Page 1 of 1
login: help with sessions!
Posted: Mon Jul 19, 2004 1:49 am
by C_Calav
hi guys, just been following 2 tutorials and i got the 'Log in + db ussers' part to work now im trying to get my head around the sessions part.
here's my php so far and there is two errors from when i put the session code in..
any help or tips or advice or anything would be helpful thank you.
Code: Select all
<?php
session_start();
$name = $_POST['name'];
// Register session key with the value
$_SESSION['name'] = $name;
if ($submit)
{
$db = mysql_pconnect('localhost) or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from usser where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]==$password)
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
}
else
{
echo "wrong password";
}
}
}
?>
and heres my html
<html>
<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="username" size=10></td><tr>
<td>Password:</td><td><input type="password" name="password" size=10></td><tr>
<td> </td><td><input type="submit" name="submit" value="Log In"></td>
</table></form>
</html>
Posted: Mon Jul 19, 2004 2:14 am
by markl999
if ($submit) should really be if(!empty($_POST['submit'])) and
$db = mysql_pconnect('localhost) or die <- is missing a '
Posted: Mon Jul 19, 2004 2:21 am
by C_Calav
thanx made changes, the ' missing was a misstake when i deleted the usser/pass etc.
getting these errors. only after i added
session_start();
$name = $_POST['name'];
// Register session key with the value
$_SESSION['name'] = $name;
Code: Select all
<?php
session_start();
$name = $_POST['name'];
// Register session key with the value
$_SESSION['name'] = $name;
if(!empty($_POST['submit']))
{
$db = mysql_pconnect('****') or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from usser where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]==$password)
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
}
else
{
echo "wrong password";
}
}
}
?>
Posted: Mon Jul 19, 2004 2:27 am
by markl999
Maybe telling us what those errors are would help?
Also you are using $name = $_POST['name']; but the form element is called 'username', not 'name';
Posted: Mon Jul 19, 2004 2:31 am
by C_Calav
whoops! heres the errors and made the name/ussername chang.
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 10
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 10
Code: Select all
<?php
session_start();
$name = $_POST['ussername'];
// Register session key with the value
$_SESSION['name'] = $name;
if(!empty($_POST['submit']))
{
$db = mysql_pconnect('###') or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from usser where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]==$password)
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
}
else
{
echo "wrong password";
}
}
}
?>
Posted: Mon Jul 19, 2004 2:34 am
by markl999
Make sure there's no white space before the <?php
White space would include an empty line, spaces etc..
$name = $_POST['ussername']; <-- should that be:
$username = $_POST['username']; as you use $username in the query and not $name
Posted: Mon Jul 19, 2004 2:41 am
by C_Calav
i dont think there is any white space?
here is the script in its entirety
<form method=post action="<?echo $PHP_SELF?>">
<table cellpadding=2 cellspacing=0 border=0>
<td>Username:</td><td><input type="text" name="username" size=10></td><tr>
<td>Password:</td><td><input type="password" name="password" size=10></td><tr>
<td> </td><td><input type="submit" name="submit" value="Log In"></td>
</table></form>
Code: Select all
<?php
session_start();
$username = $_POST['username'];
// Register session key with the value
$_SESSION['name'] = $username;
if(!empty($_POST['submit']))
{
$db = mysql_pconnect('***') or die ("Could not connect to database");
mysql_select_db('models') or die ("Could not select database!");
$sql = "select * from usser where name = '$username'";
$result = mysql_query($sql, $db) or die ("Execution failed.");
while ($row=mysql_fetch_array($result))
{
if ($row["password"]==$password)
{
echo " ('Successfully Logged In!<a href='index.php'>Click Here</a>') ";
}
else
{
echo "wrong password";
}
}
}
?>
getting these errors
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php on line 9
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /var/users/modelair/modelaircraft.co.nz/htdocs/admin/login.php:1) in /var/users/modelair
Posted: Mon Jul 19, 2004 2:44 am
by markl999
Ah, you can't have the form before the session_start() as that's classed as output (anything that's sent to the browser is output). Simplest solution is just to move <?php session_start(); ?> before anything, i.e above the form.
Posted: Mon Jul 19, 2004 3:12 am
by C_Calav
thanx very much! everything working... for now...
now if i want all my admin pages to be secure all i do is put
<?php session_start(); ?> at the top of each page?
Posted: Mon Jul 19, 2004 3:28 am
by markl999
now if i want all my admin pages to be secure all i do is put
<?php session_start(); ?> at the top of each page?
Well all session_start() does is start a session, nothing to do with securing pages.
Posted: Mon Jul 19, 2004 4:18 am
by C_Calav
what peiece of code do i put at the top of each page i want secure?
or what shall i search for to find it?
thanx for all ur help btw
