Page 1 of 1

Having a hard time creating sessions In PHP?

Posted: Sat May 12, 2012 1:59 pm
by mcc_shane
Hi,

I'm new to this forum. They is my first post and I'm currently learning how to code via youtube videos!

I'm trying to create a session_start(); for my website. Every time I login I'm getting a nasty error message and not sure why.

Would you guys happen to know what I'm doing wrong? I don't think I'm mistyping session_start(); incorrectly. Do I need to declare something in the session? I'm confused ......

Thanks everyone in advance!

http://whatsmyowncarworth.com/login/login.php

User info
username = alex
password = abc

username = kyle
password = 123

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Error message

"Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/bvghy/public_html/whatsmyowncarworth.com/login/login2.php:8) in /home/bvghy/public_html/whatsmyowncarworth.com/login/login2.php on line 10

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/bvghy/public_html/whatsmyowncarworth.com/login/login2.php:8) in /home/bvghy/public_html/whatsmyowncarworth.com/login/login2.php on line 10"

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

login2.php page = php code

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password)
{

$connect = mysql_connect("localhost","bvghy_bvghy","mypassword") or die("Counldn't Connect!");
mysql_select_db("bvghy_phplogin") or die("Counldn't Connect to DB");

$query = mysql_query("SELECT id, username, password FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);




if ($numrows!=0)
{
// code to login
// The $row is a varialbe of mysql_fetch_assoc. The $row fetches the the above query. $dbusername and $dbpassword are varialbes of $row['username']; and $row['password'];
// the 'username' and 'password' are references to the rows in the MySql database
while ($row = mysql_fetch_assoc($query))
{
$dbusername = $row['username'];
$dbpassword = $row['password'];
}

// check to see if they match!
if ($username==$dbusername&&$password==$dbpassword)
{
echo "Your in! <a href='member.php'>Click</a> here to enter the member page";
$_SESSION['username']=$dbusername;
}
else
echo "Incorrect password!";

}
else
die("That user dosen't exist!");

Re: Having a hard time creating sessions In PHP?

Posted: Sat May 12, 2012 3:59 pm
by requinix
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/bvghy/public_html/whatsmyowncarworth.com/login/login2.php:8) in /home/bvghy/public_html/whatsmyowncarworth.com/login/login2.php on line 10
You cannot use functions like session_start() and header() if anything has been outputted. Whatever is on line 8 in login2.php outputted something. Either get rid of it or move the session_start() to the beginning of the file. Similarly, you can't have anything before the opening <?php tag.

Re: Having a hard time creating sessions In PHP?

Posted: Sat May 12, 2012 5:55 pm
by mcc_shane
Hi requinix,

I appreciate the response. When I remove the session_start(); it works but I'm not creating a session. I was watching this video and the instructor creates a session and it's working. I know the video is three years old but I'm assuming it should still be valid?

20 Secs. into the video
http://www.youtube.com/watch?v=0dq5Sj9j ... 3942AC8E40

Thanks everyone

Re: Having a hard time creating sessions In PHP?

Posted: Sat May 12, 2012 6:59 pm
by requinix
I would not recommend that video tutorial to anyone. Just saying.

Part 1:
- Invalid HTML
- No uniqueness constraint on the username. Might be intentional? But then no uniqueness on the username+password
- Stores cleartext passwords
- The "form is empty" condition he has will reject "0" as a username or password (because "0"==false). I'll ignore the undefined index possibility
- Connects to the database as root
- ...which doesn't have a password
- die() is not the best function. Practically never is. Technically it's not a function either
Part 2:
- SQL injection
- Login scripts should never say whether a username exists or not
- Uses the while loop for multiple rows (there could be with his design) but the rest of the code pretends there's only ever one row
- $username always == $dbusername. It was right there in the query
Part 3:
- Tries to use start_session(). Really? Please
- "Click here" is poor design
- Doesn't realize his == mistake until much later. I feel like I'm watching over a guy's shoulder as he codes some new feature, not a video tutorial
- Is obviously developing with warnings and notices hidden, otherwise he would have seen an "undefined index" warning in member.php
- The thing about having sessions active after the browser restarts is wrong. It depends on the PHP setup and rarely ever does that
- Undefined index on $_SESSION["username"]. Again, would have seen that


Back on topic.
You need the session_start(). But it has to be executed before anything is outputted, like error messages or HTML or even whitespace before the <?php tag.
So what are the contents of login2.php from the very beginning of the file up until line, let's say, 15?

Re: Having a hard time creating sessions In PHP?

Posted: Sun May 13, 2012 9:13 am
by mcc_shane
Hi Requinix,

I appreciate the detailed response. Below is the php code and HTML code for the pages login.php, login2.php and member.php
So what are the contents of login2.php from the very beginning of the file up until line, let's say, 15?
This is up until line 15

Code: Select all

<html>
<head>
<title>Login2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password) <<----- Line 15
You need the session_start(). But it has to be executed before anything is outputted, like error messages or HTML or even whitespace before the <?php tag.
Are you saying I need to have the <?php?> above the HTML? like this .....

Code: Select all

<?php

session_start()

?>
<html>
<head>
<title>Login2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
I would not recommend that video tutorial to anyone. Just saying.
Would you happen to know of any quality tutorials either on youtube or the internet?

Below is the code. Thanks again for the help!

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

This is the login.php

Code: Select all

<html>
<head>
<title>Login</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">

<form action="login2.php" method="post">
  Username:<input type="text" name="username"><br>
  Password:<input type="password" name="password"><br>
  <input type="submit" name="Login In">
</form>

<hr>


<p>This is the next <a href="http://whatsmyowncarworth.com/Foreach.php">Foreach</a></p>

</body>
</html>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

This is the login2.php / html - php code

Code: Select all

<html>
<head>
<title>Login2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">

<?php

session_start();

$username = $_POST['username'];
$password = $_POST['password'];

if ($username&&$password) 
{

$connect = mysql_connect("localhost","myaccount","mypassword") or die("Counldn't Connect!");
mysql_select_db("phplogin") or die("Counldn't Connect to DB");

$query = mysql_query("SELECT id, username, password FROM users WHERE username='$username'");

$numrows = mysql_num_rows($query);




if ($numrows!=0)
{
// code to login
// The $row is a varialbe of mysql_fetch_assoc. The $row fetches the the above query. $dbusername and $dbpassword are varialbes of $row['username']; and $row['password'];
// the 'username' and 'password' are references to the rows in the MySql database
while ($row = mysql_fetch_assoc($query))
  {
      $dbusername = $row['username'];
	  $dbpassword = $row['password'];
  }
  
// check to see if they match!  
  if ($username==$dbusername&&$password==$dbpassword)
  {
    echo "Your in! <a href='member.php'>Click</a> here to enter the member page";
	$_SESSION['username'] = $username;
  }
  else  
     echo "Incorrect password!";
	 
}
else 
   die("That user dosen't exist!");

   
   
   
   
}
else 
  die("Please enter a username and a password!");

?>

</body>
</html>
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

member.php / php - HTML code

Code: Select all

<html>
<head>
<title>Member</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">

<?php

session_start();

echo "Welcome, ".$_SESSION['username']."!";



?>

</body>
</html>

Re: Having a hard time creating sessions In PHP?

Posted: Sun May 13, 2012 5:35 pm
by requinix
mcc_shane wrote:
You need the session_start(). But it has to be executed before anything is outputted, like error messages or HTML or even whitespace before the <?php tag.
Are you saying I need to have the <?php?> above the HTML? like this .....

Code: Select all

<?php

session_start()

?>
<html>
<head>
<title>Login2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Yes. Exactly that.
mcc_shane wrote:
I would not recommend that video tutorial to anyone. Just saying.
Would you happen to know of any quality tutorials either on youtube or the internet?
Not really. I don't learn like that so I've not personally seen any I could recommend.

Search on forums (via Google or not) for tutorials: actual tutorials or just recommendations. Did you know that PHP DN has a tutorials forum? There's even a LOGIN & REGISTRATION Script Tutorial in there.

Re: Having a hard time creating sessions In PHP?

Posted: Sun May 13, 2012 7:23 pm
by califdon
Just thought I'd add that you're getting expert advice from requinix, and that my observation of many of these "tutorial" videos is that they are often made by people who (1) really don't know what they are doing, and (2) are not skilled in presenting logical instruction. There might be a few useful ones out there, but the majority of them suck! I too would not recommend them to anyone trying to learn PHP or other programming skills (unless someone finds one that is actually good, which I haven't found). Some of the serious online tutorials are pretty good (the non-video ones) and of course there are good books.

Re: Having a hard time creating sessions In PHP?

Posted: Mon May 14, 2012 10:22 am
by mcc_shane
Thanks requinix and califdon for your help. I appreciate guys!

requinix, appreciate the tutorials as well! and tip! It worked!