This question already has answers here:
How to fix "Headers already sent" error in PHP
(11 answers)
Closed 9 years ago.
I have a simple registration form set up, on sending the details to my function to put the data in the database I want the page to redirect to a success page...
This works brilliantly on my local server but when I uploaded it to my live server its just not redirecting
The redirect that is not working is on line 65 :) it just redirects to register.php?success
Any help would be gratefully received. I've seen a few people have had the same problem but their solution would not work for me :(
ALL other header locations work. just this one won't :#
<?php
include 'core/init.php';
//check if logged in
logged_in_redirect();
include 'includes/overall/header.php';
if (empty($_POST) === FALSE) {
$required_fields = array('username', 'password', 'password_again', 'first_name', 'last_name', 'email');
foreach ($_POST as $key => $value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You appear to have missed something out, all fields are required.';
break 1;
}
}
if (empty($errors) === true) {
if (user_exists($_POST['username']) === true ) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' is already taken.';
}
if (strlen($_POST['username']) < 6) {
$errors[] = 'Sorry, your username must be at least 6 characters.';
}
if (strlen($_POST['username']) > 25) {
$errors[] = 'Sorry, your username must be under 25 characters.';
}
if (preg_match("/\\s/", $_POST['username']) == true) {
$errors[] = 'Your username must not contain any spaces.';
}
if (strlen($_POST['password']) < 6) {
$errors[] = 'Sorry, your password must be at least 6 characters.';
}
if ($_POST['password'] !== $_POST['password_again']) {
$errors[] = 'Sorry, your passwords do not match.';
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false ) {
$errors[] = 'Sorry, you did not provide a valid email address.';
}
if (email_exists($_POST['email']) === true ) {
$errors[] = 'Sorry, the email \'' . $_POST['email'] . '\' is already registered to an account.';
}
}
}
?>
<h1>Register</h1>
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo "You have been registered successfully.";
} else {
if (empty($_POST) === false && empty($errors) === true) {
// register user
$register_data = array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'email_code' => md5($_POST['username'] + microtime())
);
register_user($register_data);
//header location not working *********************
header('Location: register.php?success');
exit();
} else if (empty($errors) === false) {
//error output
echo output_errors($errors);
}
?>
<form action="" method="post">
Register your account here, all fields are required.
<ul>
<li>
Username: </br>
<input type="text" name="username"/>
</li>
<li>
Password: </br>
<input type="password" name="password"/>
</li>
<li>
Repeat Password: </br>
<input type="password" name="password_again"/>
</li>
<li>
First Name: </br>
<input type="text" name="first_name"/>
</li>
<li>
Last Name: </br>
<input type="text" name="last_name"/>
</li>
<li>
Email: </br>
<input type="text" name="email"/>
</li>
<li>
<input type="submit" value="Register"/>
</li>
</ul>
</form>
<?php
}
include 'includes/overall/footer.php';
?>
Most likely, output buffers are on in the development environment and off in the live environment. Also, displaying errors to users must be off in the live environment or the exact error (output started before headers) would have shown up in the browser.
Check you ini file for this stuff: http://php.net/manual/en/outcontrol.configuration.php
Remember that header() must be called before any actual output is sent, either by normal HTML tags, blank lines in a file, or from PHP. It is a very common error to read code with include(), or require(), functions, or another file access function, and have spaces or empty lines that are output before header() is called. The same problem exists when using a single PHP/HTML file.
Related
imagine i have an errors array to contain any errors from a registration form, and i have a function called output_errors(), whose argument is the errors array.
is there a way to customise a pop up window to display the function to display the errors?
<?php
$error = array();
function output_errors($errors) {
return '<ul><li>' . implode('</li><li>',$errors) . '</li></ul>';
}
if (user_exists($_POST['username']) === true) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' is already taken.';
}
if (preg_match("/\\s/", $_POST['username']) == true) {
$errors[] = 'Your username must not contain any spaces.';
}
if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters';
}
if ($_POST['password'] !== $_POST['password_again']) {
$errors[] = 'Your passwords do not match';
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email address is required';
}
if (email_exists($_POST['email']) === true) {
$errors[] = 'Sorry, email \'' . $_POST['email'] . '\' exists.';
}
if (empty($_POST) === false && empty($errors) === true) {
$register_data = array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email']
);
register_user($register_data);
header('Location: register.php?success');
exit();
} else if(empty($errors) === false) {
echo output_errors($errors);
?>
<form action="" method="post">
<ul>
<li>
<i>*All fields marked with asterisk are required!</i><br>
<input type="text" placeholder="Username" name="username">
</li>
<li>
<br>
<input type="password" placeholder="*Password" name="password">
</li>
<li>
br>
<input type="password" placeholder="*Retype Password" name="password_a">
</li>
<li>
<br>
<input type="text" placeholder="*First name" name="first_name">
</li>
<li>
<br>
<input type="text" placeholder="Last name" name="last_name">
</li>
<li>
<br>
<input type="text" placeholder="*Email" name="email">
</li>
<li>
<input type="submit" value="Register">
</li>
</ul>
</form>
You can't customize the by-default pop-up of JavaScript, either you can use Bootstrap or do something like:
<!DOCTYPE html>
<html>
<body>
<button onclick="myFunction()">Test!</button>
<script>
function myFunction() {
var myWindow = window.open("", "MsgWindow", "width=200, height=100");
myWindow.document.write("<p>This is 'MsgWindow'. I am 200px wide and 100px tall!</p>");
}
</script>
</body>
</html>
In the document.write(content), here content will be your error message.
You can insert your php in js by doing:
document.write(<?php echo "Text"; ?>);
See if that helps.
I'm not sure if this is what you're looking for but if you replace the echo statement in the last line with this:
echo "<script>";
echo "window.open('', 'MsgWindow', 'width=200, height=100').document.write('" . output_errors($errors) . "');";
echo "</script>";
You will get a pop-up window with the errors displayed in it. That being said there are a few errors in your code which make the errors display immediately, specifically your password fields. So the above will work but you'll have a pop-up window as soon as the page is loaded.
I need to add a option in the Admin page where a admin can Select a user and add points to them, however I write the name and how many points to add, enter it and it shows up with no errors but saying it has been successfully added, but the points have not been added to that user...
Here's my code for the page with the form:
if (empty($_POST) === false) {
$required_fields = array('username', 'add');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Fields marked with an asterisk are required';
break 1;
}
}
}
if (empty($errors) === false) {
if (user_exists($_POST['username']) === true) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' doesn\'t exist';
}
}
?>
<?php
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
echo 'The points have succesfully been added to the user!';
} else {
if (empty($_POST) === false && empty($errors) === true) {
$addpoints = array(
'username' => $_POST['username'],
'add' => $_POST['add']
);
addpoints($addpoints);
header('Location: addthepoints352346.php?success');
exit();
} else if (empty($errors) === false) {
echo output_errors($errors);
}
?>
<h1>Admin Access Only</h1>
<p>Add points to a user</p>
<form action="" method="post">
<ul>
<li>
Username*:<br>
<input type="text" name="username">
</li>
<li>
How many points to add*:<br>
<input type="text" name="add">
</li>
<li>
<input type="submit" value="Add">
</li>
</ul>
</form>
<?php
}
include 'includes/overall/footer.php';
?>
And also another page with the function where it actually sends it to the mysql database:
function addpoints($addpoints) {
mysql_query("UPDATE `users` SET `points` = `points` + '$add' WHERE `username` = '$username'");
}
I literally have no idea what it is, to help I have added a couple of photos
update your function as follows.
function addpoints($addpoints) {
mysql_query("UPDATE users SET points = points +".$addpoints['add']." WHERE username = ".$addpoints['$username'].")";
}
http://170.178.197.250/~devdegree/index.php
Using a form from phpacademy and feel free to visit the temp url and hopefully help me out here.
The problem is that there is a valid database connecting to this website, I enter the fields and it just stays on the register.php file.
Same applies when I create a user from the database itself then use that info to login and again the same problem applies.
This is about 2 years old and it worked for me last year and if there's any files you need to look at I'll reply with the script on here if need be but hopefully it's simply enough.
register.php
<?php
include 'core/init.php';
logged_in_redirect();
include 'includes/overall/header.php';
if (empty($_POST) === false) {
$required_fields = array('username', 'password', 'password_again', 'first_name', 'email');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'Fields marked with an asterisk are required';
break 1;
}
}
if (empty($errors) === true) {
if (user_exists($_POST['username']) === true) {
$errors[] = 'Sorry, the username \'' . $_POST['username'] . '\' is already taken';
}
if (preg_match("/\\s/", $_POST['username']) == true) {
$errors[] = 'Your username must not contain any spaces.';
}
if (strlen($_POST['password']) < 6) {
$errors[] = 'Your password must be at least 6 characters';
}
if ($_POST['password'] !== $_POST['password_again']) {
$errors[] = 'Your passwords do not match';
}
if (filter_var($_POST['email'], FILTER_VALIDATE_EMAIL) === false) {
$errors[] = 'A valid email address is required';
}
if (email_exists($_POST['email']) === true) {
$errors[] = 'Sorry, the email \'' . $_POST['email'] . '\' is already in use';
}
}
}
?>
<h1>Register</h1>
<?php
if (isset($_GET['success']) === true && empty($_GET['success']) === true) {
echo 'You\'ve been registered successfully! Please check your email to activate your account.';
} else {
if (empty($_POST) === false && empty($errors) === true) {
$register_data = array(
'username' => $_POST['username'],
'password' => $_POST['password'],
'first_name' => $_POST['first_name'],
'last_name' => $_POST['last_name'],
'email' => $_POST['email'],
'email_code' => md5($_POST['username'] + microtime())
);
register_user($register_data);
header('Location: register.php?success');
exit();
} else if (empty($errors) === false) {
echo output_errors($errors);
}
?>
<form action="" method="post">
<ul>
<li>
Username*:<br>
<input type="text" name="username">
</li>
<li>
Password*:<br>
<input type="password" name="password">
</li>
<li>
Password again*:<br>
<input type="password" name="password_again">
</li>
<li>
First name*:<br>
<input type="text" name="first_name">
</li>
<li>
Last name:<br>
<input type="text" name="last_name">
</li>
<li>
Email*:<br>
<input type="text" name="email">
</li>
<li>
<input type="submit" value="Register">
</li>
</ul>
</form>
<?php
}
include 'includes/overall/footer.php'; ?>
Again, any other files (there's around 20+) then I'll have a look into showing you if it means you can understand and help me out.
Big thanks,
Dev.
I cant see an action on your form to the register.php. Try adding one like "action="register.php""
Look from the current website you linked the form post correctly to register.php.
Nothing is not working.
You should check your machine for httpd ( or whatever are you using ) logs.
Maybe some warning or some fatalerror of php can explain the problem.
From this code and the website nothing looks wrong.
I am creating a basic login and registration page and on completion of the change password form I want to redirect to changepassword.php?success. The redirected page works fine if entered into a browser, however when submitting the form it reloads the changepassword.php page instead of ?success and everything from the php code block down doesn't display (i.e. the form, column right and footer). Below is my changepassword.php code:
<!DOCTYPE html>
<html>
<?php
include ("storescripts/init.php");
protect_page();
include ("includes/overall/head.php");
if (empty($_POST) === false){
$required_fields = array('current_password','password','password_again');
foreach ($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) == true) {
$errors[] = 'Fields marked with an asterisk are required';
break 1;
}
}
if ($_POST['current_password'] === $member_data['mem_password']) {
if(trim($_POST['password']) !== trim($_POST['password_again'])){
$errors[] = 'Your new passwords do not match';
} else if (strlen($_POST['password']) <6) {
$errors[] = 'Your password must be at least 6 characters';
}
} else {
$errors[] = 'Your current password is incorrect';
}
}
?>
<body>
<?php include ("includes/overall/template_header.php");?>
<div id="mainDivShort">
<h1>Change Password</h1>
<div id="divBreak"></div>
<?php include ("includes/overall/column_left.php"); ?>
<div id="middleContent">
<?php
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'You have been registered successfully';
} else {
if (empty($_POST) === false && empty($errors) === true) {
//echo "**********************";
change_password($session_mem_id, $_POST['password']);
header('Location: changepassword.php?success');
exit();
} else if (empty($errors) === false) {
echo output_errors($errors);
}
?>
<form action="" method="post">
<ul>
<li>Current Password*: <br> <input type="password"
name="current_password">
</li>
<li>New Password*: <br> <input type="password" name="password">
</li>
<li>Repeat New Password*: <br> <input type="password"
name="password_again">
</li>
<li><input type="submit" value="Change">
</li>
</ul>
</form>
<?php }?>
</div>
<?php include ("includes/overall/column_right.php"); ?>
</div>
<?php include ("includes/overall/template_footer.php");?>
</body>
</html>
And just incase you need to look at the change password function:
function change_password($mem_id, $password) {
$mem_id = (int)$mem_id;
mysql_query("UPDATE `members` SET `mem_password` = '$password' WHERE `mem_id` = $mem_id");
}
The password updates fine on the database, it just purely doesn't redirect to the success page.
Thanks in advance
Header directives must come before content, any content, incuding line breaks, spaces, html, etc... otherwise it's too late to send headers. As soon as 1 bit of content is sent, the headers have already gone.
You cannot put header('Location: changepassword.php?success'); after outputting any content. Also header redirects should contain absolute path.
I have this file here:
<?php
include 'core/init.php';
include 'includes/overall/header.php';
if(empty($_POST) === false){
$required_fields = array('username','password','password_again','first_name','email');
foreach($_POST as $key=>$value){
if(empty($value) && in_array($key, $required_fields) === true){
$errors[] = 'Fields Marked with an asterisk are required';
break 1;
}
}
if(empty($errors) === true){
$args = $_POST;
if(user_exists($args['username'])){
$errors[] = 'Sorry, the username \''.$args['username'].'\' is already in use.';
}else if(preg_match("/\\s/",$args['username']) == true){
$errors[] = 'Your username can not contain any spaces.';
}
if(strlen($args['password']) < 6){
$errors[] = "Your Password is to short! It must be at least 6 characters. If you want to know why you need to use a better password visit this page, password checker.<br/>";
}else if($args['password'] !== $args['password_again']){
$errors[] = "Your passwords do not match!";
}
if(filter_var($args['email'], FILTER_VALIDATE_EMAIL) === false){
$errors[] = "A valid email address is required.";
} else if(email_exists($args['email']) === true){
$errors[] = 'Sorry, the email \''.$args['email'].'\' is already in use.';
}
}
}
?>
<h1>Register</h1>
<?php
if(empty($_POST) === true){
include 'includes/register.php';
}else if(empty($_POST) === false && empty($errors) === true){
//Register user
echo "Registered User";
}else{
echo output_errors($errors);
include 'includes/register.php';
}?>
<?php include 'includes/overall/footer.php';?>
Heres register.php:
<?php
$username = "";
$first_name = "";
$last_name = "";
$email = "";
if(empty($_POST) === false){
$username = $_POST['username'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$email = $_POST['email'];
}
?>
<form action="" method="POST">
<ul>
<li>Username*: <br/><input type="text" name="username" value="<?php echo $username;?>"/></li>
<li>Password*: <br/><input type="text" name="password"/></li>
<li>Confirm Password*: <br/><input type="text" name="password_again"/></li>
<li>First name*: <br/><input type="text" name="first_name" value="<?php echo $first_name;?>"/></li>
<li>Last name: <br/><input type="text" name="last_name" value="<?php echo $last_name;?>"/></li>
<li>Email*: <br/><input type="text" name="email" value="<?php echo $email;?>"/></li>
<li><input type="submit" value="Register"/></li>
</ul>
</form>
This isn't ever going to be a real site, it's just me playing around with PHP, what I realised is that when a user submits their data they can put in what ever they want, so if they put in some HTML, would it render as well? like... would they be able to put in the input field last_name a value like "<p>blah blah blah</p>", would this essentially render as
Last name: blah blah blah""/>
Because wouldn't that be kinda bad for the site? They could break it or something?
So is there something that fixes this? Like replaces tags like < and > with < and > and makes " into \" or escapes these characters?
Also... is there anything terribly wrong with my code?
What you need is this: http://php.net/manual/en/function.htmlentities.php
htmlentities
This function is identical to htmlspecialchars() in all ways, except
with htmlentities(), all characters which have HTML character entity
equivalents are translated into these entities.
you may use either htmlspecialchars or htmlentities.