I read up lots of session tutorials, but none of them used statement like require or require_once after the session has started. But i seen, in one case they used include statement just after session_start, and it works fine. My question is simple. have a look -
if i use this code
Code: Select all
<?php
session_start();
if (isset($_POST['submit']))
{
//include database connector file
//create a new instance of database connector class
require_once ('../includes/DbConnector.php');
$link=mysql_connect('localhost','root','');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// make ibcs the current db
$db_selected = mysql_select_db('ibcs', $link);
if (!$db_selected) {
die ('Can\'t use ibcs : ' . mysql_error());
}
$db_selected = mysql_select_db('ibcs', $link);
$check = "SELECT user_name, password FROM user WHERE user_name = '".$_POST['user_name']."'";
$result = mysql_query($check);
$num_rows = mysql_num_rows($result);
if (!($num_rows))
{
die('<center><strong>That username does not exist in our database.</strong></center>');
}
$info = mysql_fetch_Array($result);
// check if passwords match
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
//if password doesnot match
if ($_POST['password'] != $info['password'])
{
die('<center><strong>Incorrect password, please try again.</strong></center>');
}
/* if we get here user_name and password are correct,
register session variables and set last login time.*/
$date = date('d,m,y');
$update_login = mysql_query("UPDATE user SET last_login = '$date' WHERE user_name = '".$_POST['user_name']."'");
$_POST['user_name'] = stripslashes($_POST['user_name']);
$_SESSION['user'] = $_POST['user_name'];
$_SESSION['pass'] = $_POST['password'];
mysql_close($link);
header("Location: http://localhost/ibcs/cmsadmin/index.php");
}else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>IBCS WEB ADMIN PANEL</title>
<link rel="stylesheet" type="text/css" href="../admin.css">
<script language="javascript"
type="text/javascript">
function validateForm(form)
{
if (document.form.user_name.value=="")
{
alert("Please type a user id")
return (false);
}
if (document.form.password.value=="")
{
alert("Please type a passwod")
return (false);
}
}
</script>
</head>
<body>
<div id="container">
<h6 class="center">WEB SITE ADMIN PANEL </h6>
<div id="contentBody">
<a class ="adminLink" href="index.php"> Admin Home </a> <br>
<div id="box1">
<form action="userLogin2.php" method="post" name ="form"
onSubmit= "return validateForm(form) ";>
<center>
<table width="250" border="1" cellspacing="0" cellpadding="4" bordercolor="#000000" bordercolordark="#000000" bordercolorlight="#000000" bgcolor="#FFFFFF" style="border-collapse: collapse" height="158">
<tr>
<td class="updatecontent" height="75">
<table border="0" width="100%">
<tr>
<td width="50%"><b>Member ID</b></td>
<td width="50%"><input type="text" name="user_name" maxlength="40"></td>
</tr>
<tr>
<td width="50%"><b>Password</b></td>
<td width="50%">
<input type="password" name="password" maxlength="50">
</td>
</tr>
</table>
</td></tr>
<tr><td class="updatefooter" height="63">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
</div> <!-- box1-->
</div> <!-- contentBody-->
</div> <!-- container -->
</body>
</html>
<?php
}//end if
?>Code: Select all
Warning: Cannot modify header information - headers already sent by (output started at c:\program files\apache group\apache\htdocs\ibcs\includes\DbConnector.php:101) in c:\program files\apache group\apache\htdocs\ibcs\cmsadmin\userlogin2.php on line 47and if i use this one
Code: Select all
<?php
session_start();
if (isset($_POST['submit']))
{
$link=mysql_connect('localhost','root','');
if (!$link) {
die('Could not connect: ' . mysql_error());
}
// make ibcs the current db
$db_selected = mysql_select_db('ibcs', $link);
if (!$db_selected) {
die ('Can\'t use ibcs : ' . mysql_error());
}
$db_selected = mysql_select_db('ibcs', $link);
$check = "SELECT user_name, password FROM user WHERE user_name = '".$_POST['user_name']."'";
$result = mysql_query($check);
$num_rows = mysql_num_rows($result);
if (!($num_rows))
{
die('<center><strong>That username does not exist in our database.</strong></center>');
}
$info = mysql_fetch_Array($result);
// check if passwords match
$_POST['password'] = stripslashes($_POST['password']);
$info['password'] = stripslashes($info['password']);
$_POST['password'] = md5($_POST['password']);
//if password doesnot match
if ($_POST['password'] != $info['password'])
{
die('<center><strong>Incorrect password, please try again.</strong></center>');
}
/* if we get here user_name and password are correct,
register session variables and set last login time.*/
$date = date('d,m,y');
$update_login = mysql_query("UPDATE user SET last_login = '$date' WHERE user_name = '".$_POST['user_name']."'");
$_POST['user_name'] = stripslashes($_POST['user_name']);
$_SESSION['user'] = $_POST['user_name'];
$_SESSION['pass'] = $_POST['password'];
mysql_close($link);
header("Location: http://localhost/ibcs/cmsadmin/index.php");
}else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>IBCS WEB ADMIN PANEL</title>
<link rel="stylesheet" type="text/css" href="../admin.css">
<script language="javascript"
type="text/javascript">
function validateForm(form)
{
if (document.form.user_name.value=="")
{
alert("Please type a user id")
return (false);
}
if (document.form.password.value=="")
{
alert("Please type a passwod")
return (false);
}
}
</script>
</head>
<body>
<div id="container">
<h6 class="center">WEB SITE ADMIN PANEL </h6>
<div id="contentBody">
<a class ="adminLink" href="index.php"> Admin Home </a> <br>
<div id="box1">
<form action="userLogin2.php" method="post" name ="form"
onSubmit= "return validateForm(form) ";>
<center>
<table width="250" border="1" cellspacing="0" cellpadding="4" bordercolor="#000000" bordercolordark="#000000" bordercolorlight="#000000" bgcolor="#FFFFFF" style="border-collapse: collapse" height="158">
<tr>
<td class="updatecontent" height="75">
<table border="0" width="100%">
<tr>
<td width="50%"><b>Member ID</b></td>
<td width="50%"><input type="text" name="user_name" maxlength="40"></td>
</tr>
<tr>
<td width="50%"><b>Password</b></td>
<td width="50%">
<input type="password" name="password" maxlength="50">
</td>
</tr>
</table>
</td></tr>
<tr><td class="updatefooter" height="63">
<input type="submit" name="submit" value="Login">
</td></tr>
</table>
</form>
</div> <!-- box1-->
</div> <!-- contentBody-->
</div> <!-- container -->
</body>
</html>
<?php
}//end if
?>So, require_once statement is the one that is stopping it from redirecting in the first place, right?
What would you do if you need to include your Database connector file? Or, you would take the hassle to include your database connecting information on each page where you want to use sesssion? It just doesnot seem right.
Any answer much appreciated.