Jump to content

whats this error?


shujjah
 Share

Recommended Posts

You've got the idea. But instead of this:

if ((isset($_SESSION['user'])) && ($access == 0 || $access == 1)) {//shows the page  that is only for members and admins}

Use this:

if (!($access == 0 || $access == 1)){  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}

You don't want the code to check and not do anything if they are allowed, you want the code to check and redirect if they are not allowed. On the login.php page you can check if $_GET['error'] is set and if it is show it on the page. Also, you don't need to check if the session is set because you already did.For more then one access level, you can either create different files or just put it all in a function. So the secret.php could look like this:

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

The code in the comments shows examples of calling the function. If you include that file on every page you can call the check_access function and check whatever you want for the page.I also didn't notice that you were using mysql_query incorrectly. When you do this:$access = mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"');$access is NOT the access field from the database. mysql_query does not return a database field, it returns a result resource. You need to use mysql_fetch_assoc or one of the other functions to get the values.Also, you need a space between these:require_once'secret.php';

Link to comment
Share on other sites

  • Replies 153
  • Created
  • Last Reply

Top Posters In This Topic

oh my god how can i thank u thank u sooooooo much!!!!also on every page i want to restrict i will just put this code?

session_start(); check_access();echo "the content of the page";

or some other check_access(1); or something?again thnkx a lot :)

Link to comment
Share on other sites

when i open 1.php which contains this code without loging in

<?phpsession_start();include('secret.php');check_access();?><html><head></head><body>content</body></html>

i get this error Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:36) in D:\xampp\htdocs\access.php on line 9Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:36) in D:\xampp\htdocs\access.php on line 23content of the page and what it is still showing content of the page without me even logged in??!!!!

Link to comment
Share on other sites

how to solve this and also even if i am not logged in it is showing the content of the page???this is access.php

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

plz can u tell me how can i solce this?

Link to comment
Share on other sites

Remove any whitespace at the end of the file. Output is being sent to the browser in that file. If you find it and remove it, it will work. It is on line 36. You posted 34 lines of code. If there is whitespace at the end of the file, it will cause a problem.

Link to comment
Share on other sites

this is the code

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

i dont think there are any white empty lines left?but it still gives me Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 8Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 21content of the pageand shows the content of the page

Link to comment
Share on other sites

First, replace this line: if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))with this:elseif ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))Second, look at the error message:Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:33) in D:\xampp\htdocs\access.php on line 8There is output on line 33.

Link to comment
Share on other sites

ah sorry as u know this is my first script and i am not familiar with these error can u tell me waht shud i do to make it right?it is giving me nowWarning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\access.php:29) in D:\xampp\htdocs\access.php on line 8content of the page

Link to comment
Share on other sites

now the code looks like this

<?phpsession_start(); // start the sessioninclude_once 'mysql.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not setheader("Location:login.php?error=".rawurlencode("You are not logged in")); // take him/her to the login page  }  elseif ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_queryheader("Location:login.php?error=".rawurlencode("You don't have access for that page."));}?>

i dont think that there are any extra white spaces on line 8?nerthier line 29.

Link to comment
Share on other sites

oh i just had to remove this line

else // there was an error with mysql_queryheader("Location:login.php?error=".rawurlencode("You don't have access for that page."));}

ah but now i get thisParse error: syntax error, unexpected $end in D:\xampp\htdocs\access.php on line 26

Link to comment
Share on other sites

ah got it got it thnkx a lot justsomeguy :)now its up to building the revews and news scripts ah .........but i just checked there is a prob when i login and the code in 1.php is

check_access();

then it works fine and it opens 1.php and shows the content of the page without any error.but when i change the code in 1.php to this

check_access(1);

and i login with a user that has acess 0 in the databsethen firstofall it takes a lot of time to load and then shows thiserrorWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\mysql.php on line 2Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in D:\xampp\htdocs\mysql.php on line 3Warning: Cannot modify header information - headers already sent by (output started at D:\xampp\htdocs\mysql.php:2) in D:\xampp\htdocs\access.php on line 24content of the page ????now whats wrong?

Link to comment
Share on other sites

strange anyways now i am using this db_connect.php instead of mysql.phpdb_connect.php

<?php$con = mysql_connect("localhost","root","");if (!$con)  {  die('Could not connect: ' . mysql_error());  }$dbselect=mysql_select_db("rnu", $con);if (!$con)  {  die('Could not connect: ' . mysql_error());  }?>

and now i am getting this error Warning: mysql_query(): supplied argument is not a valid MySQL-Link resource in D:\xampp\htdocs\checkpass.php on line 9Could not connect: for both the users = username with access 1 and 0heres my checkpass.php

<?php		session_start();		include "db_connect.php";		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$mysql);if (!$userrow)  {  die('Could not connect: ' . mysql_error());  }		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				header("Location: 1.php");		}?>

what the ###### is wrong all of a sudden all things are screwing up???

Link to comment
Share on other sites

again the same error i change $mysql to $con ( since i used this to connect ) and now i am getting the same error againWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)????????????????????????????????????????????????????????and now here is some better news now none of my scripts are openening it gives me The page cannot be displayed error and althought my Xamp is still running and MySql is also running it is giving me this error man i am so damn freaked out right out?? isthere something wrong with my Xamp now?????????

Link to comment
Share on other sites

You need to verify that everything is running. To verify that the web server is still running, go to Start -> Run and type "cmd" in the box to open a DOS command window. Type "telnet localhost 80" to connect to port 80 on your computer. If you press enter a few times you should see an HTTP 400 Bad Request message from the server if it is running. MySQL listens on port 3306, so to connect to it type "telnet localhost 3306", and if the MySQL server is running you should see at least the version number. For either of those if you see a message saying you can't connect, then the server is not running.

Link to comment
Share on other sites

well when i open telnet localhost80 and press enter a few times nothing comes only tiny kinda lines on each line . and when i enter telnet localhost 3306 i get the version and then automatically after some seconds this comes connection to host lost.?

Link to comment
Share on other sites

That's fine, if you're not getting a cannot connect message then you can connect, Apache just behaves differently then IIS does.It doesn't make sense for this to be working and then just stop working, something else changed to make this stop working. If you've installed a firewall or something like that (possible a Windows update), it might affect this. If the web server is running, and if the MySQL server is running (and it sounds like they are), and if PHP is set up (which it was), the only thing that needs to be set is the mysql settings in php.ini. If all of this was previously working, something must have gotten changed to make it no longer work, it wouldn't just stop working for no reason. Check php.ini to make sure the MySQL port is correct, but other then that just try rebooting, if that doesn't work and you can't figure out what else changed then you may have to uninstall and reinstall.

Link to comment
Share on other sites

what now its working and i opened 1.php and it takes a lot of time to load whereas all other scripts load in less than 1 sec!!!!!!!!anyways i tried logging in with user access 0 and in 1.php its user check_access(1); and it gave me this errorWarning: mysql_connect() [function.mysql-connect]: Can't connect to MySQL server on 'localhost' (10048) in D:\xampp\htdocs\db_connect.php on line 2Could not connect: Can't connect to MySQL server on 'localhost' (10048)what the ###### is wrong if i login with the user who has access 1. the page opens and shows the content of the page. Which means that it can connect to the database????????????????????heres db_connect.php

<?php$con = mysql_connect("localhost","root","");if (!$con)  {  die('Could not connect: ' . mysql_error());  }$dbselect=mysql_select_db("rnu", $con);if (!$con)  {  die('Could not connect: ' . mysql_error());  }?>

checkpass.php

<?php		session_start();		include "db_connect.php";		$_POST['username'] = addslashes($_POST['username']); // protects against SQL injection		$_POST['password'] = addslashes($_POST['password']); // same ^^		$password = md5($_POST['password']); // encrypt the password		$userrow = mysql_query("SELECT * FROM `users` ". "WHERE `username` = '" . $_POST['username'] . "'". " AND `password` = '" . $password . "';",$con);if (!$userrow)  {  die('Could not connect: ' . mysql_error());  }		if(mysql_num_rows($userrow) != "1"){				// no rows found, wrong password or username				echo "<font color='red'><b>Wrong username or password!</b></font>";				include "login.php";		} else {				// 1 row found exactly, we have the user!				$_SESSION['user'] = $_POST['username'];				header("Location: 1.php");		}?>

access.php

<?phpsession_start(); // start the sessioninclude_once 'db_connect.php';function check_access(){  if(!isset($_SESSION['user'])){	  // the session is not set	  header("Location: login.php?error=" . rawurlencode("You are not logged in")); // take him/her to the login page  }  if ($result = @mysql_query('Select access From users Where username="' . $_SESSION['user'] . '"'))  {	if ($row = @mysql_fetch_assoc($result))	{	  for ($i = 0; $i < func_num_args(); $i++) // for each access level	  {		if ($row['access'] != func_get_arg($i)) // they don't have that access		  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));	  }	}	else // there was an error with mysql_fetch_assoc	  header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));  }  else // there was an error with mysql_query	header("Location: login.php?error=" . rawurlencode("You don't have access for that page."));}/*check_access(); //only check if they are logged incheck_access(1); //check for access level 1check_access(0, 1, 2); //check for either level 0, 1, or 2*/?>

1.php

<?phpsession_start();include('access.php');check_access(1);?><html><head></head><body>content of the page</body></html>

now i guess there is something wrong with the check_access() function?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share


×
×
  • Create New...