login: help with sessions!

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

login: help with sessions!

Post by C_Calav »

hi guys, just been following 2 tutorials and i got the 'Log in + db ussers' part to work now im trying to get my head around the sessions part.

here's my php so far and there is two errors from when i put the session code in..

any help or tips or advice or anything would be helpful thank you.

Code: Select all

<?php

 session_start(); 

 $name = $_POST['name']; 

 // Register session key with the value 
 $_SESSION['name'] = $name; 

 if ($submit) 
 {
     $db = mysql_pconnect('localhost) or die ("Could not connect to database");
     mysql_select_db('models') or die ("Could not select database!");
     $sql = "select * from usser where name = '$username'";
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     {
        if ($row["password"]==$password) 
        {
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
        }
		else
		{
		echo "wrong password";
		}
  
     }
 }
?>
and heres my html


<html>
<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="username" size=10></td><tr>
<td>Password:</td><td><input type="password" name="password" size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log In"></td>
</table></form>
</html>
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

if ($submit) should really be if(!empty($_POST['submit'])) and
$db = mysql_pconnect('localhost) or die <- is missing a '
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

thanx made changes, the ' missing was a misstake when i deleted the usser/pass etc.

getting these errors. only after i added

session_start();

$name = $_POST['name'];

// Register session key with the value
$_SESSION['name'] = $name;


Code: Select all

<?php

 session_start(); 

 $name = $_POST['name']; 

 // Register session key with the value 
 $_SESSION['name'] = $name; 

 if(!empty($_POST['submit'])) 
 {
     $db = mysql_pconnect('****') or die ("Could not connect to database");
     mysql_select_db('models') or die ("Could not select database!");
     $sql = "select * from usser where name = '$username'";
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     {
        if ($row["password"]==$password) 
        {
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
        }
		else
		{
		echo "wrong password";
		}
  
     }
 }
?>
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Maybe telling us what those errors are would help? ;)

Also you are using $name = $_POST['name']; but the form element is called 'username', not 'name';
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

whoops! heres the errors and made the name/ussername chang.

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 10

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 10

Code: Select all

<?php


 session_start(); 

 $name = $_POST['ussername']; 

 // Register session key with the value 
 $_SESSION['name'] = $name; 

 if(!empty($_POST['submit'])) 
 {
     $db = mysql_pconnect('###') or die ("Could not connect to database");
     mysql_select_db('models') or die ("Could not select database!");
     $sql = "select * from usser where name = '$username'";
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     {
        if ($row["password"]==$password) 
        {
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
        }
		else
		{
		echo "wrong password";
		}
  
     }
 }

?>
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Make sure there's no white space before the <?php
White space would include an empty line, spaces etc..

$name = $_POST['ussername']; <-- should that be:
$username = $_POST['username']; as you use $username in the query and not $name
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

i dont think there is any white space?

here is the script in its entirety

<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="username" size=10></td><tr>
<td>Password:</td><td><input type="password" name="password" size=10></td><tr>
<td>&nbsp;</td><td><input type="submit" name="submit" value="Log In"></td>
</table></form>

Code: Select all

<?php

 session_start(); 

 $username = $_POST['username'];

 // Register session key with the value 
 $_SESSION['name'] = $username; 

 if(!empty($_POST['submit'])) 
 {
     $db = mysql_pconnect('***') or die ("Could not connect to database");
     mysql_select_db('models') or die ("Could not select database!");
     $sql = "select * from usser where name = '$username'";
     $result = mysql_query($sql, $db) or die ("Execution failed."); 

     while ($row=mysql_fetch_array($result)) 
     {
        if ($row["password"]==$password) 
        {
        echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
        }
		else
		{
		echo "wrong password";
		}
  
     }
 }
?>
getting these errors

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 9

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

Ah, you can't have the form before the session_start() as that's classed as output (anything that's sent to the browser is output). Simplest solution is just to move <?php session_start(); ?> before anything, i.e above the form.
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

thanx very much! everything working... for now...

now if i want all my admin pages to be secure all i do is put
<?php session_start(); ?> at the top of each page?
User avatar
markl999
DevNet Resident
Posts: 1972
Joined: Thu Oct 16, 2003 5:49 pm
Location: Manchester (UK)

Post by markl999 »

now if i want all my admin pages to be secure all i do is put
<?php session_start(); ?> at the top of each page?
Well all session_start() does is start a session, nothing to do with securing pages.
User avatar
C_Calav
Forum Contributor
Posts: 395
Joined: Wed Jun 02, 2004 10:55 pm
Location: New Zealand

Post by C_Calav »

what peiece of code do i put at the top of each page i want secure?

or what shall i search for to find it?

thanx for all ur help btw :)
Post Reply