I'm getting these errors and not sure why, anyone have an idea?
Warning: Oops, php3_SetCookie called after header has been sent in /home/baaclub/baaclub- on line 15
Warning: Oops, php3_SetCookie called after header has been sent in /home/baaclub/baaclub- on line 16
Here's Confirm.php3
<?php
include($DOCUMENT_ROOT.'/include/database.php3');
include($DOCUMENT_ROOT.'/include/pre.php3');
include($DOCUMENT_ROOT.'/include/user.php3');
if ($hash && $email) {
$worked=user_confirm($hash,$email);
} else {
$feedback = '<H1>ERROR - Missing Params</H1>';
}
site_header('Account Confirmation');
if ($feedback) {
echo '<FONT COLOR="RED"><H2>'.$feedback.'</H2></FONT>';
}
if (!$worked){
echo '<P><H1>Having Trouble Confirming?</H1>
<P>A change was just made to the system, try the
<A HREF="changeemail.php">Change Your Email Address</A>
page to receive a new confirmation email';
}
echo '<H3>Your BAA Private Community Account</H3>
<P>
<A HREF="login.php3">Login To BAA Private Community</A>
<P>
<A HREF="register.php3">Register A New Account</A>
<P>
<A HREF="changepass.php3">Change Your Password</A>';
site_footer();
?>
Heres the File user.php3
<?php
if (!defined ("USER_PHP"
){define ("USER_PHP", "true"
;$hidden_hash_var='your_password_here';
function user_set_tokens($user_name_in) {
global $SERVER_NAME;
global $hidden_hash_var,$user_name,$id_hash;
$feedback .= "username=$user_name_in";
if (!$user_name_in) {
$feedback .= ' ERROR1 - User Name Missing When Setting Tokens ';
return false;
}
$user_name=strtolower($user_name_in);
$id_hash= md5($user_name.$hidden_hash_var);
setcookie('user_name',$user_name,(time()+25920),'/','',0);
setcookie('id_hash',$id_hash,(time()+25920),'/','',0);
}
$LOGGED_IN=false;
//clear it out in case someone sets it in the URL or something
unset($LOGGED_IN);
function user_isloggedin() {
global $user_name,$id_hash,$hidden_hash_var,$LOGGED_IN;
//have we already run the hash checks?
//If so, return the pre-set var
if (isset($LOGGED_IN)) {
return $LOGGED_IN;
}
if ($user_name && $id_hash) {
$hash=md5($user_name.$hidden_hash_var);
if ($hash == $id_hash) {
$LOGGED_IN=true;
return true;
} else {
$LOGGED_IN=false;
return false;
}
} else {
$LOGGED_IN=false;
return false;
}
}
function user_login($user_name,$password) {
global $feedback;
if (!$user_name || !$password) {
$feedback .= ' ERROR - Missing user name or password ';
return false;
} else {
$user_name=strtolower($user_name);
$password=strtolower($password);
$sql="SELECT * FROM user WHERE user_name='$user_name' AND password='". md5($password) ."'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1){
$feedback .= ' ERROR - User not found or password incorrect ';
return false;
} else {
if (db_result($result,0,'is_confirmed') == '1') {
user_set_tokens($user_name);
$feedback .= ' SUCCESS1 - You Are Now Logged In ';
return true;
} else {
$feedback .= ' ERROR - You have not Confirmed Your Account Yet ';
return false;
}
}
}
}
function user_confirm($hash,$email) {
/*
Call this function on the user confirmation page,
which they arrive at when the click the link in the
account confirmation email
*/
global $feedback,$hidden_hash_var;
//verify that they did not tamper with the email address
$new_hash=md5($email.$hidden_hash_var);
if ($new_hash && ($new_hash==$hash)) {
//find this record in the db
$sql="SELECT * FROM user WHERE confirm_hash='$hash'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
$feedback .= ' ERROR - Hash Not Found ';
return false;
} else {
//confirm the email and set account to active
$feedback .= ' User Account Updated - You Are Now Logged In ';
user_set_tokens(db_result($result,0,'user_name'));
$sql="UPDATE user SET email='$email',is_confirmed='1' WHERE confirm_hash='$hash'";
$result=db_query($sql);
return true;
}
} else {
$feedback .= ' HASH INVALID - UPDATE FAILED ';
return false;
}
}
function user_change_password ($new_password1,$new_password2,$change_user_name,$old_password) {
global $feedback;
//new passwords present and match?
if ($new_password1 && ($new_password1==$new_password2)) {
//is this password long enough?
if (account_pwvalid($new_password1)) {
//all vars are present?
if ($change_user_name && $old_password) {
//lower case everything
$change_user_name=strtolower($change_user_name);
$old_password=strtolower($old_password);
$new_password1=strtolower($new_password1);
$sql="SELECT * FROM user WHERE user_name='$change_user_name' AND password='". md5($old_password) ."'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
$feedback .= ' User not found or bad password '.db_error();
return false;
} else {
$sql="UPDATE user SET password='". md5($new_password1). "' ".
"WHERE user_name='$change_user_name' AND password='". md5($old_password). "'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' NOTHING Changed '.db_error();
return false;
} else {
$feedback .= ' Password Changed ';
return true;
}
}
} else {
$feedback .= ' Must Provide User Name And Old Password ';
return false;
}
} else {
$feedback .= ' New Passwords Does not Meet Criteria ';
return false;
}
} else {
return false;
$feedback .= ' New Passwords Must Match ';
}
}
function user_lost_password ($email,$user_name) {
global $feedback,$hidden_hash_var;
if ($email && $user_name) {
$user_name=strtolower($user_name);
$sql="SELECT * FROM user WHERE user_name='$user_name' AND email='$email'";
$result=db_query($sql);
if (!$result || db_numrows($result) < 1) {
//no matching user found
$feedback .= ' ERROR - Incorrect User Name Or Email Address ';
return false;
} else {
//create a secure, new password
$new_pass=strtolower(substr(md5(time().$user_name.$hidden_hash_var),1,14));
//update the database to include the new password
$sql="UPDATE user SET password='". md5($new_pass) ."' WHERE user_name='$user_name'";
$result=db_query($sql);
//send a simple email with the new password
mail ($email,'Password Reset','Your Password '.
'has been reset to: '.$new_pass,'From: pip@baaclub.com');
$feedback .= ' Your new password has been emailed to you. ';
return true;
}
} else {
$feedback .= ' ERROR - User Name and Email Address Are Required ';
return false;
}
}
function user_change_email ($password1,$new_email,$user_name) {
global $feedback,$hidden_hash_var;
if (validate_email($new_email)) {
$hash=md5($new_email.$hidden_hash_var);
//change the confirm hash in the db but not the email -
//send out a new confirm email with a new hash
$user_name=strtolower($user_name);
$password1=strtolower($password1);
$sql="UPDATE user SET confirm_hash='$hash' WHERE user_name='$user_name' AND password='". md5($password1) ."'";
$result=db_query($sql);
if (!$result || db_affected_rows($result) < 1) {
$feedback .= ' ERROR - Incorrect User Name Or Password ';
return false;
} else {
$feedback .= ' Confirmation Sent ';
user_send_confirm_email($new_email,$hash);
return true;
}
} else {
$feedback .= ' New Email Address Appears Invalid ';
return false;
}
}
function user_send_confirm_email($email,$hash) {
/*
Used in the initial registration function
as well as the change email address function
*/
$message = "Thank You For Registering For the BAA Private Community".
"\nSimply follow this link to confirm your registration: ".
"\n\n urlencode($email).
"\n\nOnce you confirm, you can use the services at BAA Private Community.";
mail ($email,'BAA Community Registration',$message,'From: Pip@baaclub.com');
}
function user_register($user_name,$password1,$password2,$email,$real_name) {
global $feedback,$hidden_hash_var;
//all vars present and passwords match?
if ($user_name && $password1 && $password1==$password2 && $email && validate_email($email)) {
//password and name are valid?
if (account_namevalid($user_name) && account_pwvalid($password1)) {
$user_name=strtolower($user_name);
$password1=strtolower($password1);
//does the name exist in the database?
$sql="SELECT * FROM user WHERE user_name='$user_name'";
$result=db_query($sql);
if ($result && db_numrows($result) > 0) {
$feedback .= ' ERROR - USER NAME EXISTS ';
return false;
} else {
//create a new hash to insert into the db and the confirmation email
$hash=md5($email.$hidden_hash_var);
$sql="INSERT INTO user (user_name,real_name,password,email,remote_addr,confirm_hash,is_confirmed) ".
"VALUES ('$user_name','$real_name','". md5($password1) ."','$email','$GLOBALS[REMOTE_ADDR]','$hash','0')";
$result=db_query($sql);
if (!$result) {
$feedback .= ' ERROR - '.db_error();
return false;
} else {
//send the confirm email
user_send_confirm_email($email,$hash);
$feedback .= ' Successfully Registered. You Should Have a Confirmation Email Waiting ';
return true;
}
}
} else {
$feedback .= ' Account Name or Password Invalid ';
return false;
}
} else {
$feedback .= ' ERROR - Must Fill In User Name, Matching Passwords, And Provide Valid Email Address ';
return false;
}
}
function user_getid() {
global $G_USER_RESULT;
//see if we have already fetched this user from the db, if not, fetch it
if (!$G_USER_RESULT) {
$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'"
;}
if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {
return db_result($G_USER_RESULT,0,'user_id');
} else {
return false;
}
}
function user_getrealname() {
global $G_USER_RESULT;
//see if we have already fetched this user from the db, if not, fetch it
if (!$G_USER_RESULT) {
$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'"
;}
if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {
return db_result($G_USER_RESULT,0,'real_name');
} else {
return false;
}
}
function user_getemail() {
global $G_USER_RESULT;
//see if we have already fetched this user from the db, if not, fetch it
if (!$G_USER_RESULT) {
$G_USER_RESULT=db_query("SELECT * FROM user WHERE user_name='" . user_getname() . "'"
;}
if ($G_USER_RESULT && db_numrows($G_USER_RESULT) > 0) {
return db_result($G_USER_RESULT,0,'email');
} else {
return false;
}
}
function user_getname() {
if (user_isloggedin()) {
return $GLOBALS['user_name'];
} else {
//look up the user some day when we need it
return ' ERROR - Not Logged In ';
}
}
function account_pwvalid($pw) {
global $feedback;
if (strlen($pw) < 6) {
$feedback .= " Password must be at least 6 characters. ";
return false;
}
return true;
}
function account_namevalid($name) {
global $feedback;
// no spaces
if (strrpos($name,' ') > 0) {
$feedback .= " There cannot be any spaces in the login name. ";
return false;
}
// must have at least one character
if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
== 0) {$feedback .= "There must be at least one character.";
return false;
}
// must contain all legal characters
if (strspn($name,"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
!= strlen($name)) {
$feedback .= " Illegal character in name. ";
return false;
}
// min and max length
if (strlen($name) < 5) {
$feedback .= " Name is too short. It must be at least 5 characters. ";
return false;
}
if (strlen($name) > 15) {
$feedback .= "Name is too long. It must be less than 15 characters.";
return false;
}
// illegal names
if (eregi("^((root)|(bin)|(daemon)|(adm)|(lp)|(sync)|(shutdown)|(halt)|(mail)|(news)"
. "|(uucp)|(operator)|(games)|(mysql)|(httpd)|(nobody)|(dummy)"
. "|( {
$feedback .= "Name is reserved.";
return 0;
}
if (eregi("^(anoncvs_)",$name)) {
$feedback .= "Name is reserved for CVS.";
return false;
}
return true;
}
function validate_email ($address) {
return (ereg('^[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+'. '@'. '[-!#$%&\'*+\\/0-9=?A-Z^_`a-z{|}~]+\.' . '[-!#$%&\'*+\\./0-9=?A-Z^_`a-z{|}~]+$', $address));
}
}
?>