Admin-Seite wird nicht angezeigt

Question

Warning: Cannot modify header information - headers already sent by (output started at/admin/index.php:21) in /var/www/web143366/html/admin/index.php on line 24

<?php 
require_once('../config.php'); 
require_once('../php/functions.php'); 

?> 
<!DOCTYPE> 
<html lang="eng"> 
<head> 
<meta charset="UTF-8"> 

<title>Admin Panel</title> 

<meta name="viewport" content="width=device-width, initial-scale=1.0"> 
<link rel="stylesheet" type="text/css" href="admin.css"> 
<link rel="stylesheet" type="text/css" href="../layout.css"> 
</head> 

<body> 


<?php 

if (!isset($_SESSION['adminid'])) { 
    header('Location: /admin/login'); 
} else { 

?> 

<div id="leftPanel"> 
<a href="/"><div class="przyciskPanelAdmina">Homepage</div></a> 
    <a href="/admin"><div class="przyciskPanelAdmina active">Dashboard</div></a> 
    <a href="accounts"><div class="przyciskPanelAdmina">Manage Accounts</div></a> 
    <a href="addAccount"><div class="przyciskPanelAdmina">Add Account</div></a> 
    <a href="addCategory"><div class="przyciskPanelAdmina">Add Category</div></a> 
    <a href="messages"><div class="przyciskPanelAdmina">Messages</div></a> 
    <a href="logout"><div class="przyciskPanelAdmina">Logout</div></a> 
</div> 

<div id="rightPanel"> 
    <h3>Recent payments</h3> 
    <table> 
    <tr class='first'> 
     <td width='20%'>Account Login</td> 
     <td width='20%'>Account Password</td> 
     <td width='20%'>Date</td> 
     <td width='20%'>Amount</td> 
     <td width='20%'>Payment ID</td> 
    </tr> 
    <?php 

    $sql = $conn->prepare('SELECT accounts.login AS Login, accounts.password AS Pass, date, amount, paymentID FROM payments INNER JOIN accounts ON payments.accountId=accounts.id order by date DESC'); 
    $sql->execute(); 
    $result = $sql->get_result(); 
    while ($row = $result->fetch_assoc()) { 
     echo "<tr><td width='20%'>" . $row['Login'] ."</td><td width='20%'>" . $row['Pass'] ."</td><td width='20%'>" . $row['date'] ."</td><td width='20%'>" . $row['amount'] ."$</td><td width='20%'>" . $row['paymentID'] ."</td></tr>"; 
    } 

    ?> 
    </table> 

    <div class="clear"></div> 
</div> 




<?php 

} 

?> 

</body> 
</html> 

bearbeiten alle: Das ist der Fehler. Wenn ich Zeile 24 entferne, erhalte ich den folgenden Fehler.

Fatal error: Call to undefined method mysqli_stmt::get_result() in /var/www/web143366/html/admin/login.php on line 32 Line 32: $result = $sql->get_result();

Code:.

$sql = $conn->prepare('SELECT * FROM admin WHERE email = ?'); 
    $sql->bind_param('s', $email); 
    $sql->execute(); 
    $result = $sql->get_result(); 

    if ($result->num_rows < 1) { 
     echo "<h1>Wrong email or password</h1>"; 
    } else { 
     while ($row = $result->fetch_assoc()) { 
      $p = $row['password']; 
      $uid = $row['id']; 
     } 

     if (password_verify($pass, $p)) { 
      $_SESSION['adminid'] = $uid; 
      header('Location: /admin'); 
     } else { 
      echo "<h1>Wrong email or password 2</h1>"; 
     } 
    } 
} 

login.php =

<?php 
require_once('../config.php'); 
require_once('../php/functions.php'); 

?> 
<!DOCTYPE> 
<html lang="eng"> 
<head> 
<meta charset="UTF-8"> 

<title>Admin Panel</title> 

<meta name="viewport" content="width=device-width, initial-scale=1.0"> 
<link rel="stylesheet" type="text/css" href="css/style.css"> 
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script> 
<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.11.4/jquery-ui.min.js"></script> 

</head> 

<body> 

<?php 

if (isset($_POST['loginBtn'])) { 
    $email = htmlspecialchars($_POST['mail']); 
    $pass = htmlspecialchars($_POST['password']); 


    $sql = $conn->prepare('SELECT * FROM admin WHERE email = ?'); 
    $sql->bind_param('s', $email); 
    $sql->execute(); 
    $result = $sql->get_result(); 

    if ($result->num_rows < 1) { 
     echo "<h1>Wrong email or password</h1>"; 
    } else { 
     while ($row = $result->fetch_assoc()) { 
      $p = $row['password']; 
      $uid = $row['id']; 
     } 

     if (password_verify($pass, $p)) { 
      $_SESSION['adminid'] = $uid; 
      header('Location: /admin'); 
     } else { 
      echo "<h1>Wrong email or password 2</h1>"; 
     } 
    } 
} 

if (isset($_POST['forgotBtn'])) { 
    $code = randomChars(20); 
    $email = htmlspecialchars($_POST['mail']); 

    $sql = $conn->prepare('SELECT * FROM admin WHERE email = ?'); 
    $sql->bind_param('s', $email); 
    $sql->execute(); 

    $result = $sql->get_result(); 

    if ($result->num_rows < 1) { 
     echo "<h1>No user with that email</h1>"; 
    } else { 
     while ($row = $result->fetch_assoc()) { 
      $uid = $row['id']; 
     } 
     $sql = $conn->prepare('INSERT INTO resetpass (userID, code) VALUES (?, ?)'); 
     $sql->bind_param('ss', $uid, $code); 
     $sql->execute(); 

     $message = "Your reset link: " . "http://" .$_SERVER['SERVER_NAME'] . '/admin/login?r=' . $code; 
     $to = $email; 
     $title = "Reset Password"; 
     if (sendEmail($to, $message, $title)) { 
      echo "Email with reset code has been sent"; 
     } else { 
      echo "Error while sending email"; 
     } 
    } 
} 

if (isset($_POST['resetBtn'])) { 
    $nPass = htmlspecialchars($_POST['nPass']); 
    $code = $_POST['code']; 

    $password = password_hash($nPass, PASSWORD_DEFAULT); 

    $sql = $conn->prepare('SELECT * FROM resetpass WHERE code = ?'); 
    $sql->bind_param('s', $code); 
    $sql->execute(); 

    $result = $sql->get_result(); 

    if ($result->num_rows < 1) { 
     echo "<h1>Error</h1>"; 
    } else { 
     while ($row = $result->fetch_assoc()) { 
      $uid = $row['userID']; 
     } 
     $sql = $conn->prepare('UPDATE resetpass SET used = "1" WHERE code = ?'); 
     $sql->bind_param('s', $code); 
     $sql->execute(); 

     $sql = $conn->prepare('UPDATE admin SET password = ? WHERE id = ?'); 
     $sql->bind_param('ss', $password, $uid); 
     $sql->execute(); 

     echo "Password changed successfuly, you can now login"; 
    } 
} 




?> 

<?php 

if (!isset($_SESSION['adminid'])) { 
    if (isset($_GET['forgot'])) { ?> 
    <form action="" method="POST"> 
     <div class="formularzowyNaglowek">Account Email Address:</div> 
     <input type="email" name="mail" placeholder="Email address" required> 
     <input type="submit" name="forgotBtn" value="Reset"> 
    </form> 

<?php } else if (isset($_GET['r'])) { ?> 

    <form action="" method="POST"> 
     <div class="formularzowyNaglowek">New Password:</div> 
     <input type="password" name="nPass" placeholder="New password" required> 
     <input type="hidden" name="code" value="<?php echo $_GET['r'] ?>" required> 
     <input type="submit" name="resetBtn" value="Reset"> 
    </form> 

<?php 
    } else { ?> 
     <h2 style="text-align: left;">Login to admin panel</h2> 
     <form action="" method="POST"> 
     <div class="formularzowyNaglowek">Email Address:</div> 
     <input type="email" name="mail" placeholder="Email address" required> 
     <div class="formularzowyNaglowek">Password:</div> 
     <input type="password" name="password" placeholder="Password" required> 
     <input type="submit" name="loginBtn" value="Login"> 
     </form> 
     <a href="/admin/login?forgot">Forgot your password?</a> 
<?php 
    } 
} else { 
    header('Location: /admin'); 
} 





?> 

</body> 
</html> 

Answer 1

Die Linie header('Location: /admin/login'); zur Login-Seite umleiten wird, wenn der Benutzer nicht angemeldet ist Das Problem ist, dass Die Funktion header() funktioniert nicht, wenn bereits Inhalt ausgegeben wurde (Echo oder HTML).

<?php 
session_start(); // only if you havent called session_start in config.php or functions.php 
require_once('../config.php'); 
require_once('../php/functions.php'); 

if (!isset($_SESSION['adminid'])) { 
    header('Location: /admin/login'); 
    exit(); 
} 

?> 
<!DOCTYPE> 
<html lang="eng"> 
<head> 
<meta charset="UTF-8"> 

<title>Admin Panel</title> 

<meta name="viewport" content="width=device-width, initial-scale=1.0"> 
<link rel="stylesheet" type="text/css" href="admin.css"> 
<link rel="stylesheet" type="text/css" href="../layout.css"> 
</head> 

<body> 

<div id="leftPanel"> 
<a href="/"><div class="przyciskPanelAdmina">Homepage</div></a> 
    <a href="/admin"><div class="przyciskPanelAdmina active">Dashboard</div></a> 
    <a href="accounts"><div class="przyciskPanelAdmina">Manage Accounts</div></a> 
    <a href="addAccount"><div class="przyciskPanelAdmina">Add Account</div></a> 
    <a href="addCategory"><div class="przyciskPanelAdmina">Add Category</div></a> 
    <a href="messages"><div class="przyciskPanelAdmina">Messages</div></a> 
    <a href="logout"><div class="przyciskPanelAdmina">Logout</div></a> 
</div> 

<div id="rightPanel"> 
    <h3>Recent payments</h3> 
    <table> 
    <tr class='first'> 
     <td width='20%'>Account Login</td> 
     <td width='20%'>Account Password</td> 
     <td width='20%'>Date</td> 
     <td width='20%'>Amount</td> 
     <td width='20%'>Payment ID</td> 
    </tr> 
    <?php 

    $sql = $conn->prepare('SELECT accounts.login AS Login, accounts.password AS Pass, date, amount, paymentID FROM payments INNER JOIN accounts ON payments.accountId=accounts.id order by date DESC'); 
    $sql->execute(); 
    $result = $sql->get_result(); 
    while ($row = $result->fetch_assoc()) { 
     echo "<tr><td width='20%'>" . $row['Login'] ."</td><td width='20%'>" . $row['Pass'] ."</td><td width='20%'>" . $row['date'] ."</td><td width='20%'>" . $row['amount'] ."$</td><td width='20%'>" . $row['paymentID'] ."</td></tr>"; 
    } 

    ?> 
    </table> 

    <div class="clear"></div> 
</div> 
</body> 
</html>