I am in the process of developing a FileMaker driven website using the PHP API. Been using the book "FileMaker API for PHP 13" which has been extremely useful thus far.
Anyways, I am trying to make a login page to access the database following Lesson 15 from the book. When I click on the login button I get the following error:
Warning: Cannot modify header information - headers already sent by (output started at /htdocs/fm_api_for_php/Advanced/Lesson15/Login.php:22) in /htdocs/fm_api_for_php/Advanced/Lesson15/Login.php on line 56
<?php
# You have the start the session on the login page.
# The session_start() method MUST be before the html tag.
# Always set the $_SESSION login value to 0 on the login page to protect the other pages by default.
session_start();
$_SESSION['login']=0;
?>
<html>
<head>
<title>Login</title>
</head>
<body>
<!--
The purpose of this file is to show how to perform a log in procedure to protect web pages from unauthorized access.
The method uses 2 pages. Start at Loging.php. If login is sucessful the user is redirected to LoginSuccess.php.
LoginSuccess.php is the starting web page for your protected solution.
If users try to open a protected page without logging in they will be re-directed back to the login page.
-->
<?php
include ("../../Conn/dbaccess.php");
?>
<?php
# Check to see if the submit button was clicked and $_POST superglobals username and password are filled in.
# Then find the login record using the username and password.
# Username is intended to be an email address.
# To search a FileMaker record for an email adderss with an "@" character you have to use the search operator "==" for match entire field.
# Safari will url encode the @ symbol as %40. This means that you have to use the urldecode function to convert %40 back to @.
# Password can be anything. Notice the use of the MD5 hash to enrcypt the data as a 32-bit hexadecimal number. That would send '1234' as "81dc9bdb52d04dc20036dbd8313ed055'.
# For this to work, the password would also need to be stored in the database as a MD5 hash when the user creates their record.
if(isset($_POST['Login']) and (!empty($_POST['username']) and !empty($_POST['password'])) )
{
$username = '==' . urldecode($_POST['username']);
$password = md5($_POST['password']);
$request = $fm->newFindCommand('Demo php');
$request->addFindCriterion('UserName', $username);
$request->addFindCriterion('Password', $password);
$result = $request->execute();
# Check for errors if no records are found, find all all the records so FileMaker doesn't throw an error and crash the page.
if (FileMaker::isError($result))
{
$request = $fm->newFindAllCommand('Demo php');
$result = $request->execute();
}
# Set the $found variable with the number of records in the found set. There should only be 1 unique record.
$found = $result->getFoundSetCount();
if($found == 1)
{
# Set the $_SESSION superglobal 'login' value to 1 to indicate that the user is logged in.
# This value will be checked on all the protected pages before the user can access the page.
# Use the header() method to redirect the user to the LoginSuccess.php page.
$_SESSION['login']=1;
header("location:LoginSuccess.php");
exit;
}
else
# If there is more than one record in the found set set the $_SESSION 'login' value to 0.
# This will prevent users from accessing any of the protected pages.
# Set the $message variable to let the user know they tried an incorrect user name or password.
# Echo the $message in the html of the form.
{
$_SESSION['login']=0;
$message = 'Incorrect user name or password.';
}
}
else
# By default, the $message varible is set to ask the user to enter a user name and password.
# Echo the $message in the html of the form.
{
$message = 'Please enter a user name and password.';
}
?>
<form action="Login.php" method="post">
<table border="0" cellspacing="3" cellpadding="3">
<tr>
<td> </td>
<td><?php echo $message; ?></td>
</tr>
<tr>
<td>User Name</td>
<td><input name="username" type="text" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" /></td>
</tr>
<tr>
<td> </td>
<td><input name="Login" type="submit" value="login" /></td>
</tr>
</table>
</form>
</body>
</html>
================
Line 22 is: <?php
Line 56 is: header("location:LoginSuccess.php");
Can anyone shed any light on how to fix the error?
Thanks in Advance! Paul
You should process your data first and then should output any html. try below code
<?php
# You have the start the session on the login page.
# The session_start() method MUST be before the html tag.
# Always set the $_SESSION login value to 0 on the login page to protect
# the other pages by default.
session_start();
$_SESSION['login']=0;
include ("../../Conn/dbaccess.php");
# Check to see if the submit button was clicked and $_POST superglobals
# username and password are filled in.
# Then find the login record using the username and password.
# Username is intended to be an email address.
# To search a FileMaker record for an email adderss with an "@" character
# you have to use the search operator "==" for match entire field.
# Safari will url encode the @ symbol as %40. This means that you have to
# use the urldecode function to convert %40 back to @.
# Password can be anything. Notice the use of the MD5 hash to enrcypt
# the data as a 32-bit hexadecimal number. That would send '1234' as
# "81dc9bdb52d04dc20036dbd8313ed055'.
# For this to work, the password would also need to be stored in the
# database as a MD5 hash when the user creates their record.
if(isset($_POST['Login']) and (!empty($_POST['username']) and
!empty($_POST['password'])) )
{
$username = '==' . urldecode($_POST['username']);
$password = md5($_POST['password']);
$request = $fm->newFindCommand('Demo php');
$request->addFindCriterion('UserName', $username);
$request->addFindCriterion('Password', $password);
$result = $request->execute();
# Check for errors if no records are found, find all all the records so FileMaker doesn't throw an error and crash the page.
if (FileMaker::isError($result))
{
$request = $fm->newFindAllCommand('Demo php');
$result = $request->execute();
}
# Set the $found variable with the number of records in the found set. There should only be 1 unique record.
$found = $result->getFoundSetCount();
if($found == 1)
{
# Set the $_SESSION superglobal 'login' value to 1 to indicate that
# the user is logged in.
# This value will be checked on all the protected pages before the user can access the page.
# Use the header() method to redirect the user to the LoginSuccess.php page.
$_SESSION['login']=1;
header("location:LoginSuccess.php");
exit;
}
else
# If there is more than one record in the found set set the $_SESSION
# 'login' value to 0.
# This will prevent users from accessing any of the protected pages.
# Set the $message variable to let the user know they tried an
# incorrect user name or password.
# Echo the $message in the html of the form.
{
$_SESSION['login']=0;
$message = 'Incorrect user name or password.';
}
}
else
# By default, the $message varible is set to ask the user to enter a user
#name and password.
# Echo the $message in the html of the form.
{
$message = 'Please enter a user name and password.';
}
?>
<!--
The purpose of this file is to show how to perform a log in procedure to
protect web pages from unauthorized access.
The method uses 2 pages. Start at Loging.php. If login is sucessful the
user is redirected to LoginSuccess.php.
LoginSuccess.php is the starting web page for your protected solution.
If users try to open a protected page without logging in they will be re-
directed back to the login page.
-->
<html>
<head>
<title>Login</title>
</head>
<body>
<form action="Login.php" method="post">
<table border="0" cellspacing="3" cellpadding="3">
<tr>
<td> </td>
<td><?php echo $message; ?></td>
</tr>
<tr>
<td>User Name</td>
<td><input name="username" type="text" /></td>
</tr>
<tr>
<td>Password</td>
<td><input name="password" type="password" /></td>
</tr>
<tr>
<td> </td>
<td><input name="Login" type="submit" value="login" /></td>
</tr>
</table>
</form>
</body>
</html>
`