password" />
</p>
<p>
<label for="repeat_password">Repeat Password:</label>
<input type="password" name="repeat_password" class="repeat_password" />
</p>
<p>
<input type="submit" value="Register" />
</p>
</form>
overview.page.inc.php (the hidden area)
you are logged in as <?php echo $_SESSION['username']; ?> <a href="logout">Logout</a>logout.page.inc.php ( i removed the session_start(); at the top of the code )
you are logged in as <?php echo $_SESSION['username']; ?> <a href="logout">Logout</a>login.page.inc.php
<?php
$errors = array();
if(isset($_POST['username'], $_POST['password'])){
if(empty($_POST['username'])){
$errors[] = 'The username cannot be empty';
}
if(empty($_POST['password'])){
$errors[] = 'The password cannot be empty';
}
if(valid_credentials($_POST['username'], $_POST['password']) === false){
$errors[] = 'Username / Password incorrect';
}
if(empty($errors)){
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: overview');
//die();
}
}
?>
<?php
if(empty($errors) === false){
?>
<ul>
<?php
foreach($errors as $error){
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
}
?>
<form action="" method="POST">
<p>
<label for="username">Username:</label>
<input type="text" name="username" class="username" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" class="password" />
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
user.in.php ( works fine )
<?php
//check if the given username exists in the database
function user_exists($user){
$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//chech if the given username and password combination is valid
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
//add the user to the database
function add_user($user, $pass){
$user = mysql_real_escape_string(htmlentities($user));
$pass = sha1($pass);
mysql_query("INSERT INTO `users` (`user_name`,`user_password`) VALUES ('{$user}', '{$pass}')");
}
?>
thank you 
