943,749 Members | Top Members by Rank

Web Development > PHP > please tell me what is wrong with the code
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 2592
  • PHP RSS
Permalink
Feb 4th, 2008
0

please tell me what is wrong with the code

Expand Post »
I'm trying to create a simple login page by following a tutorial i saw online. I did everything it required but i got this error

// Check if session is not registered , redirect back to main page. // Put this code in first line of web page.
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\test\login_success.php:3) in C:\xampp\htdocs\test\login_success.php on line 4
Login Successful

this is my code.

checklogin.php
PHP Syntax (Toggle Plain Text)
  1. <?php
  2. ob_start();
  3. $host="localhost"; // Host name
  4. $username="root"; // Mysql username
  5. $password="emilyking"; // Mysql password
  6. $db_name="test"; // Database name
  7. $tbl_name="members"; // Table name
  8.  
  9. // Connect to server and select databse.
  10. mysql_connect("$host", "$username", "$password")or die("cannot connect");
  11. mysql_select_db("$db_name")or die("cannot select DB");
  12.  
  13. // Define $myusername and $mypassword
  14. $myusername=$_POST['myusername'];
  15. $mypassword=$_POST['mypassword'];
  16.  
  17. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
  18. $result=mysql_query($sql);
  19.  
  20. // Mysql_num_row is counting table row
  21. $count=mysql_num_rows($result);
  22. // If result matched $myusername and $mypassword, table row must be 1 row
  23.  
  24. if($count==1){
  25. // Register $myusername, $mypassword and redirect to file "login_success.php"
  26. session_register("myusername");
  27. session_register("mypassword");
  28. header("location:login_success.php");
  29. }
  30. else {
  31. echo "Wrong Username or Password";
  32. }
  33.  
  34. ob_end_flush();
  35. ?>

login_success.php

PHP Syntax (Toggle Plain Text)
  1. // Check if session is not registered , redirect back to main page.
  2. // Put this code in first line of web page.
  3. <?
  4. session_start();
  5. if(!session_is_registered(myusername)){
  6. header("location:main_login.php");
  7. }
  8. ?>
  9.  
  10. <html>
  11. <body>
  12. Login Successful
  13. </body>
  14. </html>

is there a problem somewhere??
Last edited by MattEvans; Feb 4th, 2008 at 9:07 am. Reason: Please use [code] tags around large blocks of code.
Similar Threads
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
dami06 is offline Offline
90 posts
since Oct 2006
Permalink
Feb 4th, 2008
0

Re: please tell me what is wrong with the code

php Syntax (Toggle Plain Text)
  1. // Check if session is not registered , redirect back to main page.
  2. // Put this code in first line of web page.
  3. <?
  4. session_start();
  5. if(!session_is_registered(myusername)){
  6. header("location:main_login.php");
  7. }
  8. ?>
  9.  
  10. <html>
  11. <body>
  12. Login Successful
  13. </body>
  14. </html>
Do you have the comments outside the <? tag ?
Moderator
Featured Poster
Reputation Points: 524
Solved Threads: 356
Purple hazed!
nav33n is offline Offline
3,878 posts
since Nov 2007
Permalink
Feb 4th, 2008
0

Re: please tell me what is wrong with the code

yes that's what i saw in thhe website that i got this information from. I was testing it on my laptop to see if it would work so as to create my own but instead i got that message



Click to Expand / Collapse  Quote originally posted by nav33n ...
php Syntax (Toggle Plain Text)
  1. // Check if session is not registered , redirect back to main page.
  2. // Put this code in first line of web page.
  3. <?
  4. session_start();
  5. if(!session_is_registered(myusername)){
  6. header("location:main_login.php");
  7. }
  8. ?>
  9.  
  10. <html>
  11. <body>
  12. Login Successful
  13. </body>
  14. </html>
Do you have the comments outside the <? tag ?
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
dami06 is offline Offline
90 posts
since Oct 2006
Permalink
Feb 4th, 2008
0

Re: please tell me what is wrong with the code

Remove them and put it after <? tags. Its considered as 'output' if you have it outside <? tag. And if you are using session_start or header function, nothing should be outputted before session_start or header function.
Moderator
Featured Poster
Reputation Points: 524
Solved Threads: 356
Purple hazed!
nav33n is offline Offline
3,878 posts
since Nov 2007
Permalink
Feb 4th, 2008
0

Re: please tell me what is wrong with the code

thanks a lot nav, that worked..ur awesome..
Reputation Points: 10
Solved Threads: 0
Junior Poster in Training
dami06 is offline Offline
90 posts
since Oct 2006
Permalink
Feb 4th, 2008
0

Re: please tell me what is wrong with the code

you are welcome!
Moderator
Featured Poster
Reputation Points: 524
Solved Threads: 356
Purple hazed!
nav33n is offline Offline
3,878 posts
since Nov 2007
Permalink
Jan 15th, 2009
0

Re: please tell me what is wrong with the code

## comment from reto demhold / 15th januar 2009

after i strugled with this code in its original form i altered the code
to my needs. for users of the original code, finding themself stucked i advice to replace
session_register("myusername") and use $_SESSION instead (php 4.1) or

php Syntax (Toggle Plain Text)
  1. $HTTP_SESSION_VARS["myusername"] = "$myusername";
  2. $HTTP_SESSION_VARS["mypassword"] = "$mypassword";

and call it again in login_success.php

you may also want to replace:

header("location:login_success.php");
with :
echo "<meta http-equiv=\"Refresh\" content=\"0; url= login_success.php">";

NOTE: since you relocate to a new page (login_success.php) which maybe needs a own header for
other purposes you can NOT call a header relocation which will result into an error.
so i have chosen the meta refresh. since you have registered the username and password
you can call it again with session_start(): on every page you need the username (and may compare
to the username given from the mySQL database, whatever)
as example. for those who say it is NOT save to use meta refresh it is! on the new page just call


php Syntax (Toggle Plain Text)
  1. session_start();
  2. if(!session_is_registered(myusername)){
  3.  
  4. // your page content
  5.  
  6. }

for advanced user, you might also want to create a session id and store it into the table and force each page to call it from the database, comparing wit the username and password. but remember to destroy the session when logout and delete it from the database

### end of message


Click to Expand / Collapse  Quote originally posted by dami06 ...
I'm trying to create a simple login page by following a tutorial i saw online. I did everything it required but i got this error

// Check if session is not registered , redirect back to main page. // Put this code in first line of web page.
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\test\login_success.php:3) in C:\xampp\htdocs\test\login_success.php on line 4
Login Successful

this is my code.

checklogin.php
PHP Syntax (Toggle Plain Text)
  1. <?php
  2. ob_start();
  3. $host="localhost"; // Host name
  4. $username="root"; // Mysql username
  5. $password="emilyking"; // Mysql password
  6. $db_name="test"; // Database name
  7. $tbl_name="members"; // Table name
  8.  
  9. // Connect to server and select databse.
  10. mysql_connect("$host", "$username", "$password")or die("cannot connect");
  11. mysql_select_db("$db_name")or die("cannot select DB");
  12.  
  13. // Define $myusername and $mypassword
  14. $myusername=$_POST['myusername'];
  15. $mypassword=$_POST['mypassword'];
  16.  
  17. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
  18. $result=mysql_query($sql);
  19.  
  20. // Mysql_num_row is counting table row
  21. $count=mysql_num_rows($result);
  22. // If result matched $myusername and $mypassword, table row must be 1 row
  23.  
  24. if($count==1){
  25. // Register $myusername, $mypassword and redirect to file "login_success.php"
  26. session_register("myusername");
  27. session_register("mypassword");
  28. header("location:login_success.php");
  29. }
  30. else {
  31. echo "Wrong Username or Password";
  32. }
  33.  
  34. ob_end_flush();
  35. ?>

login_success.php

PHP Syntax (Toggle Plain Text)
  1. // Check if session is not registered , redirect back to main page.
  2. // Put this code in first line of web page.
  3. <?
  4. session_start();
  5. if(!session_is_registered(myusername)){
  6. header("location:main_login.php");
  7. }
  8. ?>
  9.  
  10. <html>
  11. <body>
  12. Login Successful
  13. </body>
  14. </html>

is there a problem somewhere??
Last edited by peter_budo; Jan 17th, 2009 at 6:07 am. Reason: Keep It Organized - For easy readability, always wrap programming code within posts in [code] (code blocks) and [icode] (inline code) tags.
Reputation Points: 10
Solved Threads: 0
Newbie Poster
demhold is offline Offline
1 posts
since Jan 2009
Permalink
Jan 15th, 2009
0

Re: please tell me what is wrong with the code

Additionally, your code is very unsafe. Anyone could hack this form with MySQL injections, such as typing ' OR a=a-- in the password field. This would allow them to login to the site with the username of whoever is first in the database.

Replace this:
php Syntax (Toggle Plain Text)
  1. $myusername=$_POST['myusername'];
  2. $mypassword=$_POST['mypassword'];
  3.  
  4. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";

With this:
php Syntax (Toggle Plain Text)
  1. // If no magic quotes, add slashes
  2. if(!get_magic_quotes_gpc()) {
  3.  $myusername = addslashes($_POST['myusername']);
  4.  $mypassword = addslashes($_POST['mypassword']);
  5. }
  6.  
  7. // Username and password sent from form.
  8. $myusername = mysql_real_escape_string($myusername);
  9. $mypassword = mysql_real_escape_string($mypassword);
  10.  
  11. $sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
Last edited by MVied; Jan 15th, 2009 at 12:01 pm.
Reputation Points: 21
Solved Threads: 11
Junior Poster
MVied is offline Offline
111 posts
since Aug 2008

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: visitor Details
Next Thread in PHP Forum Timeline: Help Identifying Code





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC