TCH-RobertM Posted December 30, 2004 Posted December 30, 2004 Hi Everyone, I have been playing around with a client login process that would allow a user to log in on any of my Visable pages and once logged in the user would be directed to a page specifically for them. I am having a problem with the login process itself If I enter an incorrect user id the process works correctly if I enter an incorrect Password the process works correctly If I enter in a valid user and Valid password I have problems with sessions the exact error I am getting is Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/rmulher/public_html/index.php:3) in /home/rmulher/public_html/php/login_form.php on line 33 ok I know that I cant send any data to the browser prior to the php code executing or this message occurs... What I dont know is how I should go about changing all my pages where the login form is located to not have this issue occur The Login form is a php file that is dynamically built into each page on the right hand column Here is the TESTFORM LINK User id to test this is "tina" and pasword = "tina" I hope someone here can assist with this headache... thank you again everyone the login code is here ><?php include $_SERVER['DOCUMENT_ROOT']."/php/mysql.php"; ?> <?php function print_login(){ //prints the login table ?> <h2>Login</h2> <form method="post" action="<?php $PHP_SELF ?>" name="login"> <p>Username:<input type="text" name="username"></p> <p>User Password:<input type="password" name= "password" /></p> <input type="submit" name="submit" value="Login" /> </form> <? } if($username!="") { $query = "SELECT * FROM login_users WHERE username=\"$username\""; $result = mysql_query($query, $link); $password = md5($password); //password from the user is encrpyed to compare with the already encrpyted one in the database if(mysql_num_rows($result)<1){ //checks to make sure the username exists print "<h3>Sorry, username does not exist!</h3>"; print_login(); } else{ while($tmp = mysql_fetch_assoc($result)){ if($tmp['password'] != $password){ //checks ot make sure the passwords are the same print "Sorry, you have entered an incorrect password!"; print_login(); } else{ session_start(); extract($tmp); // creates variables named by the keys in array $tmp $legal=$username.md5("my personal code"); //establishes an authentication variable beyond a valid session (must be present) $name="$first $last"; //creates a complete name from 'first' and 'last' used in the table (for page title and welcome msg) session_register("name"); // passes on the session variables session_register("legal"); //ditto header("Location: $username.php"); // redirects valid users to their personal page (you have to create them, can be done automatically (through scripting) when you first register. } } } } else{ print_login(); } ?> the code for the Testform page is here ><?php $thisPage="NONE";?> <?php include $_SERVER['DOCUMENT_ROOT']."/php/header_blank.php"; ?> <?php include $_SERVER['DOCUMENT_ROOT']."/php/nav_blank.php"; ?> <div id="sidebar"> <?php include $_SERVER['DOCUMENT_ROOT']."/php/login_form.php"; ?> </div> <div id="content"> </div> <?php include $_SERVER['DOCUMENT_ROOT']."/php/footer_blank.php"; ?> Quote
borfast Posted December 31, 2004 Posted December 31, 2004 The problem seems to be that you're including login_for.php in the middle of the HTML, which means that when you call session_start(), some HTML code has already been sent to the browser. The session handling code needs to be the first thing on the page (or you could use buffered output but I don't think you want/should go that way). By the way, you're using session_register(), which is a big problem if you intend to use $_SESSION to access session variables (it's actually impossible, not just a big problem). Instead of using session_register, you should use $_SESSION. For example, if you want to register a session variable named "var", you'd write this: $_SESSION['var'] = "variable value here"; instead of $var = "variable value here"; session_register("var"); Quote
TCH-RobertM Posted December 31, 2004 Author Posted December 31, 2004 Raul Thanks for the help there, I will try to modify that and especially thanks for the tip about the session_register() I will change that and test it once all changes are back in Thanks again Quote
TCH-RobertM Posted January 1, 2005 Author Posted January 1, 2005 Hi Raul, Just wanted to let you know I did get a Client log in process working pretty smooth You can test it and see if you find any holes if you like the current set up allows you check out the Client Demo page if you get in I have tried looking at the page directly without logging in and it appears to be working smooth here is the user id info to test id = "Demo" no quotes pass = "Demo" no quotesMy Webpage Right side has login I ended up breaking down some scripts I found at Hotscripts modified them to do what I needed... Seemed a lot more secure than what I was attempting before... This method uses both cookies and sessions so should be a little more robust. Thanks again for helping me If you want to see the code just message me Quote
borfast Posted January 1, 2005 Posted January 1, 2005 Glad I could help By the way, I tested it and I noticed that the username is not case sensitive. Quote
TCH-RobertM Posted January 1, 2005 Author Posted January 1, 2005 hmmm gonna have to fix that... Thanks Raul Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.