The character encoding of the HTML document was not declared.

The character encoding of the HTML document was not declared.

hi, on my site: http://m.slapp.me/
When I login, user: test pass: test

it checks the login against the database on a seperate page and then redirects if login successful but the URL stays the same, please help.

here is my checking page: 

  1. <?php
    ob_start();
    $host="xxx"; // Host name
    $username="xxx"; // Mysql username
    $password="xxx"; // Mysql password
    $db_name="xxx"; // Database name
    $tbl_name="xxx"; // Table name


    // Connect to server and select databse.
    mysql_connect("$host", "$username", "$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    // Define $myusername and $mypassword
    $myusername=$_POST['rsUser'];
    $mypassword=$_POST['rsPass'];

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword);
    $myusername = mysql_real_escape_string($myusername);
    $mypassword = mysql_real_escape_string($mypassword);

    $sql="SELECT * FROM $tbl_name WHERE rsUser='$myusername' and rsPass='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $num_rows = mysql_num_rows($result);
    $row = mysql_fetch_array($result);
    // If result matched $myusername and $mypassword, table row must be 1 row


    if ($num_rows > 0) {
    session_start();
    $_SESSION['login'] = "1";
    $_SESSION['UserID'] = $row['UserID']; 
    $rsUser = $row['rsUser'];
    }
    else {
    $errorMessage = "Invalid Login";
    session_start();
    $_SESSION['login'] = '';
    }

    ob_end_flush();
    ?>


here is the page I end up on when successful

  1. <?
    session_start();
    if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
    header ("Location: index.php");
    }
    mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
    mysql_select_db("xxx") or die(mysql_error());

    $rsUser = $_REQUEST['rsUser'];
    $query1 = mysql_query("SELECT * FROM rstarget INNER JOIN users ON users.UserID=rstarget.UserID WHERE currentTarget = '1'");
    $row1 = mysql_fetch_array($query1);

    $query3 = mysql_query("SELECT * FROM users WHERE rsUser = '$rsUser'");
    $row3 = mysql_fetch_array($query3);

    $TargetID = $row1['TargetID'];

    $result1 = mysql_query("SELECT * FROM rstargetpictures WHERE TargetID = '$TargetID' AND PictureApproval = '1'");
    $msg = $_REQUEST['msg'];
    ?>
    <!DOCTYPE html> 
    <html>

    <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1"> 
    <title>Multi-page template</title> 
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.css" />
    <script src="http://code.jquery.com/jquery-1.8.2.min.js"></script>
    <script src="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.js"></script>
    <script type="text/javascript">

      var _gaq = _gaq || [];
      _gaq.push(['_setAccount', 'UA-2434589-28']);
      _gaq.push(['_trackPageview']);

      (function() {
        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
      })();

    </script>
    <script type="text/javascript">

      var _gaq = _gaq || [];
      _gaq.push(['_setAccount', 'UA-2434589-29']);
      _gaq.push(['_trackPageview']);

      (function() {
        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
      })();

    </script>
    </head> 

    <body> 

    <!-- Start of first page: #one -->
    <div data-role="page" id="success">

        <header data-role="header"data-theme="b">
            <h1>Slapp.ME</h1>
            <?php
    if($_SESSION['UserID'] == '1'){
    echo '<a href="#success" data-icon="home" class="ui-btn-right">Admin</a>';
    }
    ?>
        </header><!-- /header -->

    <div data-role="content" >
    Todays target is: <h2><?php echo $row1['TargetName']; ?></h2>
    <p><a href="#add" data-role="button" data-rel="dialog" data-transition="pop">Add Image</a></p>
    <p><a href="#" data-role="button" data-icon="star">Suggest new Target</a></p>
    <p><a href="#" data-role="button" data-icon="star">View Profile</a></p>
    <p><a href="#" data-role="button" data-icon="star">Logout</a></p>
    </div><!-- /content -->
    <div data-role="footer" data-theme="d">
    <h4>Page Footer</h4>
    </div><!-- /footer -->
    </div><!-- /page one -->

    <!-- Start of third page: #add -->
    <div data-role="page" id="add">

    <div data-role="header" data-theme="e">
    <h1>Add Image</h1>
    </div><!-- /header -->

    <div data-role="content" data-theme="d">
    <h2>Login to Slapp.ME</h2>
    <div data-role="fieldcontain">
    <form id="login" name="form1" method="post" action="checklogin.php">
    <label for="name">Username:</label>
    <input type="text" name="rsUser" id="name" value=""  />
    <label for="name">Password:</label>
    <input type="password" name="rsPass" id="name" value=""  />
    <br />
    <button value="submit-value" name="submit" data-theme="b" type="submit" class="ui-btn-hidden" aria-disabled="false">Login</button>
    </form>
    </div>
    </div><!-- /content -->
    <div data-role="footer">
    <h4>Page Footer</h4>
    </div><!-- /footer -->
    </div><!-- /page popup -->


    </body>

    </html>
when logged in, the URL shows: http://m.slapp.me/checklogin.php it should be http://m.slapp.me/login_success.php as there is a redirect