FileMaker API for PHP login page error - Cannot modify header information

I am in the process of developing a FileMaker driven website using the PHP API. Been using the book "FileMaker API for PHP 13" which has been extremely useful thus far.

Anyways, I am trying to make a login page to access the database following Lesson 15 from the book. When I click on the login button I get the following error:

Warning: Cannot modify header information - headers already sent by (output started at /htdocs/fm_api_for_php/Advanced/Lesson15/Login.php:22) in /htdocs/fm_api_for_php/Advanced/Lesson15/Login.php on line 56

This is the code from the Login.php page:

<?php
# You have the start the session on the login page.
# The session_start() method MUST be before the html tag.
# Always set the $_SESSION login value to 0 on the login page to protect the other pages by default.
session_start();
$_SESSION['login']=0;
?>

<html>
<head>
<title>Login</title>
</head>
<body>

<!--
The purpose of this file is to show how to perform a log in procedure to protect web pages from unauthorized access.
The method uses 2 pages. Start at Loging.php. If login is sucessful the user is redirected to LoginSuccess.php.
LoginSuccess.php is the starting web page for your protected solution.
If users try to open a protected page without logging in they will be re-directed back to the login page.
-->

<?php
include ("../../Conn/dbaccess.php"); 
?>

<?php
# Check to see if the submit button was clicked and $_POST superglobals username and password are filled in.
# Then find the login record using the username and password. 
# Username is intended to be an email address.
# To search a FileMaker record for an email adderss with an "@" character you have to use the search operator "==" for match entire field.
# Safari will url encode the @ symbol as %40. This means that you have to use the urldecode function to convert %40 back to @.
# Password can be anything. Notice the use of the MD5 hash to enrcypt the data as a 32-bit hexadecimal number. That would send '1234' as "81dc9bdb52d04dc20036dbd8313ed055'.
# For this to work, the password would also need to be stored in the database as a MD5 hash when the user creates their record.
if(isset($_POST['Login']) and (!empty($_POST['username']) and !empty($_POST['password'])) )
    {
    $username = '==' . urldecode($_POST['username']);
    $password = md5($_POST['password']);
    $request = $fm->newFindCommand('Demo php');
    $request->addFindCriterion('UserName', $username);
    $request->addFindCriterion('Password', $password);
    $result = $request->execute();
    # Check for errors  if no records are found, find all all the records so FileMaker doesn't throw an error and crash the page.
    if (FileMaker::isError($result))
        {
        $request = $fm->newFindAllCommand('Demo php');
        $result = $request->execute();
        }
    # Set the $found variable with the number of records in the found set. There should only be 1 unique record.
    $found = $result->getFoundSetCount();
    if($found == 1)
        {
        # Set the $_SESSION superglobal 'login' value to 1 to indicate that the user is logged in.
        # This value will be checked on all the protected pages before the user can access the page.
        # Use the header() method to redirect the user to the LoginSuccess.php page.
        $_SESSION['login']=1;
        header("location:LoginSuccess.php");
        exit;
        }
    else
        # If there is more than one record in the found set set the $_SESSION 'login' value to 0.
        # This will prevent users from accessing any of the protected pages.
        # Set the $message variable to let the user know they tried an incorrect user name or password.
        # Echo the $message in the html of the form.
        {
        $_SESSION['login']=0;
        $message = 'Incorrect user name or password.';
        }
    }   
else
    # By default, the $message varible is set to ask the user to enter a user name and password.
    # Echo the $message in the html of the form.
    {
    $message = 'Please enter a user name and password.';
    }       

?>

<form action="Login.php" method="post">
<table border="0" cellspacing="3" cellpadding="3">
  <tr>
    <td>&nbsp;</td>
    <td><?php echo $message; ?></td>
  </tr>
  <tr>
    <td>User Name</td>
    <td><input name="username" type="text" /></td>
  </tr>
  <tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
  </tr>
    <tr>
    <td>&nbsp;</td>
    <td><input name="Login" type="submit" value="login" /></td>
  </tr>
</table>
</form>

</body>
</html>

================

Line 22 is: <?php

Line 56 is: header("location:LoginSuccess.php");

Can anyone shed any light on how to fix the error?

Thanks in Advance! Paul

1 answer

  • answered 2018-05-16 05:58 Sumit Parkash

    You should process your data first and then should output any html. try below code

     <?php
      # You have the start the session on the login page.
      # The session_start() method MUST be before the html tag.
      # Always set the $_SESSION login value to 0 on the login page to protect 
      # the other pages by default.
       session_start();
          $_SESSION['login']=0;
    
        include ("../../Conn/dbaccess.php"); 
    
    
       # Check to see if the submit button was clicked and $_POST superglobals 
       #  username and password are filled in.
        # Then find the login record using the username and password. 
      # Username is intended to be an email address.
      # To search a FileMaker record for an email adderss with an "@" character 
       # you have to use the search operator "==" for match entire field.
      # Safari will url encode the @ symbol as %40. This means that you have to 
      #  use the urldecode function to convert %40 back to @.
        # Password can be anything. Notice the use of the MD5 hash to enrcypt 
       #  the data as a 32-bit hexadecimal number. That would send '1234' as 
        #  "81dc9bdb52d04dc20036dbd8313ed055'.
        # For this to work, the password would also need to be stored in the 
        # database as a MD5 hash when the user creates their record.
         if(isset($_POST['Login']) and (!empty($_POST['username']) and 
           !empty($_POST['password'])) )
           {
    $username = '==' . urldecode($_POST['username']);
    $password = md5($_POST['password']);
    $request = $fm->newFindCommand('Demo php');
    $request->addFindCriterion('UserName', $username);
    $request->addFindCriterion('Password', $password);
    $result = $request->execute();
    # Check for errors  if no records are found, find all all the records so FileMaker doesn't throw an error and crash the page.
    if (FileMaker::isError($result))
        {
        $request = $fm->newFindAllCommand('Demo php');
        $result = $request->execute();
        }
    # Set the $found variable with the number of records in the found set. There should only be 1 unique record.
    $found = $result->getFoundSetCount();
    if($found == 1)
        {
           # Set the $_SESSION superglobal 'login' value to 1 to indicate that 
         #  the user is logged in.
        # This value will be checked on all the protected pages before the user can access the page.
        # Use the header() method to redirect the user to the LoginSuccess.php page.
        $_SESSION['login']=1;
        header("location:LoginSuccess.php");
        exit;
        }
    else
           # If there is more than one record in the found set set the $_SESSION 
          # 'login' value to 0.
           # This will prevent users from accessing any of the protected pages.
           # Set the $message variable to let the user know they tried an 
          # incorrect user name or password.
          # Echo the $message in the html of the form.
          {
            $_SESSION['login']=0;
            $message = 'Incorrect user name or password.';
           }
    }   
      else
       # By default, the $message varible is set to ask the user to enter a user 
        #name and password.
       # Echo the $message in the html of the form.
        {
        $message = 'Please enter a user name and password.';
       }       
    
      ?>
     <!--
        The purpose of this file is to show how to perform a log in procedure to 
        protect web pages from unauthorized access.
        The method uses 2 pages. Start at Loging.php. If login is sucessful the 
        user is redirected to LoginSuccess.php.
        LoginSuccess.php is the starting web page for your protected solution.
       If users try to open a protected page without logging in they will be re- 
       directed back to the login page.
        -->
      <html>
        <head>
        <title>Login</title>
       </head>
       <body>
    
         <form action="Login.php" method="post">
           <table border="0" cellspacing="3" cellpadding="3">
            <tr>
              <td>&nbsp;</td>
                <td><?php echo $message; ?></td>
                </tr>
               <tr>
            <td>User Name</td>
                <td><input name="username" type="text" /></td>
            </tr>
         <tr>
              <td>Password</td>
              <td><input name="password" type="password" /></td>
         </tr>
         <tr>
            <td>&nbsp;</td>
            <td><input name="Login" type="submit" value="login" /></td>
          </tr>
       </table>
      </form>
    
        </body>
     </html>
         `