Problem with session persisting over several pages.
Posted: Fri Apr 09, 2004 4:04 pm
Hi. I'm having a huge problem. I have a website with 2 user types. Admin and user. Admin has access to everything. User only has access to certain pages. I have a script that gets their userlevel from the database, so that is no issue. The problem I am having has to do with when they log in. This problem occurred before I wrote the script to check the userlevel, so that is not the problem. What happens is that if you log in as a user, you can access the member pages just fine. The session persists over these pages(we think it is at least). But, if I log in as the administrator, I get this error:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/nwmissouri/public_html/Admin_Welcome.php:1) in /home/nwmissouri/public_html/Admin_Welcome.php on line 2
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/nwmissouri/public_html/Admin_Welcome.php:1) in /home/nwmissouri/public_html/Admin_Welcome.php on line 2
The code on the admin pages is EXACTLY the same as the code on the member pages, except that once the session is detected, it is supposed to send them away from the page if they aren't an admin.
Here is the code that validates our user login:
the javascript methods only redirect the user to the appropriate page, base of their user level. At the top of the user's welcome page, we have
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/nwmissouri/public_html/Admin_Welcome.php:1) in /home/nwmissouri/public_html/Admin_Welcome.php on line 2
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/nwmissouri/public_html/Admin_Welcome.php:1) in /home/nwmissouri/public_html/Admin_Welcome.php on line 2
The code on the admin pages is EXACTLY the same as the code on the member pages, except that once the session is detected, it is supposed to send them away from the page if they aren't an admin.
Here is the code that validates our user login:
Code: Select all
<?php
if(isset($HTTP_POST_VARS['username']) && isset($HTTP_POST_VARS['password']))
{
$username = $HTTP_POST_VARS['username'];
$password = $HTTP_POST_VARS['password'];
if(!$username || !$password)
{
session_destroy();
echo("<script language = 'JavaScript'>");
echo("emptyUserOrPass();");
echo("</script>");
}
//trims extra spaces off username
$username = trim($username);
$password = trim($password);
$db = mysql_connect('localhost', 'nwmissouri', 'info1') or die ("Could not connect: " . mysql_error());
//Checks to see if connection failed
if(!$db)
{
echo 'Error: Could not connect to database. Please try again later.';
}
mysql_select_db('nwmissouri');
$query = 'select * from LOGIN '
."where Username = '$username' "
." and Password = password('$password')";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
if(mysql_num_rows($result) > 0)
{
session_register('Member_Id');
//if they are in the database register the user id
$HTTP_SESSION_VARS['valid_user'] = $username;
session_register('valid_user');
if($row['User_Level'] == 1)
{
echo ("<script language = 'JavaScript'>");
echo ("adminCheck();");
echo ("</script>");
}
echo ("<script language = 'JavaScript'>");
echo ("memberCheck();");
echo ("</script>");
}
else
{
session_destroy();
echo ("<script language = 'JavaScript'>");
echo ("invalidUserOrPass();");
echo ("</script>");
}
}//end if
?>the javascript methods only redirect the user to the appropriate page, base of their user level. At the top of the user's welcome page, we have
Code: Select all
<?php
session_start();
?>Code: Select all
This code works and the user is detected as logged in.
We also have that SAME code on the member welcome page and we get the errors displayed above, where line 2 is the session_start(); command.
Why won't the session persist over all the pages? How do we get it to persist? Are there any other ideas or examples to get hte session to set and then persist?
Thanks