Page 1 of 1

New to php: BIG QUESTION SAVE ME!!!!

Posted: Fri Sep 20, 2002 4:25 am
by royalhunt
I'm new to php (i just started learning yesterday!!!) and i want to make a login page. The user logins to an Oracle 9i server. the problem is that i want to personalize the pages for each user. For example i want to execute a specific sql statement for the specific user. my code is the following

Code: Select all

<?php
include "OracleCon.inc";
  $username = $HTTP_POST_VARS&#1111;'username'];
  $password =$HTTP_POST_VARS&#1111;'password'];
  if (isset($username) && isset($password)) &#123;
    $oracle = new OracleCon($username, $password, "DEV_ORION");
    if ($oracle->ConnectToDB())&#123;
      if (session_start())&#123;
        echo "session started<br>";
      &#125;
      $connection=array(serialize($oracle));
      session_register("connection");
      header("Location: search.php");
      exit;
	&#125;else&#123;
	  header("Location: fail.php");
      exit;
	&#125;
&#125;
?>
<html>
  <head>
    <title>Oracle Login - Start Page</title>
  </head>
 
 <body bgcolor="#ffffff" text="#000000">
    <h2>Oracle Login - Start Page</h2>
    <form action="login2.php" method="POST">
      Username: <input name="username" type="text" /><br />
      Password:  <input name="password" type="password" /><br />
      <input type="submit" value="Log in" />
    </form>
  </body>
</html>
and the OracleCon.inc file is the following:

Code: Select all

<?php
class OracleCon&#123;
   var $username;
   var $password;
   var $alias;
   var $conn;
   var $stmt;
   var $sql_statement;
   
   function OracleCon($username, $password, $alias)&#123;
     $this->username=$username;
	 $this->password=$password;
	 $this->alias=$alias;
   &#125;
   
   function ConnectToDB()&#123;
     $this->conn = OCIPLogon($this->username, $this->password, $this->alias);
	 if (!OCIError())&#123;
	   return true;
	 &#125;else&#123;
	   return false;
	 &#125;
   &#125;
   
   function DisconnectFromDB()&#123;
     OCILogOff($this->conn);
   &#125;
   
   function CreateStatement()&#123;
     $this->stmt="select DEMO_ID, DSC from patsavouris.demo where user_name='".$this->username."'";
   &#125;
   
   function ExecuteStatement()&#123;
     $this->sql_statement = OCIParse($this->conn, $this->stmt, 1);
     OCIExecute($this->sql_statement);
   &#125;
   function ShowResults()&#123;
     echo "<TABLE BORDER=1>"; 
	 echo "<TR><TH>ID</TH><TH>DSC</TH>";
 	 while (OCIFetch($this->sql_statement))&#123;
       echo "<TR>";
	   $num_cols = OCINumCols($this->sql_statement);
	   for ($i = 1; $i <= $num_cols; $i++) &#123;
	     $column_value = OCIResult($this->sql_statement,$i);
		 echo "<TD>$column_value</TD>";
 	   &#125;
	   echo "</TR>";
	 &#125;
	 echo "</TABLE>";
   &#125;
 &#125;
 
?>
the problem is when the user logins i get the following warnings:


Warning: Cannot send session cookie - headers already sent by (output started at c:\program files\apache group\apache\htdocs\php\login2.php:10) in c:\program files\apache group\apache\htdocs\php\login2.php on line 13

Warning: Cannot send session cache limiter - headers already sent (output started at c:\program files\apache group\apache\htdocs\php\login2.php:10) in c:\program files\apache group\apache\htdocs\php\login2.php on line 13
session started

Warning: Cannot add header information - headers already sent by (output started at c:\program files\apache group\apache\htdocs\php\login2.php:10) in c:\program files\apache group\apache\htdocs\php\login2.php on line 18


What is wrong with it?

Posted: Fri Sep 20, 2002 4:26 am
by twigletmac

Yes but....

Posted: Fri Sep 20, 2002 4:41 am
by royalhunt
the error messages are in the session_start
even if i don't use the echo the messages are still there

Posted: Fri Sep 20, 2002 5:12 am
by Takuma
Have you sent any header information before starting session? e.g. have you printed out anything? or used header()?

If that's not the case try putting session start at at the very start of the script.

This is...

Posted: Fri Sep 20, 2002 5:16 am
by royalhunt
...the whole script. the problem is that i want to start the session when the user logs in succefully. so if i put the session_start at the beginning of the script it wouldn't help (i think, i'm not sure)

Posted: Fri Sep 20, 2002 5:20 am
by Takuma
If you save it as OracleCon.inc it's not ganna work try saving it as OracleCon.php

Posted: Fri Sep 20, 2002 5:42 am
by Wayne
you can save the file as OracleCon.inc it will work but this could be a security issue, as the file could be read without being passed through PHP. rather call the file .php.

You can call the session_start function after the user has been successfully logged in, the only requirement is that no information ie any html, plain text or headers have been sent back to the browser by the script! So just make sure you dont have any echo or print commands before the session_start function.

Posted: Fri Sep 20, 2002 7:36 am
by Takuma
You can but the file won't be parsed will it?

Posted: Fri Sep 20, 2002 7:42 am
by twigletmac
If you include a file with a .inc extension into a file with a .php extension then any PHP in the .inc file will be parsed and the simplest way to find this out is to try it. The issue in using .inc extensions for your included files is not related to what happens when you include them in a PHP page but what happens if someone manages to guess the files name and tries to call it up in a web browser. If the .inc extension is not set to be parsed as PHP by the webserver then any sensitive information in the .inc file (including passwords) will be available to the person calling it up in their web browser.

Mac