Php Sessions

You forgot to post index.php. But anyway, here is a suggestion for you. Dont have any html tags, or echo statements (not even a blank space) before calling header function or before starting a session. I guess, in index.php, you are echoing something or you have html tags in it.

P.S: Next time you post your code, please use [/code ] tags.[code ] [/code ] tags.

I edited the post to include the index.php file.

$connection = @mysql_connect($hostname, $username, $password) or die("<p>Unable to connect to the database server at this time.</p>". mysql_error());
@mysql_select_db($databasename) or die("<p>Unable to locate the [". $databasename ."] at this time</p>". mysql_error());

Remove @ before mysql queries. I guess your script is having problems selecting the database. C:\inetpub\wwwroot\cms\core\db.php:13 << That says, line 13 has started outputting already. You either buffer up the output by using ob_start() as the first line of your code, right after <?php and as the last line, have ob_flush(). Most people wont do this because its an unnecessary server load. Do these things.
Remove @ in db.php . Check if its selecting the database. Secondly, (as i said in my earlier post) don't output anything before header function.

I am new to php, so.... I am unsure how to re write this correctly? Also, when i add ob_start(); as the second line in the _secure.php, and I log in it just refreshes the log in page....

<?php
ob_start();
require_once('core/db.php');
// Check if login form was submitted
if (isset($_POST['submit']))
{
// Check for a matching username and password in the database
$check = mysql_query("SELECT id,username,password FROM $prefix"."_admin WHERE 
username='" . $_POST ['username'] . "' AND password='" . $_POST['password'] . "'");
if  (mysql_num_rows($check) != 1) 
{
// inform user username or password is incorrect 
echo "Incorrect username or password<br>";
} else {
// Retrieve userinfo
$user_info = mysql_fetch_array($check);

// Login was successful set session variables
$_SESSION["userid"] = $user_info['id'];
$_SESSION["username"] = $user_info['username'];
header('location:home.php');
// echo "<a href=home.php?aut=1>ENTER</a>";

}

// Display Login Form

} else {

echo "<html>";
echo "<head><title></title>";
echo "<body bgcolor='#66CCFF' topmargin='100'>";
echo "<link rel='stylesheet' type='text/css'  href='assets/styles/style.css' /> </head>";
echo "<form action=index.php method='post'>";
echo "<table align='center'>";
echo "<tr>";
echo "<td align='left'>";
echo "<b>Username</b>:<br /><input type='text' name='username'>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>"; 
echo "<b>Password</b>:<br /><input type='password' name='password' >";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>";   
echo "<input type='submit' name='submit' value='Submit'>";
echo "</tr>";
echo "</table>";
echo "</form>";
echo "</body>";
echo"  </html>";
}
ob_flush();
?>

Did you check whether its selecting the database ? I think you got a problem there.

I think that it is selecting the database. I think that is the header problem along w/ other....

Warning: session_start() [function.session-start]: open(C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\\sess_e2d47e7f5bd6659a2ff4436b49990654, O_RDWR) failed: Permission denied (13) in C:\inetpub\wwwroot\cms\core\_secure.php on line 2

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\inetpub\wwwroot\cms\core\_secure.php:2) in C:\inetpub\wwwroot\cms\core\_secure.php on line 2

Warning: Cannot modify header information - headers already sent by (output started at C:\inetpub\wwwroot\cms\core\_secure.php:2) in C:\inetpub\wwwroot\cms\core\_secure.php on line 6

Warning: Unknown: open(C:\Windows\SERVIC~2\NETWOR~1\AppData\Local\Temp\\sess_e2d47e7f5bd6659a2ff4436b49990654, O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct () in Unknown on line 0

umm.. If its selecting the database, then why did you get that error

Warning: Cannot modify header information - headers already sent by
(output started at C:\inetpub\wwwroot\cms\core\db.php:13) in C:\inetpub\wwwroot\cms\index.php on line 20

Why don't you try a simple example ?

<?php
$username='username';
$password='pword';
$hostname='host';
$databasename='db_name';
$create='off';
$prefix='';

//database conection

$connection = mysql_connect($hostname, $username, $password) or die("<p>Unable to connect to the database server at this time.</p>". mysql_error());
$x=mysql_select_db($databasename) or die("<p>Unable to locate the [". $databasename ."] at this time</p>". mysql_error());
echo $x;
?>

Just execute this code and tellme if it returns 1.

Edit: Hey ! remove ob_start and ob_flush.

<?php
$username='username';
$password='pword';
$hostname='host';
$databasename='db_name';
$create='off';
$prefix='';$connection = @mysql_connect($hostname, $username, $password) or die("<p>Unable to connect to the database server at this time.</p>". mysql_error());
@mysql_select_db($databasename) or die("<p>Unable to locate the [". $databasename ."] at this time</p>". mysql_error());
?>

Replace your db.php with this one (or remove //database conection) and try again !