PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!
We are new and just learning to use php. We are trying to create a Login page that will create a session once a user has logged in.
Our error is:
Warning: session_start(); cannot send session cookie - headers already sent by (output started at /home/nwmissouri/public_html/USer_Validate.php:8)
<?php
session_start();
?>
<html>
<head>
<title>Access Test</title>
</head>
<script language = "JavaScript">
<!-- Just trimmed the JS to make the script a bit shorter to repost -->
</script>
<body>
<?php
// use $_POST instead of $HTTP_POST_VARS
if(isset($_POST['username']) && isset($_POST['password'])) {
// you can trim the values here (makes more sense for the next bit.
$username = trim($_POST['username']);
$password = trim($_POST['password']);
// if you're checking to see whether a variable is empty, use the
// empty() function, if you're checking to see whether a variable
// has a boolean false value do !$variable.
if(empty($username) || empty($password)) {
session_destroy();
echo '<script language = "JavaScript">';
echo 'emptyUserOrPass();';
echo '</script>';
}
$db = mysql_connect('localhost', 'nwmissouri', 'info1') or die('Could not connect: '.mysql_error());
// don't bother with the connection failed code because the or die()
// statement will stop the script so you won't get to this point
// if the connection has failed.
// add error handling to database selecting as well
mysql_select_db('nwmissouri') or die(mysql_error());
// * try to avoid multilined single or double quoted strings as they
// can be confusing when you read your code
// * don't do SELECT * FROM, specify the fields you want returned
// and save some processing time for the db.
$query = "SELECT Username FROM LOGIN ";
$query .= "WHERE Username = '$username' AND Password = '$password'";
$result = mysql_query($query);
// don't bother fetching a row if you don't need the data
if (mysql_num_rows($result) > 0) {
// don't use session_register() it's deprecated and doesn't work
// well with $_SESSION or $HTTP_SESSION_VARS
// use $_SESSION instead of $HTTP_SESSION_VARS
$_SESSION['valid_user'] = $username;
if($row['User_Level'] == 1) {
echo '<script language = "JavaScript">';
echo 'adminCheck();';
echo '</script>';
}
echo '<script language = "JavaScript">';
echo 'memberCheck();';
echo '</script>';
} else {
session_destroy();
echo '<script language = "JavaScript">';
echo 'invalidUserOrPass();';
echo '</script>';
}
} //end if
?>
</body>
</html>