Problem with session_start() - [SOLVED]

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

Problem with session_start() - [SOLVED]

Post by jmrdeuce32 »

I am using PHP with mySQL to allow users to login. I am using $_SESSION[] to pass variables such as there username, password, as well as the standard.

The script works fine for the first page but on my second page I get the following errors:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2


I know that I need to have session_start() before anything is outputted. I don't think that is the issue. I can't seem to figure out why else I would get these messages though.

Here is my code:
----------------------------------------------------------------------------
Script from page giving errors (myPosts.php)
----------------------------------------------------------------------------

Code: Select all

<?php
require 'connect.php';

if ($logged_in == 0) {
    die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}
?><!--
<HTML>
<HEAD>......Content.....
----------------------------------------------------------------------------
connect.php
----------------------------------------------------------------------------

Code: Select all

<?php

$conn = new COM('ADODB.Connection');
$conn->Open("DRIVER={MySQL ODBC 3.51 Driver}; SERVER=mysql2.brinkster.com;DATABASE=exitcharde;UID=exitcharde;PWD=joecharde;");

include('check_login.php');
?>
----------------------------------------------------------------------------
check_login.php
----------------------------------------------------------------------------

Code: Select all

<?php
session_start();

if (!isset($_SESSION['userName']) || !isset($_SESSION['password'])) {
    $logged_in = 0;
    return;
} else {
    if(!get_magic_quotes_gpc()) {
        $_SESSION['userName'] = addslashes($_SESSION['username']);
    }


    // addslashes to session username before using in a query.
    $result = @$conn->Execute("SELECT password FROM users WHERE username = '".$_SESSION['userName']."'") or die('Database Error. Please Try Again');
    
    if($result->EOF){
        $logged_in = 0;
        unset($_SESSION['userName']);
        unset($_SESSION['password']);
    }

    $ret_pass = stripslashes($result->fields[0]->value);
    $_SESSION['password'] = stripslashes($_SESSION['password']);



    //compare:



    if($_SESSION['password'] == $ret_pass) { 
        // valid password for username
        $logged_in = 1; 
    } else {
        $logged_in = 0;
        unset($_SESSION['userName']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }
}


// clean up
unset($ret_pass);

$_SESSION['userName'] = stripslashes($_SESSION['userName']);

?>
----------------------------------------------------------------------------
login.php
----------------------------------------------------------------------------

Code: Select all

<?php

// database connect script.

require 'connect.php';

if($logged_in == 1) {
    echo ; 
    die('<html><head><title>Login</title><SCRIPT LANGUAGE = "JavaScript">function getURL()  {var url = "http://www.askmeaboutexit.com/forum/";parent.window.location.href= url} </SCRIPT></head><html><body onload="javascript: getURL()">'.$_SESSION['name'].', You are already logged in.');

}


?>
<html>
<head>
<title>Login</title>
<SCRIPT LANGUAGE = "JavaScript">

function getURL()  {
var url = 'http://www.askmeaboutexit.com/forum/';
parent.window.location.href= url

} 


</SCRIPT>
</head>

<?php

if (isset($_POST['submit'])) { // if form has been submitted


    /* check they filled in what they were supposed to and authenticate */
    if(!$_POST['userName'] | !$_POST['password']) {
        die('You did not fill in a required field. <a href="login.php" target="_parent">Click here</a> to return to Login.');
    }

    // authenticate.

    if (!get_magic_quotes_gpc()) {
        //$_POST['userName'] = addslashes($_POST['userName']);
    }

    $check = $conn->Execute("SELECT first, userName, password, login_count FROM users WHERE userName = '".$_POST['userName']."'");

    if($check->EOF){
        die('That Username Does Not Exist In Our System. <a href="login.php" target="_parent">Click here</a> to return to Login.');
    }


    // check passwords match

    $_POST['password'] = stripslashes($_POST['password']);
    $ret_pass = stripslashes($check->fields[2]->value);
    $_POST['password'] = /*md5(*/$_POST['password'];

    if ($_POST['password'] != $ret_pass) {
        die('Incorrect password, please try again.');
    }

    // if we get here username and password are correct, 
    //register session variables and set last login time.
    $count = $check->fields[3]->value;
    $count = $count+1;
    $date = date('H:i M d, Y');

    $update_login = $conn->Execute("UPDATE users SET login_count='".$count."', last_login = '".$date."' WHERE username = '".$_POST['userName']."'");

    $_POST['userName'] = stripslashes($_POST['userName']);
    $_SESSION['userName'] = $_POST['userName'];
    $_SESSION['password'] = $_POST['password'];
    $_SESSION['name'] = stripslashes($check->fields[0]->value);
    $logged_in = 1;
    

?><body onload="javascript: getURL()">
<h1>Logged In</h1>
<p>Welcome back <?php echo $_SESSION['name']; ?>, you are currently logged in.</p>

<?php

} else {    // if form hasn't been submitted

?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
  <tr>
    <td align="right">User Name:</td>
    <td ><input name="userName" type="text" size="25"></td>
  </tr>
  <tr>
    <td align="right">Password:</td>
    <td><input name="password" type="password" size="25"></td>
  </tr>
  <tr>
    <td></td>
    <td align="right"><input name="submit" type="submit" value="Login"></td>
  </tr>
</table>
</form>
<?php
}
?>
</body>
</html>
----------------------------------------------------------------------------


Again...All of this works for the first page (index.php) which starts just like myPosts.php

----------------------------------------------------------------------------
index.php
----------------------------------------------------------------------------

Code: Select all

<?php

require 'connect.php');

if ($logged_in == 0) {
    die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
<HTML>
<HEAD>...........content............
----------------------------------------------------------------------------

Any help you can give would be great!
Last edited by jmrdeuce32 on Thu Apr 28, 2005 11:54 am, edited 4 times in total.
User avatar
Todd_Z
Forum Regular
Posts: 708
Joined: Thu Nov 25, 2004 9:53 pm
Location: U Michigan

Post by Todd_Z »

First off - DEAR GOD MAN use the php tags when you post - Read this before Feyd kills you

Anywho - session_start() often has to be the very first function you call - try putting that at the top of the first page called, should take care of the "headers already sent" error.[/url]
method_man
Forum Contributor
Posts: 257
Joined: Sat Mar 19, 2005 1:38 am

use the php tags

Post by method_man »

read the rules,
use the php tags

matt
method_man
Forum Contributor
Posts: 257
Joined: Sat Mar 19, 2005 1:38 am

lol

Post by method_man »

posted mine a lil late lol

matt
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

re: use php tags

Post by jmrdeuce32 »

Come on guys...its my first post...I'll use it next time though.

Thanks for the help.

I didn't think of that.
Deemo
Forum Contributor
Posts: 418
Joined: Sun Jan 18, 2004 11:48 am
Location: Washington DC

Post by Deemo »

basicly before any output, the session_start has to be initiated
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

still not working

Post by jmrdeuce32 »

I changed it so that instead of session_start() being in check_login.php it is the first line in each page. It still gives me the same errors.

Code: Select all

<?php
session_start();
require 'connect.php';

if ($logged_in == 0) {
	die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
User avatar
Todd_Z
Forum Regular
Posts: 708
Joined: Thu Nov 25, 2004 9:53 pm
Location: U Michigan

Post by Todd_Z »

You have session_start() in checklogin.php too, take that out. You only need it once.
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

re:

Post by jmrdeuce32 »

Yea....I did take that out...forgot to mention though.
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

Post by jmrdeuce32 »

New Code...Same Errors

connect.php

Code: Select all

<?php

$conn = new COM('ADODB.Connection');
$conn->Open("DRIVER={MySQL ODBC 3.51 Driver}; SERVER=mysql2.brinkster.com;DATABASE=exitcharde;UID=exitcharde;PWD=joecharde;");





include('check_login.php');

?>
check_login.php

Code: Select all

<?php


if (!isset($_SESSION['userName']) || !isset($_SESSION['password'])) {
	$logged_in = 0;
	return;
} else {
	if(!get_magic_quotes_gpc()) {
		$_SESSION['userName'] = addslashes($_SESSION['username']);
	}


	// addslashes to session username before using in a query.
	$result = @$conn->Execute("SELECT password FROM users WHERE username = '".$_SESSION['userName']."'") or die('Database Error. Please Try Again');
	
	if($result->EOF){
		$logged_in = 0;
		unset($_SESSION['userName']);
		unset($_SESSION['password']);
	}

	$ret_pass = stripslashes($result->fields[0]->value);
	$_SESSION['password'] = stripslashes($_SESSION['password']);



	//compare:



	if($_SESSION['password'] == $ret_pass) { 
		// valid password for username
		$logged_in = 1; 
	} else {
		$logged_in = 0;
		unset($_SESSION['userName']);
		unset($_SESSION['password']);
		// kill incorrect session variables.
	}
}


// clean up
unset($ret_pass);

$_SESSION['userName'] = stripslashes($_SESSION['userName']);

?>
myPosts.php

Code: Select all

<?php
session_start();
require ('connect.php');

if ($logged_in == 0) {
	die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
<!--
<HTML>
index.php

Code: Select all

<?php
session_start();
require ('connect.php');

if ($logged_in == 0) {
	die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
<HTML>
<HEAD>
login.php

Code: Select all

<?php

session_start();

require 'connect.php';

if($logged_in == 1) {
	echo ; 
	die('<html><head><title>Login</title><SCRIPT LANGUAGE = "JavaScript">function getURL()  {var url = "http://www.askmeaboutexit.com/forum/";parent.window.location.href= url} </SCRIPT></head><html><body onload="javascript: getURL()">'.$_SESSION['name'].', You are already logged in.');

}


?>
<html>
<head>
<title>Login</title>
<SCRIPT LANGUAGE = "JavaScript">

function getURL()  {
var url = 'http://www.askmeaboutexit.com/forum/';
parent.window.location.href= url

} 


</SCRIPT>
</head>

<?php

if (isset($_POST['submit'])) { // if form has been submitted


	/* check they filled in what they were supposed to and authenticate */
	if(!$_POST['userName'] | !$_POST['password']) {
		die('You did not fill in a required field. <a href="login.php" target="_parent">Click here</a> to return to Login.');
	}

	// authenticate.

	if (!get_magic_quotes_gpc()) {
		//$_POST['userName'] = addslashes($_POST['userName']);
	}

	$check = $conn->Execute("SELECT first, userName, password, login_count FROM users WHERE userName = '".$_POST['userName']."'");

	if($check->EOF){
		die('That Username Does Not Exist In Our System. <a href="login.php" target="_parent">Click here</a> to return to Login.');
	}


	// check passwords match

	$_POST['password'] = stripslashes($_POST['password']);
	$ret_pass = stripslashes($check->fields[2]->value);
	$_POST['password'] = /*md5(*/$_POST['password'];

	if ($_POST['password'] != $ret_pass) {
		die('Incorrect password, please try again.');
	}

	// if we get here username and password are correct, 
	//register session variables and set last login time.
	$count = $check->fields[3]->value;
	$count = $count+1;
	$date = date('H:i M d, Y');

	$update_login = $conn->Execute("UPDATE users SET login_count='".$count."', last_login = '".$date."' WHERE username = '".$_POST['userName']."'");

	$_POST['userName'] = stripslashes($_POST['userName']);
	$_SESSION['userName'] = $_POST['userName'];
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['name'] = stripslashes($check->fields[0]->value);
	$logged_in = 1;
	

?>
<body onload="javascript: getURL()">
<h1>Logged In</h1>
<p>Welcome back <?php echo $_SESSION['name']; ?>, you are currently logged in.</p>

<?php

} else {	// if form hasn't been submitted

?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
  <tr>
    <td align="right">User Name:</td>
    <td ><input name="userName" type="text" size="25"></td>
  </tr>
  <tr>
    <td align="right">Password:</td>
    <td><input name="password" type="password" size="25"></td>
  </tr>
  <tr>
    <td></td>
    <td align="right"><input name="submit" type="submit" value="Login"></td>
  </tr>
</table>
</form>
<?php
}
?>
</body>
</html>
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

We have a detailed tutorial for this found here

I would also like to point out that if you happen to use dreamweaver for your code editing it sometimes throws in hidden characters which is output sent to the browser, causing the error.
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

Post by jmrdeuce32 »

Thanks,
I'm using Dreamweaver...How do I know if there are hidden chars?
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

Re:

Post by jmrdeuce32 »

If I look at the source from the browser of the page that returns the error '<br />' is at the begining. I'm not sure if this is one of the hidden chars you are talking about or if it is placed there by the error message.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

Read the link in my last post. It will explain all.
jmrdeuce32
Forum Newbie
Posts: 15
Joined: Wed Apr 27, 2005 5:45 pm
Location: Naples, FL

Post by jmrdeuce32 »

I did and tried that ob_start() thing but it didn't seem to work. Am I supposed to put it on every page or will it stay on if I just have it on the first page?
Post Reply