Problem with session_start() - [SOLVED]
Posted: Wed Apr 27, 2005 5:54 pm
I am using PHP with mySQL to allow users to login. I am using $_SESSION[] to pass variables such as there username, password, as well as the standard.
The script works fine for the first page but on my second page I get the following errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2
I know that I need to have session_start() before anything is outputted. I don't think that is the issue. I can't seem to figure out why else I would get these messages though.
Here is my code:
----------------------------------------------------------------------------
Script from page giving errors (myPosts.php)
----------------------------------------------------------------------------
----------------------------------------------------------------------------
connect.php
--------------------------------------------------------------------------------------------------------------------------------------------------------
check_login.php
--------------------------------------------------------------------------------------------------------------------------------------------------------
login.php
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Again...All of this works for the first page (index.php) which starts just like myPosts.php
----------------------------------------------------------------------------
index.php
----------------------------------------------------------------------------
----------------------------------------------------------------------------
Any help you can give would be great!
The script works fine for the first page but on my second page I get the following errors:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\myPosts.php:1) in \\brink-premfs1\sites\premium3\exitcharde\webroot\forum\check_login.php on line 2
I know that I need to have session_start() before anything is outputted. I don't think that is the issue. I can't seem to figure out why else I would get these messages though.
Here is my code:
----------------------------------------------------------------------------
Script from page giving errors (myPosts.php)
----------------------------------------------------------------------------
Code: Select all
<?php
require 'connect.php';
if ($logged_in == 0) {
die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}
?><!--
<HTML>
<HEAD>......Content.....connect.php
----------------------------------------------------------------------------
Code: Select all
<?php
$conn = new COM('ADODB.Connection');
$conn->Open("DRIVER={MySQL ODBC 3.51 Driver}; SERVER=mysql2.brinkster.com;DATABASE=exitcharde;UID=exitcharde;PWD=joecharde;");
include('check_login.php');
?>check_login.php
----------------------------------------------------------------------------
Code: Select all
<?php
session_start();
if (!isset($_SESSION['userName']) || !isset($_SESSION['password'])) {
$logged_in = 0;
return;
} else {
if(!get_magic_quotes_gpc()) {
$_SESSION['userName'] = addslashes($_SESSION['username']);
}
// addslashes to session username before using in a query.
$result = @$conn->Execute("SELECT password FROM users WHERE username = '".$_SESSION['userName']."'") or die('Database Error. Please Try Again');
if($result->EOF){
$logged_in = 0;
unset($_SESSION['userName']);
unset($_SESSION['password']);
}
$ret_pass = stripslashes($result->fields[0]->value);
$_SESSION['password'] = stripslashes($_SESSION['password']);
//compare:
if($_SESSION['password'] == $ret_pass) {
// valid password for username
$logged_in = 1;
} else {
$logged_in = 0;
unset($_SESSION['userName']);
unset($_SESSION['password']);
// kill incorrect session variables.
}
}
// clean up
unset($ret_pass);
$_SESSION['userName'] = stripslashes($_SESSION['userName']);
?>login.php
----------------------------------------------------------------------------
Code: Select all
<?php
// database connect script.
require 'connect.php';
if($logged_in == 1) {
echo ;
die('<html><head><title>Login</title><SCRIPT LANGUAGE = "JavaScript">function getURL() {var url = "http://www.askmeaboutexit.com/forum/";parent.window.location.href= url} </SCRIPT></head><html><body onload="javascript: getURL()">'.$_SESSION['name'].', You are already logged in.');
}
?>
<html>
<head>
<title>Login</title>
<SCRIPT LANGUAGE = "JavaScript">
function getURL() {
var url = 'http://www.askmeaboutexit.com/forum/';
parent.window.location.href= url
}
</SCRIPT>
</head>
<?php
if (isset($_POST['submit'])) { // if form has been submitted
/* check they filled in what they were supposed to and authenticate */
if(!$_POST['userName'] | !$_POST['password']) {
die('You did not fill in a required field. <a href="login.php" target="_parent">Click here</a> to return to Login.');
}
// authenticate.
if (!get_magic_quotes_gpc()) {
//$_POST['userName'] = addslashes($_POST['userName']);
}
$check = $conn->Execute("SELECT first, userName, password, login_count FROM users WHERE userName = '".$_POST['userName']."'");
if($check->EOF){
die('That Username Does Not Exist In Our System. <a href="login.php" target="_parent">Click here</a> to return to Login.');
}
// check passwords match
$_POST['password'] = stripslashes($_POST['password']);
$ret_pass = stripslashes($check->fields[2]->value);
$_POST['password'] = /*md5(*/$_POST['password'];
if ($_POST['password'] != $ret_pass) {
die('Incorrect password, please try again.');
}
// if we get here username and password are correct,
//register session variables and set last login time.
$count = $check->fields[3]->value;
$count = $count+1;
$date = date('H:i M d, Y');
$update_login = $conn->Execute("UPDATE users SET login_count='".$count."', last_login = '".$date."' WHERE username = '".$_POST['userName']."'");
$_POST['userName'] = stripslashes($_POST['userName']);
$_SESSION['userName'] = $_POST['userName'];
$_SESSION['password'] = $_POST['password'];
$_SESSION['name'] = stripslashes($check->fields[0]->value);
$logged_in = 1;
?><body onload="javascript: getURL()">
<h1>Logged In</h1>
<p>Welcome back <?php echo $_SESSION['name']; ?>, you are currently logged in.</p>
<?php
} else { // if form hasn't been submitted
?>
<h1>Login</h1>
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<table border="0">
<tr>
<td align="right">User Name:</td>
<td ><input name="userName" type="text" size="25"></td>
</tr>
<tr>
<td align="right">Password:</td>
<td><input name="password" type="password" size="25"></td>
</tr>
<tr>
<td></td>
<td align="right"><input name="submit" type="submit" value="Login"></td>
</tr>
</table>
</form>
<?php
}
?>
</body>
</html>Again...All of this works for the first page (index.php) which starts just like myPosts.php
----------------------------------------------------------------------------
index.php
----------------------------------------------------------------------------
Code: Select all
<?php
require 'connect.php');
if ($logged_in == 0) {
die('Sorry you are not logged in. <a href="login.php" target="_parent">Click here</a> to log in.');
}
?>
<HTML>
<HEAD>...........content............Any help you can give would be great!