iv decided to try to write myself a login script and all was going well until i tried to create a function to check if the user has logged in already.
basically if there logged in continue otherwise dont show the page and ask the user to login.
i dont seem to get on with functions and i dont really understand them altho i have looked up about them.
at the moment im getting this error on login:
Warning: Cannot modify header information – headers already sent by (output started at /home/john5115/public_html/site3/connections/sql_db_connection.php:2) in /home/john5115/public_html/site3/includes/login.php on line 31
Warning: Cannot modify header information – headers already sent by (output started at /home/john5115/public_html/site3/connections/sql_db_connection.php:2) in /home/john5115/public_html/site3/includes/login.php on line 32
also should you include the users encrypted password in a cookie for a login system?
[url]http://www.knowj.com/site3/?id=7
login.php
[code=php]
<?
require_once “includes/functions.php”;
if ($_POST[‘action’] == ‘submitted’)
{
//set the globals as variables
$login = $_POST[’email’];
$password = $_POST[‘password’];
//unset the globlas
unset($_POST[’email’], $_POST[‘password’]);
//encrypt the data
$encrypted = /*md5(sha1(*/$password/*))*/;
//unset the $password variable
unset($password, $db_pass);
$query = “SELECT username, password
FROM kj_member
WHERE username = ‘$login'”;
$result = mysql_query($query);
$password_check = mysql_fetch_array($result);
$db_pass = $password_check[‘password’];
$db_login = $password_check[‘username’];
unset($password_check);
if ($encrypted === $db_pass)
{
setcookie(“kj_usr_log”, $db_login, time()+3600, “/”, “www.knowj.com”);
setcookie(“kj_usr_ps”, $db_pass, time()+3600, “/”, “www.knowj.com”);
unset($db_pass, $db_login);
echo “<h1>Connected www.knowj.com – Member Area</h1>”;
require_once “includes/members.php”;
}
else
{
unset($db_pass, $db_login);
echo “<h1>Invalid Username or Password</h1>”;
$email = ‘[email protected]’;
//set the var for the clients message
$message = “Somone tried to access with in invalid login and or password on client ip:” . $_SERVER[‘HTTP_CLIENT_IP’] . “rn”;
//email header
$headers = ‘From: [email protected]’ . “rn”;
//mail the security alert
mail($email, ‘invalid login’, $message, $headers);
}
}
else
{
?>
<div style=”width:50%;”>
<h1>www.knowj.com – Member Login:</h1>
<form name=”register” method=”post” action=”?id=7″>
<fieldset>
<legend>Login:</legend>
<label>Email:</label><br>
<input type=”text” name=”email” size=”50″>
<br>
<label>Password:</label><br>
<input type=”password” name=”password” size=”50″>
<p class=”float-right”><input type=”hidden” name=”action” value=”submitted”><input type=”submit” name=”Submit” value=”Login” style=”font-size:1em;”></p>
</fieldset>
</form>
<a style=”color:#F17416″ href=”#”>forgot password</a>
</div>
<?
}
?>
functions.php
[code=php]
<?
function login_check()
{
if (isset($_COOKIE[‘kj_usr_log’]))
{
$loginnm = $_COOKIE[‘kj_usr_log’];
$query = “SELECT username, password
FROM kj_member
WHERE username = ‘$loginnm'”;
$result = mysql_query($query);
$password_check = mysql_fetch_array($result);
$db_pass = $password_check[‘password’];
$db_login = $password_check[‘username’];
unset($password_check);
if ($encrypted === $db_pass)
{
unset($db_pass, $db_login);
echo “<h1>Connected www.knowj.com – Member Area</h1>”;
}
else
{
echo “you are not logged in please login to view this page”;
die;
}
}
}
?>
members.php
[code=php]
<?
require_once “includes/functions.php”;
if (login_check() == TRUE)
{
?>
<p>member area</p>
<?
}
else
{
echo “you need to login”;
}