Hello.
I'm creating a CMS. I've got this log_error.
Can you explain the problem for me if the error message is clear enough for you to understand it? I'm new to PHP.
the log_error says:

PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent

Member Avatar for diafol

Seems like you have output (html or echo/print or even whitespace) before the session_start() statement. Make sure that session_start() is the first thing in your page, then it should work.

If it still doesn't, it may be down to your document having a BOM. Ensure that all files are saved as UTF-8 without BOM.

Well, in 2 files, session_start() is not the first thing in the page, is like this:

<html>
<head>
<title>page title</title>
</head>
<body>
<?php
session_start();

And in one other file is like this:

<?php
include('includes/functions.php');
session_start();

And what is BOM?
How can i understand if all files are saved az UTF-8 without BOM or not? What should i do for that?

Member Avatar for diafol

Just change all your files to ensure that:

<?php
session_start();

is right at the top. No problem. BOM may not be an issue. If you have a more advanced text editor (or IDE) you may have options in which format you wish to save the file. Notepad++ for example allows you to store in many different formats.

I replaced the last one with this:

    <?php
    session_start();
    include('includes/functions.php');

And for two other files, i moved the html part into after session_start().

But still i have problem, nothing changed. I can't login into admin area and will get the error to check details, i mean the error message for login form code. But now there is no log_error, so how should i find the problem?

I'm using a tutorial video. I typed all codes exactly like the vido but the result was different. In that video, session_start() was not the first thing on the file, was like what i post in my seccond post here, but there was no problem on the video.

Look at this please:

<?php
session_start();
include('includes/functions.php');

if(isset($_POST['login'])) {
    if(isset($_POST['username'])) {
        if(isset($_POST['password'])) {
            $username = $_POST['username'];
            $query = mysql_query("SELECT * FROM users WHERE Username = '$username'") or die (mysql_error());
            $user = mysql_fetch_array($query);

            if(md5($_POST['password']) == $user['Password']) {
                echo "Login successful";
                $_SESSION['user'] = $user['Username'];
                header("Location: index.php");
            } else {
                echo "Please check your login details!";
                include('login.php');
            }
        } else {
            echo "Please check your password!";
            include('login.php');
        }
    } else {
        echo "Please check your username!";
        include('login.php');
    }
} else {
    echo "Please check that you filled out the login form!";
    include('login.php');
}
?>

When i try to login, i get this error:
Please check your login details!

session_start(); should always be the first thing in your script.

<?php session_start(); ?>
<html>
    <head>...</head>
    <body>...</body>
</html>

Like that. Same for PHP-only files.

What is session_start for?

Member Avatar for diafol

It seems the problem is with your redirect:

 header("Location: index.php");

Once again, there should be no output before this.

echo "Login successful";

is causing header() to fail. If you're redirecting, you wouldn't usually need to post a message beforehand as the message would be posted on the page you were redirected to.

With regard to session_start() and functions include file: As long as the include file does not provide output, then it should be fine to have the functions file before the session_start(). It's just my thing to have it at the start to ensure I never get the needless error.

Really, from a sort of programattic point of view; you should be having your forms made something like this in, for example, login.php:

<form action="dologin.php" method="post">
    <?= (isset($_GET['error']) ? "An error has occurred with your submitted data." : "") ?>
    ...
</form>

Then you should have dologin.php like this:

<?php
    session_start(); // session_start(); at the top so that $_SESSION is usable
    if (blah blah) {
        $mysql_stuff = BLAHHBLAHH;
        ...
        if ($goodCredentialsAndNotBanned) {
            $_SESSION['user'] = [
                "id" => $userFromDatabase['id']
            ];
        }else{
            return header("Location: login.php?error=true");
        }
    }else{
        return header("Location: login.php?error=true");
    }

That way; you're not submitting the form to the current page which HTML will be spat out on. In my opinion, you should NEVER have any HTML output on a submission page unless it's an AJAX request and it returns JSON or something.

I deleted echo "Login successful"; but stil get this "Please check your login details!" message above the login fields. And also there is no log_error.

Well it seems the tutorial videos i'm using are not good and have so many problems. It's better to recreate the CMS again from the first step, using an other way.

Member Avatar for diafol

On a side-thread of yours there is a discussion about frameworks. Without wanting to cross-post here, I'll just say that these frameworks have methods of redirecting with "flash" messages, so you don't have to worry about setting up and probably duplicating your handling code all over the place.

commented: Yeah; Laravel is a good example of this too. :D +4
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.