Page 1 of 1

login script check/verify user logged in problem

Posted: Thu Jul 30, 2009 11:18 am
by housebyte
Hi I've just got some problem here with a login script that i've adapted from the net

there are two files login.php :-
<?php
// Connects to your Database
mysql_connect("localhost", "spacefarm_user1", "fogarty") or die(mysql_error());
mysql_select_db("spacefarm_db1") or die(mysql_error());

//Checks if there is a login cookie
if(isset($_COOKIE['ID_my_site']))

//if there is, it logs you in and directes you to the members page
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
$check = mysql_query("SELECT * FROM users WHERE username = '$username'")or die(mysql_error());
while($info = mysql_fetch_array( $check ))
{
if ($pass != $info['password'])
{
}
else
{
header("Location: psp_new_login.php");

}
}
}

//if the login form is submitted
if (isset($_POST['submit'])) { // if form has been submitted

// makes sure they filled it in
if(!$_POST['username'] | !$_POST['pass']) {
die('You did not fill in a required field.');
}
// checks it against the database

if (!get_magic_quotes_gpc()) {
$_POST['email'] = addslashes($_POST['email']);
}
$check = mysql_query("SELECT * FROM users WHERE username = '".$_POST['username']."'")or die(mysql_error());

//Gives error if user dosen't exist
$check2 = mysql_num_rows($check);
if ($check2 == 0) {
die('That user does not exist in our database. <a href=add.php>Click Here to Register</a>');
}
while($info = mysql_fetch_array( $check ))
{
$_POST['pass'] = stripslashes($_POST['pass']);
$info['password'] = stripslashes($info['password']);
$_POST['pass'] = md5($_POST['pass']);

//gives error if the password is wrong
if ($_POST['pass'] != $info['password']) {
die('Incorrect password, please try again.');
}
else
{

// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=1;


//then redirect them to the members area
header("Location: psp_new.php");
}
}
}
else
{
header("Location: psp_new_login.php");
}



// if they are not logged in
?>




and check.php :-


<?php

//if(!defined("SESSIONSTARTED")){
//session_start();
//} ///**so I've slimmed this part down to remove the error but still wont work

//Check if the user has been logged in ///Problem is here SESSION variable reads false when it should be true user having logged in

if(!isset($_SESSION["OK"]) || $_SESSION["OK"] == false){
//If he hasn't, send him back to the homepage
echo "<meta http-equiv='refresh' content='3;URL=psp_new_login.php'/>Please log in";
die;
}
//Tell your program the session has been started. This will prevent some useless error messages
define("SESSIONSTARTED", 1);

?>


so that the login page is a simple form that works ok but the check script that runs on a require from the members page just refers you back to the login page seems that there is a problem with the session variable $_SESSION["OK"] not being set I've tried using the cookies but that doesnt work to exclude anyone. Is this something to do with session_start(); not running correctly. If I use session_start() in the check script it delivers an error:-

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/vndv.com/s/p/a/spacefarm/htdocs/psp_new.php:8) in /www/vndv.com/s/p/a/spacefarm/htdocs/check.php on line 4
That is because I assume the session already started in the login script. So I removed the session_start() from the check script and it just refers you back to the login. If you can help and understand what I mean here I would be gratefull.

Re: login script check/verify user logged in problem

Posted: Thu Jul 30, 2009 11:22 am
by jackpf
The $_SESSION array isn't populated without session_start(). Your error is a result of sending data to the user before running session_start(). You must run it before sending any data.

Re: login script check/verify user logged in problem

Posted: Fri Jul 31, 2009 5:22 am
by housebyte
Ok thanks for the reply jackpf , session_start() should have already been started during login after ID is accepted and then $_SESSION["OK"] is set true you see here :-

// if login is ok then we add a cookie
$_POST['username'] = stripslashes($_POST['username']);
$hour = time() + 3600;
setcookie(ID_my_site, $_POST['username'], $hour);
setcookie(Key_my_site, $_POST['pass'], $hour);
session_start();
$_SESSION["OK"]=true;


//then redirect them to the members area
header("Location: psp_new.php");

if a login is not accepted then $_SESSION["OK"] remains unset and they return to login page

besides which if I was to put another session_start() in the check.php script it shows the error I described earlier. Probably something simple like the placing of session_start() in the login script?

Re: login script check/verify user logged in problem

Posted: Fri Jul 31, 2009 6:16 am
by jackpf
You only need session_start() once on each script. And if you're including files, then once for all of the scripts.

It must be at the top of the script, before any output, and it must be before you attempt to access any $_SESSION variables.