[stephenb]

Hi, every time i run my code the following error appears:

Warning: Cannot modify header information - headers already sent by (output started at /srv/disk1/1297215/www/higherme.co.uk/Connect_to_MYSQL.php:26) in /srv/disk1/1297215/www/higherme.co.uk/admin_login.php on line 23

This error appears when i try to log in as admin into my websites, also it appears when i try to return using the return button i created. below are the two php scripts which were, the first one is the "admin_login" page which is where the admin aka me will log in and the second is the adminindex which is where the admin will edit the content.
I tried removing spaces which was what some people recommended.
Please help me try to solve this issue. Thanks

<?php
session_start();
if(isset($_SESSION["manager"])){
header("location: indexadmin.php");
exit();
}
//parse the log in form if the user has filled it out and press "log in"
if(isset($_POST["username"])&&isset($_POST["password"])){
$manager = preg_replace('#[^A-Za-z0-9]#i','', $_POST["username"]); //filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i','', $_POST["password"]); 
//connect to my sql database
include "Connect_to_MYSQL.php";
$sql = mysql_query("SELECT id FROM admin WHERE username='$manager' AND password='$password' LIMIT 1");
//Makes sure person exist in database with a query
$existCount = mysql_num_rows($sql);//count the rows nums
if($existCount == 1){// evaluate the count
while($row= mysql_fetch_array($sql)){
  $id = $row["id"];
  }
  $_SESSION["id"] = $id;
  $_SESSION["manager"] = $manager;
  $_SESSION["password"] = $password;
header("location:indexadmin.php");
exit();
}else{
  echo 'That infromation is incorrect <a href="indexadmin.php">Click Here</a>';
  exit();
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Admin Login</title>
<link rel="stylesheet" href="../Style/Style.css" media="screen"/>
</head>
<body>
<div align="center" id="mainWrapper">
  <?php include_once("Template_header.php");?>
  <div id="PageContent">
  <p>&nbsp;</p>
    <div align="left"style="margin-left:24px">
      <p>Hello store manager, what would you like to do today?</p>
      <form id="form1" name="form1" method="post" action="admin_login.php">
      User Name:<br/>
      <input name="username" type="text" id="username" size="40"/>
      <br /><br />
      <input name="password" type="password" id="password" size="40"/>
      <br />
      <br />
      <br />
      <label>
      <input type="submit" name="button" id="button" value="Log in"/>
      </label>
      </form>
      <p>&nbsp;</p>
          </div>
       <p>&nbsp;</p>
<p>&nbsp;</p>
  </div>
  <?php include_once("Template_footer.php");?>
</div>
</body>
</html>

<?php
session_start();
if(isset($_SESSION["manager"])){
header("location: admin_login.php");
exit();
}
#logs in user must be succseful
#check the manager session value is in the database
$managerID = preg_replace('#[^0-9]#i','',$_SESSION["id"]);  //filter everything but numbers and letters
$manager = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["manager"]); //filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i','',$_SESSION["password"]); //filter everything but numbers and letters.
//run mysql query to be sure this person is an admin and that there password and sessuin cvar equals the same as in the database infroation
//connect to the mysql database
include "Connect_to_MYSQL.php";
$sql = mysql_query("SELECT * FROM admin WHERE id='$managerID' AND username='$manager' AND password='$password' LIMIT 1");
//Makes sure person exist in database with a query
$existCount = mysql_num_rows($sql);//count the rows nums
if($existCount == 0){ // evaluate the count
header("location: indexadmin.php");
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Store Admin Area</title>
<link rel="stylesheet" href="../Style/Style.css" media="screen"/>
</head>
<body>
<div align="center" id="mainWrapper">
  <?php include_once("Template_header.php");?>
  <div id="PageContent">
  <p>&nbsp;</p>
    <div align="left"style="margin-left:24px">
      <p>Hello store manager, what would you like to do today?</p>
      <p>&nbsp;</p>
      <p><a href="inventroy_list.php">Manage inventroy</a></p>
      <p><a href="#">mangage blah blah</a></p>
    </div>
       <p>&nbsp;</p>
<p>&nbsp;</p>
  </div>
  <?php include_once("Template_footer.php");?>
</div>
</body>
</html>

[laytonsdad]

stephenb, on 26 February 2013 - 06:42 PM, said:

Hi, every time i run my code the following error appears:

Warning: Cannot modify header information - headers already sent by (output started at /srv/disk1/1297215/www/higherme.co.uk/Connect_to_MYSQL.php:26) in /srv/disk1/1297215/www/higherme.co.uk/admin_login.php on line 23

The warning states that the output was started at Connect_to_MYSQL.php on line 26, it is included on line 12 of the code that you posted. I don't see that files code though. post that for more.

This post has been edited by laytonsdad: 26 February 2013 - 07:03 PM

[creativecoding]

When you redirect the user using headers('location: theplace');, you are actually modifying/adding the header information that will be sent to the browser. When PHP sends this header information, it cannot be changed. PHP will send this information when HTML goes out (like printing stuff, or any HTML before the code). There is a way to stop this, via good design patterns or by output buffering. Trying to redirect the user after they've received the headers will not work, and that notice will be emitted.

[macosxnerd101]

Good design would really be separating your design and backend. It makes it easier in the development process so the designer can focus on the design components, and the developer the PHP components. It also makes it cleaner to organize the PHP code.

There is a tutorial that expands on creativecoding's point about output buffering as an option. It also explains more about headers and why you are encountering this error.

Laslty, the mysql_*() family of functions has been deprecated. It is high time to abandon the old ways and move onto Prepared Statements like PDO, which offer better security and less work to sanitize inputs.

[stephenb]

laytonsdad, on 26 February 2013 - 08:01 PM, said:

stephenb, on 26 February 2013 - 06:42 PM, said:

Hi, every time i run my code the following error appears:

Warning: Cannot modify header information - headers already sent by (output started at /srv/disk1/1297215/www/higherme.co.uk/Connect_to_MYSQL.php:26) in /srv/disk1/1297215/www/higherme.co.uk/admin_login.php on line 23

The warning states that the output was started at Connect_to_MYSQL.php on line 26, it is included on line 12 of the code that you posted. I don't see that files code though. post that for more.

mysql_connect("XXXXX", "XXXXX", "XXXXX") or die ("could not connect to mysql");

mysql_select_db("XXXXX") or die ("no database");  
 
?>

[quote name='stephenb' date='26 February 2013 - 08:56 PM' timestamp='1361933817' post='1810383']

laytonsdad, on 26 February 2013 - 08:01 PM, said:

stephenb, on 26 February 2013 - 06:42 PM, said:

Hi, every time i run my code the following error appears:

Warning: Cannot modify header information - headers already sent by (output started at /srv/disk1/1297215/www/higherme.co.uk/Connect_to_MYSQL.php:26) in /srv/disk1/1297215/www/higherme.co.uk/admin_login.php on line 23

The warning states that the output was started at Connect_to_MYSQL.php on line 26, it is included on line 12 of the code that you posted. I don't see that files code though. post that for more.

This post has been edited by GunnerInc: 26 February 2013 - 08:07 PM
Reason for edit:: Removed passwords and url