Before I begin I have 2 headers in my code, it is the last header in my code thats giving me some problems though and I want to know how can I fix my code without having to make major changes to it if possible so that I dont get this error any more?
If it helps I have <? ob_start(); ?> already in my header include and <? ob_flush(); ?> in my footer include.
Here is my php code.
<?php
// This is the login page for the site.
require_once ('../includes/config.inc.php');
// Set the page title and include the HTML header.
$page_title = 'Login - Site Name';
include ('../includes/header.php');
$mysqli = mysqli_connect("localhost", "root", "", "sitename");
//If members is logged in, redirect the user:
if(isset($_SESSION['user_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
?>
<!-- main content -->
<div id="content">
<!-- center content -->
<div id="center-content">
<!-- left content -->
<div id="main-content">
<!-- sign in form -->
<div class="login-form">
<h2>Sign In To Your Account</h2>
<form method="post" action="index.php">
<fieldset>
<?php
if (isset($_POST['submitted'])) { // start of submit conditional.
require_once (MYSQL);
// Validate the username or email address:
if (!empty($_POST['login']) && strlen($_POST['login']) <= 255) {
$e = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['login'])));
} else if(!empty($_POST['login']) && strlen($_POST['login']) >= 256) {
$e = FALSE;
echo 'do something else';
} else {
$e = FALSE;
echo 'do something else';
}
// Validate the password:
if (!empty($_POST['pass']) && strlen($_POST['pass']) <= 255) {
$p = mysqli_real_escape_string($dbc, $purifier->purify(strip_tags($_POST['pass'])));
} else if(!empty($_POST['pass']) && strlen($_POST['pass']) >= 256) {
$p = FALSE;
echo 'do something else';
} else {
$p = FALSE;
echo 'do something else';
}
if(($e != FALSE) && ($p != FALSE)) { // check pass
$pass_salt = "SELECT from database";
$ph = mysqli_query($dbc, $pass_salt) or trigger_error("Query: $pass_salt\n<br />MySQL Error: " . mysqli_error($dbc));
while($row = mysqli_fetch_array($ph)){
$password = $row['password'];
$salt = $row['salt'];
}
if(!empty($salt)) {
$sha512 = hash('sha512', $p . $salt);
}
if(!empty($password) == !empty($sha512)){
$user_pass = TRUE;
} else {
$user_pass = FALSE;
}
}
if(isset($user_pass) && ($user_pass == TRUE) && !empty($salt)) { // If everything's OK.
// Query the database:
$q = "SELECT from database";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
if (@mysqli_num_rows($r) == 1) { // A match was made.
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC);
$u = "UPDATE database";
// save the info to the database
$r = mysqli_query ($dbc, $u);
mysqli_free_result($r);
mysqli_close($dbc);
$url = BASE_URL . 'home/index.php'; // Define the URL:
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
} else {
echo 'do something else';
}
} else {
echo 'do something else';
}
mysqli_close($dbc);
} // end of submit conditional.
?>