Jump to content
shujjah

whats this error?

Recommended Posts

You've got the idea. But instead of this:

if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {//shows the page  that is only for members and admins}

Use this:

if (!($access == 0 || $access == 1)){  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}

You don't want the code to check and not do anything if they are allowed, you want the code to check and redirect if they are not allowed. On the login.php page you can check if $_GET['error'] is set and if it is show it on the page. Also, you don't need to check if the session is set because you already did.For more then one access level, you can either create different files or just put it all in a function. So the secret.php could look like this:

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

The code in the comments shows examples of calling the function. If you include that file on every page you can call the check_access function and check whatever you want for the page.I also didn't notice that you were using mysql_query incorrectly. When you do this:$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');$access is NOT the access field from the database. mysql_query does not return a database field, it returns a result resource. You need to use mysql_fetch_assoc or one of the other functions to get the values.Also, you need a space between these:require_once'secret.php';

Share this post


Link to post
Share on other sites

oh my god how can i thank u thank u sooooooo much!!!!also on every page i want to restrict i will just put this code?

session_start(); check_access();echo "the content of the page";

or some other check_access(1); or something?again thnkx a lot :)

Share this post


Link to post
Share on other sites

so it will look something like this

<?phpsession_start();include('secret.php');check_access();?><html><head></head><body>content</body></html>

?

Share this post


Link to post
Share on other sites

when i open 1.php which contains this code without loging in

<?phpsession_start();include('secret.php');check_access();?><html><head></head><body>content</body></html>

i get this error Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:36) in D:\xampp\htdocs\access.php on line 9Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:36) in D:\xampp\htdocs\access.php on line 23content of the page and what it is still showing content of the page without me even logged in??!!!!

Share this post


Link to post
Share on other sites

It's trying to redirect to the login page but is not able to because output was already sent. Headers cannot be sent once output starts. This line is sending output:output started at D:\xampp\htdocs\access.php:36

Share this post


Link to post
Share on other sites

how to solve this and also even if i am not logged in it is showing the content of the page???this is access.php

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

plz can u tell me how can i solce this?

Share this post


Link to post
Share on other sites

Remove any whitespace at the end of the file. Output is being sent to the browser in that file. If you find it and remove it, it will work. It is on line 36. You posted 34 lines of code. If there is whitespace at the end of the file, it will cause a problem.

Share this post


Link to post
Share on other sites

this is the code

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

i dont think there are any white empty lines left?but it still gives me Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 8Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 21content of the pageand shows the content of the page

Share this post


Link to post
Share on other sites

First, replace this line: if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))with this:elseif ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))Second, look at the error message:Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 8There is output on line 33.

Share this post


Link to post
Share on other sites

ah sorry as u know this is my first script and i am not familiar with these error can u tell me waht shud i do to make it right?it is giving me nowWarning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:29) in D:\xampp\htdocs\access.php on line 8content of the page

Share this post


Link to post
Share on other sites

Find the line in the error message and remove the output on it. Whitespace or blank lines count as output.

Share this post


Link to post
Share on other sites

now the code looks like this

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not setheader("Location:login.php?error=".rawurlencode("You are not logged in")); // take him/her to the login page  }  elseif ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_queryheader("Location:login.php?error=".rawurlencode("You don't have access for that page."));}?>

i dont think that there are any extra white spaces on line 8?nerthier line 29.

Share this post


Link to post
Share on other sites

This is not difficult. There IS SOME output on whatever line is indicated in the error message, it doesn't matter whether you think there is or not. There is. Remove it.

Share this post


Link to post
Share on other sites

oh i just had to remove this line

else // there was an error with mysql_queryheader("Location:login.php?error=".rawurlencode("You don't have access for that page."));}

ah but now i get thisParse error: syntax error, unexpected $end in D:\xampp\htdocs\access.php on line 26

Share this post


Link to post
Share on other sites

You don't want to remove any code, all the code needs to be there. The problem is whitespace after the code, not the code itself. That else statement should remain in the function.

Share this post


Link to post
Share on other sites

ah got it got it thnkx a lot justsomeguy :)now its up to building the revews and news scripts ah .........but i just checked there is a prob when i login and the code in 1.php is

check_access();

then it works fine and it opens 1.php and shows the content of the page without any error.but when i change the code in 1.php to this

check_access(1);

and i login with a user that has acess 0 in the databsethen firstofall it takes a lot of time to load and then shows thiserrorWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\mysql.php on line 2Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in D:\xampp\htdocs\mysql.php on line 3Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\mysql.php:2) in D:\xampp\htdocs\access.php on line 24content of the page ????now whats wrong?

Share this post


Link to post
Share on other sites

For some reason it can't find the MySQL server, it can't connect to the database. Use mysql_error inside mysql.php to tell you why it can't connect.

Share this post


Link to post
Share on other sites

strange anyways now i am using this db_connect.php instead of mysql.phpdb_connect.php

<?php$con = mysql_connect("localhost","root","");if (!$con)  {  die('Could not connect: ' . mysql_error());  }$dbselect=mysql_select_db("rnu", $con);if (!$con)  {  die('Could not connect: ' . mysql_error());  }?>

and now i am getting this error Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in D:\xampp\htdocs\checkpass.php on line 9Could not connect: for both the users = username with access 1 and 0heres my checkpass.php

<?php		session_start();		include "db_connect.php";		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$mysql);if (!$userrow)  {  die('Could not connect: ' . mysql_error());  }		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				header("Location: 1.php");		}?>

what the ###### is wrong all of a sudden all things are screwing up???

Share this post


Link to post
Share on other sites

$userrow = mysql_query("SELECT * FROM `users` WHERE `username` = '" . $_POST['username'] . "' AND `password` = '" . $password . "';", $mysql);You are trying to use a MySQL link called $mysql that does not exist.

Share this post


Link to post
Share on other sites

again the same error i change $mysql to $con ( since i used this to connect ) and now i am getting the same error againWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)????????????????????????????????????????????????????????and now here is some better news now none of my scripts are openening it gives me The page cannot be displayed error and althought my Xamp is still running and MySql is also running it is giving me this error man i am so damn freaked out right out?? isthere something wrong with my Xamp now?????????

Share this post


Link to post
Share on other sites

You need to verify that everything is running. To verify that the web server is still running, go to Start -> Run and type "cmd" in the box to open a DOS command window. Type "telnet localhost 80" to connect to port 80 on your computer. If you press enter a few times you should see an HTTP 400 Bad Request message from the server if it is running. MySQL listens on port 3306, so to connect to it type "telnet localhost 3306", and if the MySQL server is running you should see at least the version number. For either of those if you see a message saying you can't connect, then the server is not running.

Share this post


Link to post
Share on other sites

well when i open telnet localhost80 and press enter a few times nothing comes only tiny kinda lines on each line . and when i enter telnet localhost 3306 i get the version and then automatically after some seconds this comes connection to host lost.?

Share this post


Link to post
Share on other sites

That's fine, if you're not getting a cannot connect message then you can connect, Apache just behaves differently then IIS does.It doesn't make sense for this to be working and then just stop working, something else changed to make this stop working. If you've installed a firewall or something like that (possible a Windows update), it might affect this. If the web server is running, and if the MySQL server is running (and it sounds like they are), and if PHP is set up (which it was), the only thing that needs to be set is the mysql settings in php.ini. If all of this was previously working, something must have gotten changed to make it no longer work, it wouldn't just stop working for no reason. Check php.ini to make sure the MySQL port is correct, but other then that just try rebooting, if that doesn't work and you can't figure out what else changed then you may have to uninstall and reinstall.

Share this post


Link to post
Share on other sites

what now its working and i opened 1.php and it takes a lot of time to load whereas all other scripts load in less than 1 sec!!!!!!!!anyways i tried logging in with user access 0 and in 1.php its user check_access(1); and it gave me this errorWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)what the ###### is wrong if i login with the user who has access 1. the page opens and shows the content of the page. Which means that it can connect to the database????????????????????heres db_connect.php

<?php$con = mysql_connect("localhost","root","");if (!$con)  {  die('Could not connect: ' . mysql_error());  }$dbselect=mysql_select_db("rnu", $con);if (!$con)  {  die('Could not connect: ' . mysql_error());  }?>

checkpass.php

<?php		session_start();		include "db_connect.php";		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$con);if (!$userrow)  {  die('Could not connect: ' . mysql_error());  }		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				header("Location: 1.php");		}?>

access.php

<?phpsession_start(); // start the sessioninclude_once 'db_connect.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

1.php

<?phpsession_start();include('access.php');check_access(1);?><html><head></head><body>content of the page</body></html>

now i guess there is something wrong with the check_access() function?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...