"Ashley Sheridan" <[email protected]> wrote in message
news:1278705549.2295.4.ca...@localhost...
> On Fri, 2010-07-09 at 15:58 -0400, Gary wrote:
>
>> "Ashley Sheridan" <[email protected]> wrote in message
>> news:1278705035.2295.2.ca...@localhost...
>> > On Fri, 2010-07-09 at 15:43 -0400, Gary wrote:
>> >
>> >> "Richard Quadling" <[email protected]> wrote in message
>> >> news:[email protected]...
>> >> > On 9 July 2010 16:42, Gary <[email protected]> wrote:
>> >> > [snip]
>> >> >
>> >> > Take a look at https://code.google.com/p/loginsystem-rd/
>> >> >
>> >>
>> >> Richard
>> >>
>> >> Thank you for your quick reply and the link. Since I see you are one
>> >> of
>> >> the
>> >> creators, thank you for that as well.
>> >>
>> >> I am getting the following error and I'm not sure how to correct it.
>> >>
>> >> Warning: Cannot modify header information - headers already sent by
>> >> (output
>> >> started at
>> >> /home/content/45/6359745/html/login/include/loginGlobals.php:281)
>> >> in /home/content/45/6359745/html/login/include/form_token.php on line
>> >> 15
>> >>
>> >> Warning: Cannot modify header information - headers already sent by
>> >> (output
>> >> started at
>> >> /home/content/45/6359745/html/login/include/loginGlobals.php:281)
>> >> in /home/content/45/6359745/html/login/include/form_token.php on line
>> >> 22
>> >>
>> >> Line 15 is: setcookie("token", "", time()-42000);
>> >> Line 22 is :if (setcookie("token", $_SESSION["token"], time()+86400))
>> >> {
>> >>
>> >> loginGlobals stops at line 278
>> >>
>> >> Again, thank you for all your help.
>> >>
>> >> gary
>> >>
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> __________ Information from ESET Smart Security, version of virus
>> >> signature database 5266 (20100709) __________
>> >>
>> >> The message was checked by ESET Smart Security.
>> >>
>> >> http://www.eset.com
>> >>
>> >>
>> >>
>> >>
>> >>
>> >
>> >
>> > My guess is that you've put the login PHP code after some HTML in that
>> > page? If you output any content at all (even a blank space) it will
>> > output the default headers. What you need to do is have any logic that
>> > includes a header() call before any output.
>> >
>> > Thanks,
>> > Ash
>> > http://www.ashleysheridan.co.uk
>>
>> Ashley
>>
>> I am aware of that would cause a problem. I am not finding any html at
>> all
>> on either page.
>>
>> Thanks for your reply.
>>
>> Gary
>>
>>
>>
>> __________ Information from ESET Smart Security, version of virus
>> signature database 5266 (20100709) __________
>>
>> The message was checked by ESET Smart Security.
>>
>> http://www.eset.com
>>
>>
>>
>>
>>
>
> What does your code look like now?
>
> Thanks,
> Ash
> http://www.ashleysheridan.co.uk
Ashley
This is form_token.php
<?php
if (!isset($_SESSION)) {
session_start();
}
?>
<?php
function generateToken(){
/*****************************************************************************************
* Create and set a new token for CSRF protection * on initial entry or after
form errors and we are going to redisplay theform.
******************************************************************************************/
$salt=""; $tokenStr=""; $salt = sha1($_SERVER["HTTP_HOST"]);
setcookie("token", "", time()-42000); $_SESSION["salt"]=$salt;
$_SESSION["guid"] = getGUID(); $_SESSION["ip"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["time"] = time(); $tokenStr = "IP:" . $_SESSION["ip"] . ",SESSIONID:"
. session_id() .",GUID:" . $_SESSION["guid"];
$_SESSION["token"]=sha1(($tokenStr.$_SESSION["salt"]).$_SESSION["salt"]); if
(setcookie("token", $_SESSION["token"], time()+86400)) {
$_SESSION["usecookie"]=True; }}function checkToken() {
/*****************************************************************************************
* Check the posted token for correctness
******************************************************************************************/
$oldToken=""; $testToken=""; $tokenStr="";
$page=basename($_SERVER['PHP_SELF']); $oldToken=$_POST["token"]; $tokenStr =
"IP:" . $_SESSION["ip"] . ",SESSIONID:" . session_id() .",GUID:" .
$_SESSION["guid"];
$testToken=sha1(($tokenStr.$_SESSION["salt"]).$_SESSION["salt"]);
$checkToken=False; If ($oldToken===$testToken) { $diff = time() -
$_SESSION["time"]; If ($diff<=300) { // Five minutes max If
($_SESSION["usecookie"]) { If ($_COOKIE["token"]===$oldToken) {
/*****************************************************************************************
* Destroy the old form token, then * generate a new token for the
form, which may or may not be needed. Wewant to do this * before headers
are written. When writeToken() or writeTokenH() iscalled we are only *
writing the pre-generated token to the form. The cookie will havealready been
written.
******************************************************************************************/
setcookie("token", '', time()-42000); generateToken(); return
true; }else{ $_SESSION = array(); if
(isset($_COOKIE[session_name()])) { setcookie(session_name(), '',
time()-42000); } session_destroy(); header("Location: http://";.
lg_domain . lg_form_error ."?p=" . $page ."&t=ec"); } }else{ return
True; } }else{ $_SESSION = array(); if
(isset($_COOKIE[session_name()])) { setcookie(session_name(), '',
time()-42000); } session_destroy(); header("Location: http://";. lg_domain
. lg_form_error ."?p=" . $page ."&t=et"); } }else{ $_SESSION = array(); if
(isset($_COOKIE[session_name()])) { setcookie(session_name(), '',
time()-42000); } session_destroy(); header("Location: http://";. lg_domain .
lg_form_error ."?p=" . $page ."&t=e"); }}if ($_SERVER["REQUEST_METHOD"]=="GET")
{
/*****************************************************************************************
* We need to generate the token (writing a cookie) before headers arewritten.
When * writeToken() or writeTokenH() is called we are only writing
thepre-generated token to * the form. The cookie has already been sent.
******************************************************************************************/
generateToken();}function writeToken() { echo '<input id="token" name="token"
type="hidden" accesskey="u"tabindex="999" value="' .$_SESSION['token']. '"
/>';}function writeTokenH() { echo '<input id="token" name="token"
type="hidden" accesskey="u"tabindex="999" value="' .$_SESSION['token'].
'">';}?>This is loginGlobals.php:<?php// $Id: loginGlobals.php 356 2010-05-23
03:06:55Z rdivilbiss $$lg_filename =
basename($_SERVER['PHP_SELF']);/********************************************************************************************************************
Login Globals - PHP** NOTE: You must set lg_domain, lg_domain_secure,
lg_loginPath and must setthe full path to certain pages.* You must set
the webmaster e-mail addresses.* You must set the database connection
details in database.php.** Modification: 13 MAY 2010 :: Karol Piczak -
translation to Polish* Modification: ?? ??? 2010 :: Saurabh - translation to
Hindi* Modification: 27 APR 2010 :: Michel Plungjan - translation to Danish*
Modification: 26 APR 2010 :: Rod Divilbiss - corrected some file paths.*
Modification: 25 APR 2010 :: Rod Divilbiss - added lg_term_log_out,corrected
paths.* Modification: 24 APR 2010 :: Rod Divilbiss - Corrected debug
outputstatements, added lg_term_log_out to*
loginGlobals.php, andcorrected paths in loginGlobals.php*
Modification: 23 APR 2010 :: Bob Stone - Beta Testing, Code / pathcorrection
and commenting* Modification: 09 APR 2010 :: Rod Divilbiss - Machine
Translation to Hindi* Modification: 05 APR 2010 :: mplugjan - translation to
Swedish* Modification: 02 APR 2010 :: Rod Divilbiss - Spelling errors
corrected.* Modification: 02 APR 2010 :: acperkins - verified or corrected
translationto Spanish (Mexican)* Modification: 01 APR 2010 :: Bob Stone -
translated to Spanish (Mexican)* Modification: 28 MAR 2010 :: Jürgen Kraus -
translated to German* Modification: 28 MAR 2010 :: Cam Van T Divilbiss -
translated toVietnamese* Modification: 11 FEB 2010 :: Rod Divilbiss - recover
password Constantsadded.* Modification: 07 FEB 2010 :: VGR - translation to
French* Modification: 07 FEB 2010 :: Rod Divilbiss - added MS SQL and
MySqlConstants.* Modification: 20 FEB 2010 :: Rod Divilbiss - added
missinglg_phrase_registration_mail0* Modification: 13 FEB 2010 :: Rod Divilbiss
- set new password Constantsadded.** Version: alpha 0.5a - English -
PHP******************************************************************************************************************//*****************************************************************************************************************/define("lg_cancel_account_page",
"cancel_account.php");define("lg_change_password_page",
"change_password.php");/*******************************************************************************************************************
contact is not part of the login-system. Must specify the entire pathpossibly
outside of the
login-system.******************************************************************************************************************/define("lg_contact_form",
"/login-system/contact.php");define("lg_copyright", "© 2010 EE
Collaborative Login Systemhttp://www.webloginproject.com";);define("lg_domain",
"www.example.com");define("lg_domain_secure",
"www.example.com");/*******************************************************************************************************************
forbidden is not part of the login-system. Must specify the entire
pathpossibly outside of the
login-system.******************************************************************************************************************/define("lg_forbidden",
"/login-system/forbidden.php");/*******************************************************************************************************************
form error is not part of the login-system. Must specify the entire
pathpossibly outside of the
login-system.******************************************************************************************************************/define("lg_form_error",
"/login-system/form_error.php");/*******************************************************************************************************************
home page is not part of the login-system. Must specify the entire
pathpossibly outside of the
login-system.******************************************************************************************************************/define("lg_debug",
false);define("lg_home", "/login-system/index.php");define("lg_log_logins",
true);define("lg_logged_out_page", "loggedout.php");define("lg_login_attempts",
5);define("lg_loginPage", "login.php");define("lg_loginPath",
"/login-system/");define("lg_logout_page",
"logout.php");define("lg_new_token_page",
"issue_verification_token.php");define("lg_password_max_age",
6);define("lg_password_min_bits", 72);define("lg_password_min_length",
10);define("lg_recover_passsword_page",
"recover_password.php");define("lg_register_delete_page",
"register_delete.php");define("lg_register_page",
"register.php");define("lg_set_new_password_page",
"set_new_password.php");define("lg_success_page",
"login_success.php");define("lg_useCAPTCHA", true);define("lg_useSSL",
false);define("lg_verify_page",
"register_verify.php");define("lg_webmaster_email", "Webmaster
<[email protected]>");define("xxx.xxx.com",
'<ahref="mailto:[email protected]";>Webmaster</a>');/**********************************************************************
Login system database
globals*********************************************************************/function
dbNow() { return date("Y-m-d
H:i:s");}/**********************************************************************
Login system language
globals*********************************************************************/define("lg_login_button_text",
"Login");define("lg_phrase_attention_webmaster", "Attention
Webmaster");define("lg_phrase_cancel_account_canceled", "The account has
beencanceled.");define("lg_phrase_cancel_account_error", "There was an
unexpected errorcancelling your account. Please contact the
webmaster");define("lg_phrase_cancel_account_warning", "Enter your User ID and
Passwordto cancel your account.<br>WARNING: THIS ACTION CAN NOT BE
UNDONE.<br>If youhave forgotten your password use the recover password link
below.");define("lg_phrase_change_password", "Enter your current password, then
yourdesired new password");define("lg_phrase_confirm_empty", "The Confirm
Password field is empty butis required. Please confirm your
password.");define("lg_phrase_confirm_title", "Please confirm your desired
password.This field is required.");define("lg_phrase_contact_body", "<p>This is
your contact page. Usually itwould be a form. At a minimum you should provide
the Webmaster's emailaddress.</p>");define("lg_phrase_contact_webmaster",
"contact the webmaster");define("lg_phrase_contact_webmaster1", "Please contact
the webmaster forassistance.");define("lg_phrase_default_body1", "This site was
created to demonstrateincorporating the Login System into your web site
design.</p><p>Every website can be conceptualized as a template. Common
sections of a web pagetemplate might include a banner, navigation, a main
content area, and maybea footer with links to Terms Of Use, Copyright details,
and the PrivacyPolicy.</p><p>The area where you are now reading in the
"Main ContentArea" of this page. This is the area where you will
insert the HTML orXHTML markup templates that enable the Login System. Feel
free to click thelogin link above, register and test the login system as
implemented. This isa working beta test site and certain features may or not be
implementedwhile you are testing.</p><p>Visit the project home on Google Code
at:");define("lg_phrase_default_body2", ".</p><p>Or visit various demo pages in
anumber of world languages at the");define("lg_phrase_default_body3",
"demonstration and test site.</p>");define("lg_phrase_delete_account", "Delete
Account");define("lg_phrase_delete_already_verified", "The account has already
beenverified and could not be deleted");define("lg_phrase_delete_deleted", "The
account has been deleted");define("lg_phrase_email_empty", "The Email field is
empty but is required.Please enter your Email
address.");define("lg_phrase_email_title", "Please enter your Email address.
This fieldis required.");define("lg_phrase_enter_set_new_password_token",
"Enter set new passwordtoken");define("lg_phrase_enter_unlock_code", "Enter
Unlock Code");define("lg_phrase_forbidden_body", "<p><h1>You do not have access
to thatresource.</h1></p><p>Contact the webmaster
at:");define("lg_phrase_form_error_cookie", "Cookies are required for
login.Please ensure your browser accepts cookies from this
site.");define("lg_phrase_form_error_time", "The form timed out before
completion.Please complete the form in less than 5
minutes.");define("lg_phrase_form_error_token", "There was a form error. This
can becaused by using your browser's back button to return to a
previouslycompleted form and re-submitting
it.");define("lg_phrase_is_logged_in"," is logged
in.");define("lg_phrase_issue_new_token", "Enter your userid and Email to
receivea new verification token.");define("lg_phrase_issue_new_token_error",
"There was an unexpected errorgenerating your verification token. Please
contact the webmaster.");define("lg_phrase_issue_new_token_success", "Your new
verification tokenwill be mailed to your Email
address.");define("lg_phrase_logged_out", "You are logged
out.");define("lg_phrase_login_error", "There was an error. Please re-enter
yourUser ID and Password.");define("lg_phrase_login_error_token", "You must
validate your email addressusing the token you were sent before you can log
in.");define("lg_phrase_login_token_problem", "Either the verification token
hasbeen used, (and you are verified,) or the token is not
valid.");define("lg_phrase_logout_continue", "Click here to
continue.");define("lg_phrase_name_empty", "The Name field is empty but is
required.Please enter your name.");define("lg_phrase_name_title", "Please enter
your full name. This field isrequired.");define("lg_phrase_newpassword_empty",
"The New Password field is empty butis required. Please enter your
password.");define("lg_phrase_news", "Do you wish to receive periodic Emails
when thewebsite changes or new articles are
posted?");define("lg_phrase_no_matching_registration", "There was no
registrationmatching the User ID and Email address you
entered.");define("lg_phrase_oldpassword_does_not_match", "The current password
doesnot match your stored password. Try
again.");define("lg_phrase_oldpassword_empty", "The Old Password field is empty
butis required. Please enter your
password.");define("lg_phrase_oldpassword_title", "Please enter your current
password.This field is
required.");define("lg_phrase_password_change_authorized", "If you did not
authorizethis change, please contact the webmaster
");define("lg_phrase_password_changed", "Your password was
changed");define("lg_phrase_password_changed_error", "There was an unexpected
error.The password was not changed. Please contact the
webmaster");define("lg_phrase_password_changed_okay", "Password changed
successfully.");define("lg_phrase_password_changed_post", " was changed at
");define("lg_phrase_password_changed_pre", "Your password at
");define("lg_phrase_password_empty", "The Password field is empty but
isrequired. Please enter your
password.");define("lg_phrase_password_new_title", "Please enter your desired
password.This field is required.");define("lg_phrase_password_nomatch_confirm",
"The Password does not matchthe Confirmation Password. Please
re-enter.");define("lg_phrase_password_title", "Please enter your password.
This fieldis required.");define("lg_phrase_password_too_soon", "The password is
the same as arecently used password. Please choose a different
password.");define("lg_phrase_password_too_short_pre", "The password entered
has too fewcharaters. The minimum password length
is:");define("lg_phrase_password_too_short_post", "letters, symbols,
andnumbers.");define("lg_phrase_password_too_simple", "The entered password is
too simple.Please enter a password which has many random characters including a
mix ofupper and lower case letters, symbols, and
digits.");define("lg_phrase_recaptcha_error", "The reCAPTCHA wasn't
enteredcorrectly.");define("lg_phrase_recover_password", "Recover
Password");define("lg_phrase_recover_password_error", "There was an unexpected
errorprocessing your request. Please contact the
webmaster.");define("lg_phrase_recover_password_success", "The request to
recover yourpassword was processed successfully.<p>Please follow the
instructions in theEmail sent to you to set a new
password.</p>");define("lg_phrase_recover_password2", "You may set a new
password byclicking the link below.");define("lg_phrase_recover_password3",
"Set New Password");define("lg_phrase_recover_password4", "If you did not
request to recoveryour password, contact the webmaster by
");define("lg_phrase_recover_password5", "Email at the following Email link
");define("lg_phrase_register_delete_noemail", "There was no account
matchingthe email address you
entered.");define("lg_phrase_registration_email_verify", "Verify Your Email
Address");define("lg_phrase_registration_email_verify_msg", "An Email was sent
to theEmail address you provided during registration. Click the link in
thatEmail or copy and paste the unlock code in the form field below.
Youraccount will not be available until it has been
verified.");define("lg_phrase_registration_error", "There was an unexpected
errorcompleting your registration. Please contact the
webmaster");define("lg_phrase_registration_mail0", "Issued New Registration
VerificationToken");define("lg_phrase_registration_mail1", "Thank you for
registering at");define("lg_phrase_registration_mail2", "Before you can login
you need");define("lg_phrase_registration_mail3", "to verify your Email
address.");define("lg_phrase_registration_mail4", "Click Here To
Verify");define("lg_phrase_registration_mail5", "If the above link does not
work, goto http://";);define("lg_phrase_registration_mail6", "copy and paste the
token below intothe form and click
\"Submit\"");define("lg_phrase_registration_mail7", "If you did not register,
click");define("lg_phrase_registration_mail8", "this link: <a
href=\"http://";);define("lg_phrase_registration_mail9", "if you have any
questions then <ahref=\"http://";);define("lg_phrase_registration_success",
"Registration Successful");define("lg_phrase_remember_me_warning", "Do not
check remember me if this isa shared
computer.");define("lg_phrase_request_password1", "A request has been made to
recoveryour password at ");define("lg_phrase_set_new_password_error", "There
was an unexpected error incompleting your request.
");define("lg_phrase_set_new_password_good_token", "Your token was valid.
Entera new password.");define("lg_phrase_set_new_password_success", "Your
password was
successfullychanged.");define("lg_phrase_set_new_password_token_expired", "More
than 24 hours havepassed since you requested a password recovery
token.");define("lg_phrase_user_registration", " User
Registration.");define("lg_phrase_userid_empty", "The User ID field is required
but isempty. Please enter your User ID.");define("lg_phrase_userid_inuse", "The
User ID is in use or invalid.");define("lg_phrase_userid_new_title", "Please
enter your desired User ID.This field is
required.");define("lg_phrase_userid_title", "Please enter your userid. This
field isrequired.");define("lg_phrase_verify_expired", "More than 24 hours have
passed sinceyour registration.");define("lg_phrase_verify_login", "You may now
login to your account.");define("lg_phrase_verify_newtoken", "Click here to
generate a new unlockcode.");define("lg_phrase_verify_verified", "You have
verified your emailaddress.");define("lg_phrase_webmaster_may_be_contacted",
"The webmaster may becontacted by Email using this link:
");define("lg_phrase_website_title", "Please enter your website
address.");define("lg_register_button_text", "Register");define("lg_term_at",
"at");define("lg_term_cancel", "Cancel
Account");define("lg_term_cancel_account", "Cancel
Account");define("lg_term_change_password", "Change
Password");define("lg_term_change_password_button_text", "Change
Password");define("lg_term_checkToken", "checkToken");define("lg_term_city",
"City");define("lg_term_confirm", "Confirm Password");define("lg_term_contact",
"Contact");define("lg_term_contact_form", "Contact
Form");define("lg_term_content_language", "<meta
http-equiv=\"content-language\"content=\"en-US\" />");define("lg_term_country",
"Country");define("lg_term_current_password", "Current
Password");define("lg_term_delete_account", "Delete
Account");define("lg_term_do_registration",
"doRegistration");define("lg_term_email",
"Email");define("lg_term_enter_information", "Enter
Information");define("lg_term_error_string",
"getPasshash");define("lg_term_example", "Example");define("lg_term_fair",
"FAIR");define("lg_term_forbidden", "Forbidden");define("lg_term_form_error",
"Form Error");define("lg_term_get_name",
"getName");define("lg_term_get_oldpassword",
"getOldPassword");define("lg_term_guest","Guest.");define("lg_term_home",
"Home");define("lg_term_immediately", "immediately!");define("lg_term_ip",
"IP");define("lg_term_issue_verification_token", "Issue Verification
Token");define("lg_term_language", "<meta name=\"language\" content=\"en-US\"
/>");define("lg_term_log_out", "Log Out");define("lg_term_log_string",
"logLogin");define("lg_term_logged_out", "Logged Out");define("lg_term_login",
"Login");define("lg_term_login_success", "Success");define("lg_term_medium",
"MEDIUM");define("lg_term_name", "Name");define("lg_term_new",
"New");define("lg_term_new_password", "New Password");define("lg_term_poor",
"POOR");define("lg_term_optional", "Optional");define("lg_term_or",
"or");define("lg_term_password", "Password");define("lg_term_please_login",
"Please Login");define("lg_term_please_register", "Please
Register");define("lg_term_project_home_link", "<a title=\"Login System on
GoogleCode\"href=\"http://code.google.com/p/loginsystem-rd/\";>http://code.google.com/p/loginsystem-rd/</a>");define("lg_term_recover_password",
"Recover Password");define("lg_term_region",
"Region");define("lg_term_register",
"Register");define("lg_term_register_confirmation", "Registration
Confirmation");define("lg_term_register_delete_enter_email", "Enter
Email");define("lg_term_registration",
"Registration");define("lg_term_registration_thankyou", "Thank you for
registering.");define("lg_term_registration_verification", "Registration
Verification");define("lg_term_remember", true);define("lg_term_rememberme",
"Remember Me");define("lg_term_remove_registration", "Remove
Registration");define("lg_term_required",
"required");define("lg_term_reset_password", "Password
Reset");define("lg_term_set_new_password", "Enter A New
Password");define("lg_term_set_newpassword",
"changePassword");define("lg_term_strong", "STRONG");define("lg_term_submit",
"Submit");define("lg_term_to", "To ");define("lg_term_useragent",
"Useragent");define("lg_term_userid", "UserID");define("lg_term_via_email", "by
email at");define("lg_term_webloginproject_link", "<a title=\"Web Login
Project\"href=\"http://www.webloginproject.com/index.php\";>Web Login
Project</a>");define("lg_term_website",
"Website");define("lg_term_website_address", "Website
Address");define("lg_term_welcome","Welcome");define("lg_term_xhtml_xmlns",
"<html xmlns=\"http://www.w3.org/1999/xhtml\"xml:lang=\"en\"; lang=\"en\">");?>
__________ Information from ESET Smart Security, version of virus signature
database 5266 (20100709) __________
The message was checked by ESET Smart Security.
http://www.eset.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
