FileMaker API for PHP登录页面错误-无法修改标题信息

Question

I am in the process of developing a FileMaker driven website using the PHP API. Been using the book "FileMaker API for PHP 13" which has been extremely useful thus far.

Anyways, I am trying to make a login page to access the database following Lesson 15 from the book. When I click on the login button I get the following error:

Warning: Cannot modify header information - headers already sent by (output started at /htdocs/fm_api_for_php/Advanced/Lesson15/Login.php:22) in /htdocs/fm_api_for_php/Advanced/Lesson15/Login.php on line 56

This is the code from the Login.php page:

<?php
# You have the start the session on the login page.
# The session_start() method MUST be before the html tag.
# Always set the $_SESSION login value to 0 on the login page to protect the other pages by default.
session_start();
$_SESSION['login']=0;
?>

<html>
<head>
<title>Login</title>
</head>
<body>

<!--
The purpose of this file is to show how to perform a log in procedure to protect web pages from unauthorized access.
The method uses 2 pages. Start at Loging.php. If login is sucessful the user is redirected to LoginSuccess.php.
LoginSuccess.php is the starting web page for your protected solution.
If users try to open a protected page without logging in they will be re-directed back to the login page.
-->

<?php
include ("../../Conn/dbaccess.php"); 
?>

<?php
# Check to see if the submit button was clicked and $_POST superglobals username and password are filled in.
# Then find the login record using the username and password. 
# Username is intended to be an email address.
# To search a FileMaker record for an email adderss with an "@" character you have to use the search operator "==" for match entire field.
# Safari will url encode the @ symbol as %40. This means that you have to use the urldecode function to convert %40 back to @.
# Password can be anything. Notice the use of the MD5 hash to enrcypt the data as a 32-bit hexadecimal number. That would send '1234' as "81dc9bdb52d04dc20036dbd8313ed055'.
# For this to work, the password would also need to be stored in the database as a MD5 hash when the user creates their record.
if(isset($_POST['Login']) and (!empty($_POST['username']) and !empty($_POST['password'])) )
    {
    $username = '==' . urldecode($_POST['username']);
    $password = md5($_POST['password']);
    $request = $fm->newFindCommand('Demo php');
    $request->addFindCriterion('UserName', $username);
    $request->addFindCriterion('Password', $password);
    $result = $request->execute();
    # Check for errors  if no records are found, find all all the records so FileMaker doesn't throw an error and crash the page.
    if (FileMaker::isError($result))
        {
        $request = $fm->newFindAllCommand('Demo php');
        $result = $request->execute();
        }
    # Set the $found variable with the number of records in the found set. There should only be 1 unique record.
    $found = $result->getFoundSetCount();
    if($found == 1)
        {
        # Set the $_SESSION superglobal 'login' value to 1 to indicate that the user is logged in.
        # This value will be checked on all the protected pages before the user can access the page.
        # Use the header() method to redirect the user to the LoginSuccess.php page.
        $_SESSION['login']=1;
        header("location:LoginSuccess.php");
        exit;
        }
    else
        # If there is more than one record in the found set set the $_SESSION 'login' value to 0.
        # This will prevent users from accessing any of the protected pages.
        # Set the $message variable to let the user know they tried an incorrect user name or password.
        # Echo the $message in the html of the form.
        {
        $_SESSION['login']=0;
        $message = 'Incorrect user name or password.';
        }
    }   
else
    # By default, the $message varible is set to ask the user to enter a user name and password.
    # Echo the $message in the html of the form.
    {
    $message = 'Please enter a user name and password.';
    }       

?>

<form action="Login.php" method="post">
<table border="0" cellspacing="3" cellpadding="3">
  <tr>
    <td>&nbsp;</td>
    <td><?php echo $message; ?></td>
  </tr>
  <tr>
    <td>User Name</td>
    <td><input name="username" type="text" /></td>
  </tr>
  <tr>
    <td>Password</td>
    <td><input name="password" type="password" /></td>
  </tr>
    <tr>
    <td>&nbsp;</td>
    <td><input name="Login" type="submit" value="login" /></td>
  </tr>
</table>
</form>

</body>
</html>

================

Line 22 is: <?php

Line 56 is: header("location:LoginSuccess.php");

Can anyone shed any light on how to fix the error?

Thanks in Advance! Paul

Answer 1

You should process your data first and then should output any html. try below code

 <?php
  # You have the start the session on the login page.
  # The session_start() method MUST be before the html tag.
  # Always set the $_SESSION login value to 0 on the login page to protect 
  # the other pages by default.
   session_start();
      $_SESSION['login']=0;

    include ("../../Conn/dbaccess.php"); 


   # Check to see if the submit button was clicked and $_POST superglobals 
   #  username and password are filled in.
    # Then find the login record using the username and password. 
  # Username is intended to be an email address.
  # To search a FileMaker record for an email adderss with an "@" character 
   # you have to use the search operator "==" for match entire field.
  # Safari will url encode the @ symbol as %40. This means that you have to 
  #  use the urldecode function to convert %40 back to @.
    # Password can be anything. Notice the use of the MD5 hash to enrcypt 
   #  the data as a 32-bit hexadecimal number. That would send '1234' as 
    #  "81dc9bdb52d04dc20036dbd8313ed055'.
    # For this to work, the password would also need to be stored in the 
    # database as a MD5 hash when the user creates their record.
     if(isset($_POST['Login']) and (!empty($_POST['username']) and 
       !empty($_POST['password'])) )
       {
$username = '==' . urldecode($_POST['username']);
$password = md5($_POST['password']);
$request = $fm->newFindCommand('Demo php');
$request->addFindCriterion('UserName', $username);
$request->addFindCriterion('Password', $password);
$result = $request->execute();
# Check for errors  if no records are found, find all all the records so FileMaker doesn't throw an error and crash the page.
if (FileMaker::isError($result))
    {
    $request = $fm->newFindAllCommand('Demo php');
    $result = $request->execute();
    }
# Set the $found variable with the number of records in the found set. There should only be 1 unique record.
$found = $result->getFoundSetCount();
if($found == 1)
    {
       # Set the $_SESSION superglobal 'login' value to 1 to indicate that 
     #  the user is logged in.
    # This value will be checked on all the protected pages before the user can access the page.
    # Use the header() method to redirect the user to the LoginSuccess.php page.
    $_SESSION['login']=1;
    header("location:LoginSuccess.php");
    exit;
    }
else
       # If there is more than one record in the found set set the $_SESSION 
      # 'login' value to 0.
       # This will prevent users from accessing any of the protected pages.
       # Set the $message variable to let the user know they tried an 
      # incorrect user name or password.
      # Echo the $message in the html of the form.
      {
        $_SESSION['login']=0;
        $message = 'Incorrect user name or password.';
       }
}   
  else
   # By default, the $message varible is set to ask the user to enter a user 
    #name and password.
   # Echo the $message in the html of the form.
    {
    $message = 'Please enter a user name and password.';
   }       

  ?>
 <!--
    The purpose of this file is to show how to perform a log in procedure to 
    protect web pages from unauthorized access.
    The method uses 2 pages. Start at Loging.php. If login is sucessful the 
    user is redirected to LoginSuccess.php.
    LoginSuccess.php is the starting web page for your protected solution.
   If users try to open a protected page without logging in they will be re- 
   directed back to the login page.
    -->
  <html>
    <head>
    <title>Login</title>
   </head>
   <body>

     <form action="Login.php" method="post">
       <table border="0" cellspacing="3" cellpadding="3">
        <tr>
          <td>&nbsp;</td>
            <td><?php echo $message; ?></td>
            </tr>
           <tr>
        <td>User Name</td>
            <td><input name="username" type="text" /></td>
        </tr>
     <tr>
          <td>Password</td>
          <td><input name="password" type="password" /></td>
     </tr>
     <tr>
        <td>&nbsp;</td>
        <td><input name="Login" type="submit" value="login" /></td>
      </tr>
   </table>
  </form>

    </body>
 </html>
     `