Hi Everyone, I have been playing around with a client login process that would allow a user to log in on any of my Visable pages and once logged in the user would be directed to a page specifically for them. <br /><br />I am having a problem with the login process itself <br />If I enter an incorrect user id the process works correctly<br />if I enter an incorrect Password the process works correctly<br />If I enter in a valid user and Valid password I have problems with sessions <br />the exact error I am getting is <br /><!--quoteo--><div class='quotetop'>QUOTE</div><div class='quotemain'><!--quotec-->Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/rmulher/public_html/index.php:3) in /home/rmulher/public_html/php/login_form.php on line 33<!--QuoteEnd--></div><!--QuoteEEnd--><br /><br />ok I know that I cant send any data to the browser prior to the php code executing or this message occurs... What I dont know is how I should go about changing all my pages where the login form is located to not have this issue occur <br />The Login form is a php file that is dynamically built into each page on the right hand column<br />Here is the <a href="http://www.rmulhern.com/php/testform.php" target="_blank">TESTFORM LINK</a><br />User id to test this is "tina" and pasword = "tina" <br /><br />I hope someone here can assist with this headache... thank you again everyone<br /><br />the login code is here <br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?php include $_SERVER['DOCUMENT_ROOT']."/php/mysql.php"; ?><br /><br /><?php function print_login(){ //prints the login table ?><br /> Â Â Â Â Â <br /><br /><br /><br /> Â <h2>Login</h2><br /> Â <form method="post" action="<?php $PHP_SELF ?>" name="login"><br /> Â <p>Username:<input type="text" name="username"></p><br /> Â <p>User Password:<input type="password" name= "password" /></p><br /> Â <input type="submit" name="submit" value="Login" /><br /> Â </form><br /><br /><?<br />}<br />if($username!="")<br />{<br />Â Â Â Â $query = "SELECT * FROM login_users WHERE username=\"$username\"";<br />Â Â Â Â $result = mysql_query($query, $link);<br />Â Â Â Â $password = md5($password); //password from the user is encrpyed to compare with the already encrpyted one in the database<br />Â Â Â Â if(mysql_num_rows($result)<1){ //checks to make sure the username exists<br /> Â print "<h3>Sorry, username does not exist!</h3>";<br /> Â print_login();<br /> Â }<br />Â Â Â Â else{<br />Â Â Â Â while($tmp = mysql_fetch_assoc($result)){<br /> Â if($tmp['password'] != $password){ //checks ot make sure the passwords are the same<br /> Â Â Â Â Â print "Sorry, you have entered an incorrect password!";<br /> Â Â Â Â Â print_login();<br /> Â Â Â Â Â }<br /> Â else{<br /> Â Â session_start();<br /> Â Â extract($tmp); // creates variables named by the keys in array $tmp<br /> Â Â $legal=$username.md5("my personal code"); //establishes an authentication variable beyond a valid session (must be present)<br /> Â Â $name="$first $last"; //creates a complete name from 'first' and 'last' used in the table (for page title and welcome msg)<br /> Â Â session_register("name"); // passes on the session variables<br /> Â Â session_register("legal"); //ditto<br /> Â Â header("Location: $username.php"); // redirects valid users to their personal page (you have to create them, can be done automatically (through scripting) when you first register.<br /> Â Â Â Â Â }<br /> Â }<br />Â Â Â Â }<br />}<br /><br />else{<br />print_login();<br />}<br /><br />?><!--c2--></div><!--ec2--><br /><br />the code for the Testform page is here <br /><!--c1--><div class='codetop'>CODE</div><div class='codemain'><!--ec1--><?php $thisPage="NONE";?><br /><br /><?php include $_SERVER['DOCUMENT_ROOT']."/php/header_blank.php"; ?><br />Â Â Â Â <br /><?php include $_SERVER['DOCUMENT_ROOT']."/php/nav_blank.php"; ?><br /><br /> Â Â <div id="sidebar"> <br /> Â Â Â <?php include $_SERVER['DOCUMENT_ROOT']."/php/login_form.php"; ?><br /> Â Â Â Â Â <br /> Â Â </div><br />Â Â Â Â <br /> Â Â <div id="content"> <br /> Â Â Â Â <br /> Â Â Â Â Â </div><br />Â Â Â Â <br /><?php include $_SERVER['DOCUMENT_ROOT']."/php/footer_blank.php"; ?><!--c2--></div><!--ec2--><!--content-->
The problem seems to be that you're including login_for.php in the middle of the HTML, which means that when you call session_start(), some HTML code has already been sent to the browser.<br /><br />The session handling code needs to be the first thing on the page (or you could use buffered output but I don't think you want/should go that way).<br /><br />By the way, you're using session_register(), which is a big problem if you intend to use $_SESSION to access session variables (it's actually impossible, not just a big problem). Instead of using session_register, you should use $_SESSION. For example, if you want to register a session variable named "var", you'd write this:<br /><br />$_SESSION['var'] = "variable value here";<br /><br />instead of<br /><br />$var = "variable value here";<br />session_register("var");<!--content-->
Raul Thanks for the help there, I will try to modify that and especially thanks for the tip about the session_register() I will change that and test it once all changes are back in <br />Thanks again<!--content-->
Let me know how it goes <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Hi Raul, Just wanted to let you know I did get a Client log in process working pretty smooth <br />You can test it and see if you find any holes if you like <br />the current set up allows you check out the Client Demo page if you get in <br />I have tried looking at the page directly without logging in and it appears to be working smooth <br /><br />here is the user id info to test <br />id = "Demo" no quotes<br />pass = "Demo" no quotes<a href="http://www.rmulhern.com" target="_blank">My Webpage</a><br /><br />Right side has login <br /><br />I ended up breaking down some scripts I found at Hotscripts modified them to do what I needed... Seemed a lot more secure than what I was attempting before... <br /><br />This method uses both cookies and sessions so should be a little more robust. <br />Thanks again for helping me <br />If you want to see the code just message me<!--content-->
Glad I could help <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><br /><br />By the way, I tested it and I noticed that the username is not case sensitive.<!--content-->
hmmm gonna have to fix that... Thanks Raul<!--content-->
The problem seems to be that you're including login_for.php in the middle of the HTML, which means that when you call session_start(), some HTML code has already been sent to the browser.<br /><br />The session handling code needs to be the first thing on the page (or you could use buffered output but I don't think you want/should go that way).<br /><br />By the way, you're using session_register(), which is a big problem if you intend to use $_SESSION to access session variables (it's actually impossible, not just a big problem). Instead of using session_register, you should use $_SESSION. For example, if you want to register a session variable named "var", you'd write this:<br /><br />$_SESSION['var'] = "variable value here";<br /><br />instead of<br /><br />$var = "variable value here";<br />session_register("var");<!--content-->
Raul Thanks for the help there, I will try to modify that and especially thanks for the tip about the session_register() I will change that and test it once all changes are back in <br />Thanks again<!--content-->
Let me know how it goes <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><!--content-->
Hi Raul, Just wanted to let you know I did get a Client log in process working pretty smooth <br />You can test it and see if you find any holes if you like <br />the current set up allows you check out the Client Demo page if you get in <br />I have tried looking at the page directly without logging in and it appears to be working smooth <br /><br />here is the user id info to test <br />id = "Demo" no quotes<br />pass = "Demo" no quotes<a href="http://www.rmulhern.com" target="_blank">My Webpage</a><br /><br />Right side has login <br /><br />I ended up breaking down some scripts I found at Hotscripts modified them to do what I needed... Seemed a lot more secure than what I was attempting before... <br /><br />This method uses both cookies and sessions so should be a little more robust. <br />Thanks again for helping me <br />If you want to see the code just message me<!--content-->
Glad I could help <img src="http://www.totalchoicehosting.com/forums/style_emoticons/default/smile.gif" style="vertical-align:middle" emoid="" border="0" alt="smile.gif" /><br /><br />By the way, I tested it and I noticed that the username is not case sensitive.<!--content-->
hmmm gonna have to fix that... Thanks Raul<!--content-->