10/10/2018, 00:06
bạn xem hộ mình lỗi này nhé
Warning: Cannot modify header information - headers already sent by (output started at C:AppServwwwHPU2TINHOCindex.php:119) in C:AppServwwwHPU2TINHOClogin.php on line 54
với code của login.php là
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?PHP
// retrieve the submitted values
$username1 = @$HTTP_POST_VARS["username"];
$password1 = @$HTTP_POST_VARS["password"];
$rememberMe = @$HTTP_POST_VARS["rememberMe"];
// make sure that rememberMe has a value
if ($rememberMe == "rememberMe"){
$rememberMe = "1";
}else{
$rememberMe = "0";
}
// let the config.php file connect to the database
include("config1.php");
// check it the username exist
$query = "Select * from ".$DBprefix."signup where username='$username1'";
$result = @mysql_query($query);
if ($row = @mysql_fetch_array($result)){
// check if his account is activated, if not skip to this if's else case
if ($row["actnum"] == "0"){
// and check if his account is not loccked, if not skip to this if's else case
if ($row["numloginfail"] <= 5){
// finally we check the database to see if the password is correct, if not skip to this if's else case
if ($row["password"] == $password1){
// we determin the date for the lastlogin - field.
$datetime = date("d-m-Y G:i ");
// and we update that field
$query = "UPDATE ".$DBprefix."signup Set lastlogin = '$datetime' where username='$username1'";
$result = @mysql_query($query);
// now that the correct password is used to log-in, reset the numloginfail-field to 0
$query = "UPDATE ".$DBprefix."signup Set numloginfail = '0' where username='$username1'";
$result = @mysql_query($query);
// tell we want to work with sessions
// remove al the data from the session (auto logoff)
// remove the session itself
// put the password in the session
@ session_register("pass");
$HTTP_SESSION_VARS["pass"] = $password1;
// put the username in the session
@ session_register("id");
$HTTP_SESSION_VARS["id"] = $username1;
// send the the cookie if needed
if($rememberMe=="1"){
setcookie("rememberCookieUname",$username1,(time() +604800));
setcookie("rememberCookiePassword",md5($password1) ,(time()+604800));
}
// go to the secured page.
header("members/index.php");
}
else{
// else the password is incorrect. Therofore we have to update the numloginfield and lastloginfail field
// first we set $datetime to the current time in a format that we can use to calculate with.
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
// then we check if the last log-in fail was less than 5 minutes ago.
if ($row["lastloginfail"] >= ($datetime-5)){
// if it is we update both the numloginfail & the lastloginfail fields.
$query = "UPDATE ".$DBprefix."signup Set numloginfail = numloginfail + 1 where username='$username1'";
$result = mysql_query($query);
$query = "UPDATE ".$DBprefix."signup Set lastloginfail = '$datetime' where username='$username1'";
$result = mysql_query($query);
}
else{
// if it is more than 5 minutes ago, just set the lastloginfail field.
$query = "UPDATE ".$DBprefix."signup Set lastloginfail = '$datetime' where username='$username1'";
$result = mysql_query($query);
}
// and ofcourse we tell the user that his log-in failed.
echo("Bạn nhập sai Username hoặc Password");}
}
// if the numloginfail value is larger than 5 that means there someone tryed to break the password by brute force
// we will now check how long ago the lock was engaged. it is is more than half an hour ago is, then we will unlock the account
// and ask the user to login 1 more time to validate it is really him.
else {
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
if ($row["lastloginfail"] <= ($datetime-30)){
// set the numloginfail value to 5 so the user has 1 change to enter his password.
$query = "UPDATE ".$DBprefix."signup Set numloginfail = '5' where username='$username1'";
$result = @mysql_query($query);
// ask the user to enter his username/password once again. Also we set the username field
// to the name the username entered in the first login of this user. By doing this the makeform function
// disables the username-field.
echo("Bạn hãy login lại");
}
else{
// if it is less than 30 minutes ago ask the user to wait untill the lock is released again.
echo $underAttackPleaseWait;
}
}
}
// if the actnum is other than 0 that means the account has not been activated yet.
else{
echo("Tài khoản của bạn chưa kích hoạt");
}
}
// if the username does not exist we check it is filled in.
else{
// if it isn't filled we assum that this is the page load and we show the form without an error.
if ($username1 == ""){
echo("");
}
else {
// if the form is filled it that means that the username does not exist. Therefore we show the form
// with an error. We can not change the numloginfail or lastloginfail fields for the brute forece attack
// because the attack isn't pointed at one user.
echo ("Bạn đã nhập sai. Đề nghị bạn nhập lại !");;
}
}
?>
với code của login.php là
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?PHP
// retrieve the submitted values
$username1 = @$HTTP_POST_VARS["username"];
$password1 = @$HTTP_POST_VARS["password"];
$rememberMe = @$HTTP_POST_VARS["rememberMe"];
// make sure that rememberMe has a value
if ($rememberMe == "rememberMe"){
$rememberMe = "1";
}else{
$rememberMe = "0";
}
// let the config.php file connect to the database
include("config1.php");
// check it the username exist
$query = "Select * from ".$DBprefix."signup where username='$username1'";
$result = @mysql_query($query);
if ($row = @mysql_fetch_array($result)){
// check if his account is activated, if not skip to this if's else case
if ($row["actnum"] == "0"){
// and check if his account is not loccked, if not skip to this if's else case
if ($row["numloginfail"] <= 5){
// finally we check the database to see if the password is correct, if not skip to this if's else case
if ($row["password"] == $password1){
// we determin the date for the lastlogin - field.
$datetime = date("d-m-Y G:i ");
// and we update that field
$query = "UPDATE ".$DBprefix."signup Set lastlogin = '$datetime' where username='$username1'";
$result = @mysql_query($query);
// now that the correct password is used to log-in, reset the numloginfail-field to 0
$query = "UPDATE ".$DBprefix."signup Set numloginfail = '0' where username='$username1'";
$result = @mysql_query($query);
// tell we want to work with sessions
// remove al the data from the session (auto logoff)
// remove the session itself
// put the password in the session
@ session_register("pass");
$HTTP_SESSION_VARS["pass"] = $password1;
// put the username in the session
@ session_register("id");
$HTTP_SESSION_VARS["id"] = $username1;
// send the the cookie if needed
if($rememberMe=="1"){
setcookie("rememberCookieUname",$username1,(time() +604800));
setcookie("rememberCookiePassword",md5($password1) ,(time()+604800));
}
// go to the secured page.
header("members/index.php");
}
else{
// else the password is incorrect. Therofore we have to update the numloginfield and lastloginfail field
// first we set $datetime to the current time in a format that we can use to calculate with.
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
// then we check if the last log-in fail was less than 5 minutes ago.
if ($row["lastloginfail"] >= ($datetime-5)){
// if it is we update both the numloginfail & the lastloginfail fields.
$query = "UPDATE ".$DBprefix."signup Set numloginfail = numloginfail + 1 where username='$username1'";
$result = mysql_query($query);
$query = "UPDATE ".$DBprefix."signup Set lastloginfail = '$datetime' where username='$username1'";
$result = mysql_query($query);
}
else{
// if it is more than 5 minutes ago, just set the lastloginfail field.
$query = "UPDATE ".$DBprefix."signup Set lastloginfail = '$datetime' where username='$username1'";
$result = mysql_query($query);
}
// and ofcourse we tell the user that his log-in failed.
echo("Bạn nhập sai Username hoặc Password");}
}
// if the numloginfail value is larger than 5 that means there someone tryed to break the password by brute force
// we will now check how long ago the lock was engaged. it is is more than half an hour ago is, then we will unlock the account
// and ask the user to login 1 more time to validate it is really him.
else {
$datetime = date("d")*10000000000 + date("m")*100000000 + date("Y")*10000 + date("G")*100 + date("i");
if ($row["lastloginfail"] <= ($datetime-30)){
// set the numloginfail value to 5 so the user has 1 change to enter his password.
$query = "UPDATE ".$DBprefix."signup Set numloginfail = '5' where username='$username1'";
$result = @mysql_query($query);
// ask the user to enter his username/password once again. Also we set the username field
// to the name the username entered in the first login of this user. By doing this the makeform function
// disables the username-field.
echo("Bạn hãy login lại");
}
else{
// if it is less than 30 minutes ago ask the user to wait untill the lock is released again.
echo $underAttackPleaseWait;
}
}
}
// if the actnum is other than 0 that means the account has not been activated yet.
else{
echo("Tài khoản của bạn chưa kích hoạt");
}
}
// if the username does not exist we check it is filled in.
else{
// if it isn't filled we assum that this is the page load and we show the form without an error.
if ($username1 == ""){
echo("");
}
else {
// if the form is filled it that means that the username does not exist. Therefore we show the form
// with an error. We can not change the numloginfail or lastloginfail fields for the brute forece attack
// because the attack isn't pointed at one user.
echo ("Bạn đã nhập sai. Đề nghị bạn nhập lại !");;
}
}
?>
Bài liên quan
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
thường hàm nay dùng khi trước nó "trốn" ko có cái html nào cả. Với lại bạn dùng cũng sai
header("Location: members/index.php");
Ngoài ra lỗi này còn do bị BOM. tức là dùng utf-8 thường bị chèn BOM vào bạn phải bỏ nó ra .
xem thêm http://vn.php.net/header
+ không co bất kỳ lệnh output nào từ php
+ không có bất kỳ thẻ html hay javascript
+ không có bất kỳ có kí tự nào trước <?php (ca dấu cách, và kí tự BOM đều lỗi)
=> bạn kiểm tra lại nhé
Bạn ơi mình chỉnh lại như bạn nói rồi. Vẫn không được. Liệu có lệnh nào khác để mở cái (members/index.php) không bạn nhỉ.Mình chỉ cần mở các đấy thôi mà ở dạng _bank. Header dùng không được
=> mình chưa rõ ý định của bạn pm mình : khuyen_cntt minh hướng dẫn bạn
Nếu cần mở 1 file ở dạng cửa sổ mới thì bạn add thêm 1 đoạn script vào đó để mở nó ra thôi.
Thay vì header thì bạn tìm cách cho ra đoạn mã này.
Thân mến.