Page 1 of 1

Login System combined Template System = problems

Posted: Mon Apr 16, 2012 2:11 pm
by w4ke
Hello All,

i tried to combine the login system and the template system and get a bunch of errors, how can i fix it?
310 (net::ERR_TOO_MANY_REDIRECTS):
but when i disable a few parts of the code, i get other error-msg instead of these, but it is not finished at all.
Warning: Cannot modify header information - headers already sent by (output started at /hp/cd/ac/bz/www/index.php:11) in /hp/cd/ac/bz/www/template/pages/login.page.inc.php on line 15
.htaccess
RewriteEngine On

RewriteRule ^([a-zA-Z_]+)/?$ index.php?page=$1 [QSA]
index.php
<?php include('template/init.inc.php');?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title>Name</title>
    <link rel="stylesheet" type="text/css" href="css/game/style.css"/>
  </head>
  <body>
    <div class="wrapper">
      <ul>
        <li><a href="home">Home</a></li>
        <li><a href="login">Login</a></li>
        <li><a href="registrieren">Registrieren</a></li>
      </ul>
      <div class="content">
        <?php
         include($include_file);
        ?>
      </div>
    </div>
  </body>
</html>
init.inc.php
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
////////Login//////////////////
@session_start();
$exeptions = array('registrieren', 'login');
$accesspage = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
if(in_array($accesspage, $exeptions) === FALSE){
  if(isset($_SESSION['username']) === FALSE){
    //header('Location: login');
    //die("fehler");
  }   
}
mysql_connect('mysql3.1blu.de','s159243_1661146','hellsing12');
mysql_select_db('db159243x1661146');

$accesspath = dirname(__FILE__);
include("{$accesspath}/pages/inc/user.inc.php");
////////Templatesystem////////
if(empty($_GET['page'])){
  header('Location: home');
  die();
}
$core_path = dirname(__FILE__);
$pages = scandir("{$core_path}/pages");
unset($pages[0], $pages[1]);
foreach($pages as &$page){
  $page = substr($page, 0, strpos($page, '.'));
}
if(in_array($_GET['page'], $pages)){
  $include_file = "{$core_path}/pages/{$_GET['page']}.page.inc.php";  
}else{
   $include_file = "{$core_path}/pages/home.page.inc.php";  
}
////////////////////////////

?>
registrieren.page.inc.php
<?php
$errors = array(); 
if(isset($_POST['username'], $_POST['password'], $_POST['repeat_password'])){
  if(empty($_POST['username'])){
    $errors[] = 'The username cannot be empty.';  
  }  
  if(empty($_POST['password']) || empty($_POST['repeat_password'])){
    $errors[] = 'The password cannot be empty.';
  }
  if($_POST['password'] !== $_POST['repeat_password']){
    $errors[] = 'The Password verification failed.';
  }
  if(user_exists($_POST['username'])){
    $errors[] = 'The username is already taken.'; 
  }
  if(empty($errors)){
    add_user($_POST['username'], $_POST['password']);

    $_SESSION['username'] = htmlentities($_POST['username']);
    //header('Location: overview');
    //die();  
  }
} 
?>
<?php
  if(empty($errors) === false){
   ?>
   <ul>
    <?php  
      foreach($errors as $error){
        echo "<li>{$error}</li>";
        
      }  
    ?>
   </ul>
   <?php 
  }   
?>

<form action ="" method="POST">
  <p>
    <label for="username">Username:</label>
    <input type="text" name="username" class="username" value="<?php if(isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
  </p>
  <p>
    <label for="password">Password:</label>
    <input type="password" name="password" class="password" />
  </p>
  <p>
    <label for="repeat_password">Repeat Password:</label>
    <input type="password" name="repeat_password" class="repeat_password" />
  </p>
  <p>
    <input type="submit" value="Register" />
  </p>
</form>
overview.page.inc.php (the hidden area)
you are logged in as <?php echo $_SESSION['username']; ?>
<a href="logout">Logout</a>
logout.page.inc.php ( i removed the session_start(); at the top of the code )
you are logged in as <?php echo $_SESSION['username']; ?>
<a href="logout">Logout</a>
login.page.inc.php
<?php
 $errors = array();
 if(isset($_POST['username'], $_POST['password'])){
  if(empty($_POST['username'])){
    $errors[] = 'The username cannot be empty';
  }
  if(empty($_POST['password'])){
    $errors[] = 'The password cannot be empty';
  }
  if(valid_credentials($_POST['username'], $_POST['password']) === false){
    $errors[] = 'Username / Password incorrect';  
  }
  if(empty($errors)){
    $_SESSION['username'] = htmlentities($_POST['username']);
    header('Location: overview');
    //die();
  }
 }
?>
<?php
  if(empty($errors) === false){
   ?>
   <ul>
    <?php  
      foreach($errors as $error){
        echo "<li>{$error}</li>"; 
      }  
    ?>
   </ul>
   <?php 
  }   
?>
<form action="" method="POST">
  <p>
    <label for="username">Username:</label>
    <input type="text" name="username" class="username" />
  </p>
  <p>
    <label for="password">Password:</label>
    <input type="password" name="password" class="password" />
  </p>
  <p>
    <input type="submit" value="Login" />
  </p>
</form>
user.in.php ( works fine )
<?php
//check if the given username exists in the database
function user_exists($user){
  $user = mysql_real_escape_string($user);
  $total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `user_name` = '{$user}'");
  return (mysql_result($total, 0) == '1') ? true : false;
}
//chech if the given username and password combination is valid
function valid_credentials($user, $pass){
  $user = mysql_real_escape_string($user);
  $pass = sha1($pass);
  
  $total = mysql_query("SELECT COUNT(`ID`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
  return (mysql_result($total, 0) == '1') ? true : false;  
}
//add the user to the database
function add_user($user, $pass){
  $user = mysql_real_escape_string(htmlentities($user));
  $pass = sha1($pass);
  mysql_query("INSERT INTO `users` (`user_name`,`user_password`) VALUES ('{$user}', '{$pass}')");
} 
?>
thank you :)

Re: Login System combined Template System = problems

Posted: Tue Apr 17, 2012 6:23 pm
by jacek
w4ke wrote:310 (net::ERR_TOO_MANY_REDIRECTS):
that can happen if you have a redirect loop or a page that redirects to it's self. It could be that you have the login page set to require the user to be logged in and if they are not it redirects them to the login page. so you can check for that ?
w4ke wrote:but when i disable a few parts of the code, i get other error-msg instead of these, but it is not finished at all.

Warning: Cannot modify header information - headers already sent by (output started at /hp/cd/ac/bz/www/index.php:11) in /hp/cd/ac/bz/www/template/pages/login.page.inc.php on line 15
Well disabling parts of the cod is not really the right way to go but anyway, the error is caused by the header() function. You can't use it after there has been some output from the script (that's just how http works, headers come first). It tells you where the output that caused the problem was too, in this case it is line 11 of index.php.