Page 1 of 2

Problem with session_start() - [SOLVED]

Posted: Wed Apr 27, 2005 5:54 pm
by jmrdeuce32
I am using PHP with mySQL to allow users to login. I am using $_SESSION[] to pass variables such as there username, password, as well as the standard.

The script works fine for the first page but on my second page I get the following errors:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2


I know that I need to have session_start() before anything is outputted. I don't think that is the issue. I can't seem to figure out why else I would get these messages though.

Here is my code:
----------------------------------------------------------------------------
Script from page giving errors (myPosts.php)
----------------------------------------------------------------------------

Code: Select all

<?php
require 'connect.php';

if ($logged_in == 0) {
    die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}
?><!--
<HTML>
<HEAD>......Content.....
----------------------------------------------------------------------------
connect.php
----------------------------------------------------------------------------

Code: Select all

<?php

$conn = new COM('ADODB.Connection');
$conn->Open("DRIVER={MySQL ODBC 3.51 Driver}; SERVER=mysql2.brinkster.com;DATABASE=exitcharde;UID=exitcharde;PWD=joecharde;");

include('check_login.php');
?>
----------------------------------------------------------------------------
check_login.php
----------------------------------------------------------------------------

Code: Select all

<?php
session_start();

if (!isset($_SESSION['userName']) || !isset($_SESSION['password'])) {
    $logged_in = 0;
    return;
} else {
    if(!get_magic_quotes_gpc()) {
        $_SESSION['userName'] = addslashes($_SESSION['username']);
    }


    // addslashes to session username before using in a query.
    $result = @$conn->Execute("SELECT password FROM users WHERE username = '".$_SESSION['userName']."'") or die('Database Error. Please Try Again');
    
    if($result->EOF){
        $logged_in = 0;
        unset($_SESSION['userName']);
        unset($_SESSION['password']);
    }

    $ret_pass = stripslashes($result->fields[0]->value);
    $_SESSION['password'] = stripslashes($_SESSION['password']);



    //compare:



    if($_SESSION['password'] == $ret_pass) { 
        // valid password for username
        $logged_in = 1; 
    } else {
        $logged_in = 0;
        unset($_SESSION['userName']);
        unset($_SESSION['password']);
        // kill incorrect session variables.
    }
}


// clean up
unset($ret_pass);

$_SESSION['userName'] = stripslashes($_SESSION['userName']);

?>
----------------------------------------------------------------------------
login.php
----------------------------------------------------------------------------

Code: Select all

<?php

// database connect script.

require 'connect.php';

if($logged_in == 1) {
    echo ; 
    die('<html><head><title>Login</title><SCRIPT LANGUAGE = "JavaScript">function getURL()  {var url = "http://www.askmeaboutexit.com/forum/";parent.window.location.href= url} </SCRIPT></head><html><body onload="javascript: getURL()">'.$_SESSION['name'].', You are already logged in.');

}


?>
<html>
<head>
<title>Login</title>
<SCRIPT LANGUAGE = "JavaScript">

function getURL()  {
var url = 'http://www.askmeaboutexit.com/forum/';
parent.window.location.href= url

} 


</SCRIPT>
</head>

<?php

if (isset($_POST['submit'])) { // if form has been submitted


    /* check they filled in what they were supposed to and authenticate */
    if(!$_POST['userName'] | !$_POST['password']) {
        die('You did not fill in a required field. <a href="login.php" target="_parent">Click here</a> to return to Login.');
    }

    // authenticate.

    if (!get_magic_quotes_gpc()) {
        //$_POST['userName'] = addslashes($_POST['userName']);
    }

    $check = $conn->Execute("SELECT first, userName, password, login_count FROM users WHERE userName = '".$_POST['userName']."'");

    if($check->EOF){
        die('That Username Does Not Exist In Our System. <a href="login.php" target="_parent">Click here</a> to return to Login.');
    }


    // check passwords match

    $_POST['password'] = stripslashes($_POST['password']);
    $ret_pass = stripslashes($check->fields[2]->value);
    $_POST['password'] = /*md5(*/$_POST['password'];

    if ($_POST['password'] != $ret_pass) {
        die('Incorrect password, please try again.');
    }

    // if we get here username and password are correct, 
    //register session variables and set last login time.
    $count = $check->fields[3]->value;
    $count = $count+1;
    $date = date('H:i M d, Y');

    $update_login = $conn->Execute("UPDATE users SET login_count='".$count."', last_login = '".$date."' WHERE username = '".$_POST['userName']."'");

    $_POST['userName'] = stripslashes($_POST['userName']);
    $_SESSION['userName'] = $_POST['userName'];
    $_SESSION['password'] = $_POST['password'];
    $_SESSION['name'] = stripslashes($check->fields[0]->value);
    $logged_in = 1;
    

?><body onload="javascript: getURL()">
<h1>Logged In</h1>
<p>Welcome back <?php echo $_SESSION['name']; ?>, you are currently logged in.</p>

<?php

} else {    // if form hasn't been submitted

?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
  <tr>
    <td align="right">User Name:</td>
    <td ><input name="userName" type="text" size="25"></td>
  </tr>
  <tr>
    <td align="right">Password:</td>
    <td><input name="password" type="password" size="25"></td>
  </tr>
  <tr>
    <td></td>
    <td align="right"><input name="submit" type="submit" value="Login"></td>
  </tr>
</table>
</form>
<?php
}
?>
</body>
</html>
----------------------------------------------------------------------------


Again...All of this works for the first page (index.php) which starts just like myPosts.php

----------------------------------------------------------------------------
index.php
----------------------------------------------------------------------------

Code: Select all

<?php

require 'connect.php');

if ($logged_in == 0) {
    die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
<HTML>
<HEAD>...........content............
----------------------------------------------------------------------------

Any help you can give would be great!

Posted: Wed Apr 27, 2005 6:04 pm
by Todd_Z
First off - DEAR GOD MAN use the php tags when you post - Read this before Feyd kills you

Anywho - session_start() often has to be the very first function you call - try putting that at the top of the first page called, should take care of the "headers already sent" error.[/url]

use the php tags

Posted: Wed Apr 27, 2005 6:07 pm
by method_man
read the rules,
use the php tags

matt

lol

Posted: Wed Apr 27, 2005 6:08 pm
by method_man
posted mine a lil late lol

matt

re: use php tags

Posted: Wed Apr 27, 2005 6:09 pm
by jmrdeuce32
Come on guys...its my first post...I'll use it next time though.

Thanks for the help.

I didn't think of that.

Posted: Wed Apr 27, 2005 6:14 pm
by Deemo
basicly before any output, the session_start has to be initiated

still not working

Posted: Wed Apr 27, 2005 6:28 pm
by jmrdeuce32
I changed it so that instead of session_start() being in check_login.php it is the first line in each page. It still gives me the same errors.

Code: Select all

<?php
session_start();
require 'connect.php';

if ($logged_in == 0) {
	die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>

Posted: Wed Apr 27, 2005 6:32 pm
by Todd_Z
You have session_start() in checklogin.php too, take that out. You only need it once.

re:

Posted: Wed Apr 27, 2005 6:34 pm
by jmrdeuce32
Yea....I did take that out...forgot to mention though.

Posted: Wed Apr 27, 2005 7:09 pm
by jmrdeuce32
New Code...Same Errors

connect.php

Code: Select all

<?php

$conn = new COM('ADODB.Connection');
$conn->Open("DRIVER={MySQL ODBC 3.51 Driver}; SERVER=mysql2.brinkster.com;DATABASE=exitcharde;UID=exitcharde;PWD=joecharde;");





include('check_login.php');

?>
check_login.php

Code: Select all

<?php


if (!isset($_SESSION['userName']) || !isset($_SESSION['password'])) {
	$logged_in = 0;
	return;
} else {
	if(!get_magic_quotes_gpc()) {
		$_SESSION['userName'] = addslashes($_SESSION['username']);
	}


	// addslashes to session username before using in a query.
	$result = @$conn->Execute("SELECT password FROM users WHERE username = '".$_SESSION['userName']."'") or die('Database Error. Please Try Again');
	
	if($result->EOF){
		$logged_in = 0;
		unset($_SESSION['userName']);
		unset($_SESSION['password']);
	}

	$ret_pass = stripslashes($result->fields[0]->value);
	$_SESSION['password'] = stripslashes($_SESSION['password']);



	//compare:



	if($_SESSION['password'] == $ret_pass) { 
		// valid password for username
		$logged_in = 1; 
	} else {
		$logged_in = 0;
		unset($_SESSION['userName']);
		unset($_SESSION['password']);
		// kill incorrect session variables.
	}
}


// clean up
unset($ret_pass);

$_SESSION['userName'] = stripslashes($_SESSION['userName']);

?>
myPosts.php

Code: Select all

<?php
session_start();
require ('connect.php');

if ($logged_in == 0) {
	die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
<!--
<HTML>
index.php

Code: Select all

<?php
session_start();
require ('connect.php');

if ($logged_in == 0) {
	die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}


?>
<HTML>
<HEAD>
login.php

Code: Select all

<?php

session_start();

require 'connect.php';

if($logged_in == 1) {
	echo ; 
	die('<html><head><title>Login</title><SCRIPT LANGUAGE = "JavaScript">function getURL()  {var url = "http://www.askmeaboutexit.com/forum/";parent.window.location.href= url} </SCRIPT></head><html><body onload="javascript: getURL()">'.$_SESSION['name'].', You are already logged in.');

}


?>
<html>
<head>
<title>Login</title>
<SCRIPT LANGUAGE = "JavaScript">

function getURL()  {
var url = 'http://www.askmeaboutexit.com/forum/';
parent.window.location.href= url

} 


</SCRIPT>
</head>

<?php

if (isset($_POST['submit'])) { // if form has been submitted


	/* check they filled in what they were supposed to and authenticate */
	if(!$_POST['userName'] | !$_POST['password']) {
		die('You did not fill in a required field. <a href="login.php" target="_parent">Click here</a> to return to Login.');
	}

	// authenticate.

	if (!get_magic_quotes_gpc()) {
		//$_POST['userName'] = addslashes($_POST['userName']);
	}

	$check = $conn->Execute("SELECT first, userName, password, login_count FROM users WHERE userName = '".$_POST['userName']."'");

	if($check->EOF){
		die('That Username Does Not Exist In Our System. <a href="login.php" target="_parent">Click here</a> to return to Login.');
	}


	// check passwords match

	$_POST['password'] = stripslashes($_POST['password']);
	$ret_pass = stripslashes($check->fields[2]->value);
	$_POST['password'] = /*md5(*/$_POST['password'];

	if ($_POST['password'] != $ret_pass) {
		die('Incorrect password, please try again.');
	}

	// if we get here username and password are correct, 
	//register session variables and set last login time.
	$count = $check->fields[3]->value;
	$count = $count+1;
	$date = date('H:i M d, Y');

	$update_login = $conn->Execute("UPDATE users SET login_count='".$count."', last_login = '".$date."' WHERE username = '".$_POST['userName']."'");

	$_POST['userName'] = stripslashes($_POST['userName']);
	$_SESSION['userName'] = $_POST['userName'];
	$_SESSION['password'] = $_POST['password'];
	$_SESSION['name'] = stripslashes($check->fields[0]->value);
	$logged_in = 1;
	

?>
<body onload="javascript: getURL()">
<h1>Logged In</h1>
<p>Welcome back <?php echo $_SESSION['name']; ?>, you are currently logged in.</p>

<?php

} else {	// if form hasn't been submitted

?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
  <tr>
    <td align="right">User Name:</td>
    <td ><input name="userName" type="text" size="25"></td>
  </tr>
  <tr>
    <td align="right">Password:</td>
    <td><input name="password" type="password" size="25"></td>
  </tr>
  <tr>
    <td></td>
    <td align="right"><input name="submit" type="submit" value="Login"></td>
  </tr>
</table>
</form>
<?php
}
?>
</body>
</html>

Posted: Wed Apr 27, 2005 8:30 pm
by John Cartwright
We have a detailed tutorial for this found here

I would also like to point out that if you happen to use dreamweaver for your code editing it sometimes throws in hidden characters which is output sent to the browser, causing the error.

Posted: Wed Apr 27, 2005 8:33 pm
by jmrdeuce32
Thanks,
I'm using Dreamweaver...How do I know if there are hidden chars?

Re:

Posted: Wed Apr 27, 2005 9:08 pm
by jmrdeuce32
If I look at the source from the browser of the page that returns the error '<br />' is at the begining. I'm not sure if this is one of the hidden chars you are talking about or if it is placed there by the error message.

Posted: Wed Apr 27, 2005 9:09 pm
by John Cartwright
Read the link in my last post. It will explain all.

Posted: Wed Apr 27, 2005 9:15 pm
by jmrdeuce32
I did and tried that ob_start() thing but it didn't seem to work. Am I supposed to put it on every page or will it stay on if I just have it on the first page?