View Single Post
  #1 (permalink)  
Old October 22nd, 2004, 10:57 PM
djfranknitti djfranknitti is offline
Registered User
 
Join Date: Oct 2004
Location: , , .
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default creating a bulletin board system

hi, my name is frank ivey and i am a avid reader of books from he wrox publishing. I am also a big fan of php and mysql. I just bought the book "beginning php, apache, mysql web development" and I must say that it has bee very edcational and easy to read. I am currently talcking a problem in chapter 15, creating a BB system. the giving code for http.php is suppose to redirect the user to index.php. but i think it is trying to redirect to itself instead (http.php).

when ever i try to submit a login it calls the transact-user.php script. This script works find until it calls the redirct function from http.php. Then I get an error that states "Could not redirect; Headers already sent (output)." which is the error i told it to print if it cant find the header.

I am posting my transact-user.php code and http.php code at the bottom. This code is the same as it is in the book.

transact-user.php:

<?php

require_once 'conn.php';
require_once 'http.php';

if (isset($_REQUEST['action'])) {
  switch ($_REQUEST['action']) {
    case 'Login':
      if (isset($_POST['email'])
          and isset($_POST['passwd']))
      {
        $sql = "SELECT id,access_lvl,name,last_login " .
               "FROM forum_users " .
               "WHERE email='" . $_POST['email'] . "' " .
               "AND passwd='" . $_POST['passwd'] . "'";
        $result = mysql_query($sql,$conn)
          or die('Could not look up user information; ' . mysql_error());

        if ($row = mysql_fetch_array($result)) {
          session_start();
          $_SESSION['user_id'] = $row['id'];
          $_SESSION['access_lvl'] = $row['access_lvl'];
          $_SESSION['name'] = $row['name'];
          $_SESSION['last_login'] = $row['last_login'];
          $sql = "UPDATE forum_users SET last_login = '".
                 date("Y-m-d H:i:s",time()) . "' ".
                 "WHERE id = ". $row['id'];
          mysql_query($sql,$conn)
          or die(mysql_error()."<br>".$sql);
        }
      }
      redirect('index.php');
      break;

    case 'Logout':
      session_start();
      session_unset();
      session_destroy();

      redirect('index.php');
      break;

    case 'Create Account':
      if (isset($_POST['name'])
          and isset($_POST['email'])
          and isset($_POST['passwd'])
          and isset($_POST['passwd2'])
          and $_POST['passwd'] == $_POST['passwd2'])
      {
        $sql = "INSERT INTO forum_users ".
               "(email,name,passwd,date_joined,last_login) " .
               "VALUES ('" . $_POST['email'] . "','" .
               $_POST['name'] . "','" . $_POST['passwd'] . "','".
               date("Y-m-d H:i:s",time()). "','".
               date("Y-m-d H:i:s",time()). "')";

        mysql_query($sql,$conn)
          or die('Could not create user account; ' . mysql_error());

        session_start();
        $_SESSION['user_id'] = mysql_insert_id($conn);
        $_SESSION['access_lvl'] = 1;
        $_SESSION['name'] = $_POST['name'];
        $_SESSION['login_time'] = date("Y-m-d H:i:s",time());
      }
      redirect('index.php');
      break;

    case 'Modify Account':
      if (isset($_POST['name'])
          and isset($_POST['email'])
          and isset($_POST['accesslvl'])
          and isset($_POST['userid']))
      {
        $sql = "UPDATE forum_users " .
               "SET email='" . $_POST['email'] .
               "', name='" . $_POST['name'] .
               "', access_lvl=" . $_POST['accesslvl'] .
               ", signature='" . $_POST['signature'] . "' " .
               " WHERE id=" . $_POST['userid'];

        mysql_query($sql,$conn)
          or die('Could not update user account... ' . mysql_error() .
                 '<br>SQL: ' . $sql);
      }
      redirect('admin.php');
      break;

    case 'Edit Account':
      if (isset($_POST['name'])
          and isset($_POST['email'])
          and isset($_POST['accesslvl'])
          and isset($_POST['userid']))
      {
        $chg_pw=FALSE;
        if (isset($_POST['oldpasswd'])
            and $_POST['oldpasswd'] != '') {
          $sql = "SELECT passwd FROM forum_users " .
                    "WHERE id=" . $_POST['userid'];
          $result = mysql_query($sql) or die(mysql_error());
          if ($row = mysql_fetch_array($result)) {
            if (($row['passwd'] == $_POST['oldpasswd'])
                and (isset($_POST['passwd']))
                and (isset($_POST['passwd2']))
                and ($_POST['passwd'] == $_POST['passwd2']))
            {
              $chg_pw = TRUE;
            } else {
              redirect('useraccount.php?error=nopassedit');
              break;
            }
          }
        }
        $sql = "UPDATE forum_users " .
               "SET email='" . $_POST['email'] .
               "', name='" . $_POST['name'] .
               "', access_lvl=" . $_POST['accesslvl'] .
               ", signature='" . $_POST['signature'];
        if ($chg_pw) {
          $sql .= "', passwd='" . $_POST['passwd'];
        }
        $sql .= "' WHERE id=" . $_POST['userid'];
        mysql_query($sql,$conn)
          or die('Could not update user account... ' . mysql_error() .
                 '<br>SQL: ' . $sql);
      }
      redirect('useraccount.php?blah=' . $_POST['userid']);
      break;

    case 'Send my reminder!':
      if (isset($_POST['email'])) {
        $sql = "SELECT passwd FROM forum_users " .
               "WHERE email='" . $_POST['email'] . "'";

        $result = mysql_query($sql,$conn)
          or die('Could not look up password; ' . mysql_error());

        if (mysql_num_rows($result)) {
          $row = mysql_fetch_array($result);

          $subject = 'Comic site password reminder';
          $body = "Just a reminder, your password for the " .
                  "Comic Book Appreciation site is: " . $row['passwd'] .
                  "\n\nYou can use this to log in at http://" .
                  $_SERVER['HTTP_HOST'] .
                  dirname($_SERVER['PHP_SELF']) . '/login.php?e='.
                  $_POST['email'];
          $headers = "From: admin@yoursite.com\r\n";

          mail($_POST['email'],$subject,$body,$headers)
            or die('Could not send reminder email.');
        }
      }
      redirect('login.php');
      break;
  }
}
?>









http.php:
<?php
function redirect($url) {
  if (!headers_sent()) {
    header('Location: http://' . $_SERVER['HTTP_HOST'] .
      dirname($_SERVER['PHP_SELF']) . '/' . $url);
  } else {
    die('Could not redirect; Headers already sent (output).');
  }
}
?>

:(:(:(
Reply With Quote