Hi I've just got some problem here with a login script that i've adapted from the net
there are two files login.php :-
<?php
// Connects to your Database
mysql_connect("localhost", "spacefarm_user1", "fogarty") or die(mysql_error());
mysql_select_db("spacefarm_db1") or die(mysql_error());
//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))
//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: psp_new_login.php");
}
}
}
//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted
// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database
if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());
//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);
//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=1;
//then redirect them to the members area
header("Location: psp_new.php");
}
}
}
else
{
header("Location: psp_new_login.php");
}
// if they are not logged in
?>
and check.php :-
<?php
//if(!defined("SESSIONSTARTED")){
//session_start();
//} ///**so I've slimmed this part down to remove the error but still wont work
//Check if the user has been logged in ///Problem is here SESSION variable reads false when it should be true user having logged in
if(!isset($_SESSION["OK"]) || $_SESSION["OK"] == false){
//If he hasn't, send him back to the homepage
echo "<meta http-equiv='refresh' content='3;URL=psp_new_login.php'/>Please log in";
die;
}
//Tell your program the session has been started. This will prevent some useless error messages
define("SESSIONSTARTED", 1);
?>
so that the login page is a simple form that works ok but the check script that runs on a require from the members page just refers you back to the login page seems that there is a problem with the session variable $_SESSION["OK"] not being set I've tried using the cookies but that doesnt work to exclude anyone. Is this something to do with session_start(); not running correctly. If I use session_start() in the check script it delivers an error:-
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/vndv.com/s/p/a/spacefarm/htdocs/psp_new.php:8) in /www/vndv.com/s/p/a/spacefarm/htdocs/check.php on line 4
That is because I assume the session already started in the login script. So I removed the session_start() from the check script and it just refers you back to the login. If you can help and understand what I mean here I would be gratefull.
login script check/verify user logged in problem
Moderator: General Moderators
Re: login script check/verify user logged in problem
The $_SESSION array isn't populated without session_start(). Your error is a result of sending data to the user before running session_start(). You must run it before sending any data.
Re: login script check/verify user logged in problem
Ok thanks for the reply jackpf , session_start() should have already been started during login after ID is accepted and then $_SESSION["OK"] is set true you see here :-
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=true;
//then redirect them to the members area
header("Location: psp_new.php");
if a login is not accepted then $_SESSION["OK"] remains unset and they return to login page
besides which if I was to put another session_start() in the check.php script it shows the error I described earlier. Probably something simple like the placing of session_start() in the login script?
// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=true;
//then redirect them to the members area
header("Location: psp_new.php");
if a login is not accepted then $_SESSION["OK"] remains unset and they return to login page
besides which if I was to put another session_start() in the check.php script it shows the error I described earlier. Probably something simple like the placing of session_start() in the login script?
Re: login script check/verify user logged in problem
You only need session_start() once on each script. And if you're including files, then once for all of the scripts.
It must be at the top of the script, before any output, and it must be before you attempt to access any $_SESSION variables.
It must be at the top of the script, before any output, and it must be before you attempt to access any $_SESSION variables.