PHP Forum

**Frodocyber** · 07-02-2006, 07:35 PM

My scripts have been working correctly for some time. Today I decided to store the database access codes in a separate file to hopefully improve security. Then the header error bit me!!!

I have searched the issue on this forum and other forums and am familiar with most of the causes and solutions. My "include file" is all php and the offending script is also...no html..that I can find..no "white space"...that I can find.

The following is the edited include file:

Code:

<?
$username="username";
$password="xxxxxxxxxxxxxxxxxxx";
$databasehost="localhost";
$database = "dbname";
?>

Following is the pertinent portion of the offending script. Last header statement is causing the problem. Can anyone find the error... or my coding mishaps???

Code:

<?include "dbinfo.php";
global $session1;
mysql_connect($databasehost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");
$passedusername=mysql_real_escape_string($_POST['username']);
$passedpassword=mysql_real_escape_string($_POST['password']);
$hashedpassword = md5($passedpassword);
$query="SELECT * FROM current_members WHERE username ='$passedusername'AND password='$hashedpassword'";
$result=mysql_query($query);
$num=mysql_numrows($result);
if ($num==0) {
mysql_close();
header ("Location:workinglogindisplay.php");
exit();
} else {
$i=0;
$UserID=mysql_result($result,$i,"id");
$UserName=mysql_result($result,$i,"username");
$RBS_date=mysql_result($result,$i,"RBS_date");
$AccessPermitted=mysql_result($result,$i,"AccessPermitted");  
 $session1=checkUser($UserID); //check to see if user is already logged in
              if ($session1){
                  deleteSession($UserID);//Force the user out if already logged in
                  writeLog($UserID,$UserName,$RBS_date,'4');
                  $query="UPDATE current_members SET AccessPermitted = 0 WHERE id = $UserID";
                  mysql_query($query);
                  print "<p><center><b>Emergency system notice: Your account is already in use on this system.";
                  print "<br>For security reasons your account is now frozen.";
                  print "<br>Consult your system administrator to re-activate your account.</b></center>";
    mysql_close();
//echo "session1 = #session1";
                  exit();
     }else {
$session1=setSession($UserName,$RBS_date,$UserID,$AccessPermitted);
writeLog($UserID,$UserName,$RBS_date,'1');
mysql_close();
header ("Location:membershomepage.php?id=$UserID");
exit();
}
}

**Skorch1** · 11:44 PM

I would change the first four lines in the second file to read like

Code:

<?php
include('dbinfo.php');
global $session1;
$stream = mysql_connect($databasehost,$username,$password) or die('Database not found '.mysql_error());
mysql_select_db($database) or die( "Unable to select database".mysql_error());

That should work or it'll tell you what error you're recieving from the mysql server on your host.

**Frodocyber** · 07-03-2006, 07:24 PM

I made the changes and it had no affect. I then commented out the "include" line and replaced it with the original four lines of database access codes and all was well again.

Whatever the problem (and it's not database access) it is being caused by the "include" line. Any more ideas????

Frodocyber

**Frodocyber** · 07-03-2006, 07:50 PM

I just figured it out!!!! Actually lots of trial and error but found a solution. This is one that should be made a "sticky" note since the error note gives no clue as towhat is wrong.

Original database access codes in dbinfo.php:

Code:

<?$username="username";
$password="xxxxxxxxxxxxxxxxxxx";
$databasehost="localhost";
$database = "dbname";
?>

Original "include" line that replaced them and caused the "header" error:

Code:

include('dbinfo.php');

Changes to dbinfo.php that fixed it: Anyone else ever have to do this??? What's the actual difference between the two that would cause a header error?????

Code:

<?$username="username";$password="xxxxxxxxxxxxxxxxxxx";
$databasehost="localhost";
$database = "dbname";?>

Go figure!!!!

Frodocyber

**Frodocyber** · 07-03-2006, 07:55 PM

I think I have been snake bit!!

If you look at the blank line in the code above it is magic stuff. There is no blank line in the actual script...AND there was no blank line in my post when I previewed it!!!

Somehow the "blank line" bug has attacked my 'puter!!! Gonna have another rum n coke and get some sleep! Ain't technology great?

Frodocyber