Jump to content

Login and session question (Easy..hopefully)

mattdawg

By mattdawg
in PHP Coding Help

 Share

Recommended Posts

mattdawg Newbie

mattdawg

Posted
Posted

I am really new to PHP and I am trying to get my feet wet with a simple recipe website.  I have created several pages with a sql back end.  I have been following several tutorials and I have added a lot to them and it has gotten me to this problem.  So I am wondering if someone can help me figure this out.  Hopefully it is an easy question.

 

I have a login page that asks for a user name and password.  I validate those through the database.  That part is working perfectly.  Then when I am done checking I register the session and kick them off the the site with:

 

            session_register("username");

            session_register("pswd");

            header("location:form6.php");

 

at the top of form6.php I have the following to check the session to make sure they are validated, if they are not I send them to the login page with the following code:

 

            <?php

                session_start();

                if(!session_is_registered(username))

              {

              header("location:login.php");

                }

            ?>

 

even that part works great.  Here is where I get stuck.  I want to add this same type of functionality to other pages but when I do I get the following error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_input.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_input.php on line 2

 

I am a little stuck on this one.  People who directly type the page address can bypass the login without this so I would just like to get this figured out.  And the sooner the better as there are other bigger things I would like to tackle.

 

Thanks,

Matt

 

 

 

Link to comment
Share on other sites
mattdawg Newbie

mattdawg

Posted
  • Author
Posted

Ok that didn't work so maybe I didn't post all the relavent information. so here is what I have to validate the user name and password and store them in the session;

 

    $dbcon = mysql_connect("localhost", $dbuser, $dbpswd);

    if (!mysql_errno())

    {

        mysql_select_db($dbuser, $dbcon);

 

        $username=$_POST['username'];

        $pswd=$_POST['pswd'];

   

        $myusername = stripslashes($username);

        $mypassword = stripslashes($pswd);

        $myusername = mysql_real_escape_string($username);

        $mypassword = mysql_real_escape_string($pswd);

   

        $query="SELECT * FROM credentials WHERE username='$username' and password='$pswd'";

        $result=mysql_query($query);

   

        $count=mysql_num_rows($result);

   

        if($count==1)

        {

            $_SESSION['username'] = $username;

            $_SESSION['pswd'] = $pswd;

            header("location:form6.php");

        }

        else

        {

            echo "Wrong Username or Password";

        }

    }

 

then in form6.php, right at the top of the file, I have the following:

 

<?php

    session_start();

    if(!session_is_registered(username))

    {

header("location:login.php");

    }

?>

 

form 6 can then get me to recipe_wizard.php through a get method

 

        <form action="recipe_wizard.php" method="get">

            <input type="submit" name="addscore" value="New Recipe" />

        </form>

 

I am thinking that's why I can't have the above code.  I am not sure but does that add html to the next page preventing the validation above to not be the first thing in the next file?  Anyway's I then have this at the top fo the recipe_wizard.php file the very first thing:

 

<?php

    session_start();

    if(!session_is_registered(username))

    {

header("location:login.php");

    }

?>

 

when I try to navigate to this page I get the following error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_input.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_input.php on line 2

 

 

Link to comment
Share on other sites
unidox Advanced Member

unidox

Posted
Posted

Try this:

 

<?php
$dbcon = mysql_connect("localhost", $dbuser, $dbpswd);
if ($dbcon) {
mysql_select_db($dbuser, $dbcon);

$username = $_POST['username'];
$password = $_POST['pswd'];

$username = stripslashes($username);
$password = stripslashes($pswd);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($pswd);

$q = mysql_query("SELECT * FROM `credentials` WHERE `username` = '$username' and `password` = '$password'");

$count = mysql_num_rows($q);

if($count == 1)	{
	$_SESSION['username'] = $username;
	$_SESSION['pswd'] = $password;
	header("location: form6.php");
	exit();
} else {
	echo "Wrong Username or Password";
	exit();
}
}
?>
then in form6.php, right at the top of the file, I have the following:

<?php
session_start();
if(!$_SESSION['username']) {
header("location:login.php");
exit();
}
?>

form 6 can then get me to recipe_wizard.php through a get method

<form action="recipe_wizard.php" method="POST">
<input type="submit" name="addscore" value="New Recipe" />
</form>

I am thinking that's why I can't have the above code.  I am not sure but does that add html to the next page preventing the validation above to not be the first thing in the next file?  Anyway's I then have this at the top fo the recipe_wizard.php file the very first thing:

<?php
session_start();
if(!$_SESSION['username']) {
header("location:login.php");
exit();
}
?>

 

I changed some of the names and changed the form method to post. See if that works.

Link to comment
Share on other sites
mattdawg Newbie

mattdawg

Posted
  • Author
Posted

Thanks for the tips. I made the minor adjustments and I found a couple errors that I had missed especially with the strip slashes and such I didn't realize I was re-naming them.

 

I am still getting the error.  I was really hoping the chaning it from get to post would fix it I don't know why I didn't try before but it still isn't working I still get the following error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_wizard.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_wizard.php on line 2

 

I ahve read in a few places that with that error you have to make sure there is no HTML code before the session_start() function.  And as far as my knowledge goes that is true.  I must be missing something because I can't for the life of me figure out why it's breaking.

Link to comment
Share on other sites
mattdawg Newbie

mattdawg

Posted
  • Author
Posted

maybe I just need to post all of the code I have for this so far.

 

login.php

<table border="1">
    <tr>
        <form name="form1" method="post" action="chklogin.php">
            <td>
                <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
                    <tr>
                        <td colspan="3"><strong>Member Login </strong></td>
                    </tr>
                    <tr>
                        <td width="78">Username</td>
                        <td width="294">
                            <input name="username" type="text" id="username">
                        </td>
                    </tr>
                    <tr>
                        <td>Password</td>
                        <td><input name="pswd" type="text" id="pswd"></td>
                    </tr>
                    <tr>
                        <td><a href="newuser.php">Register Here</a></td>
                        <td><input type="submit" name="Submit" value="Login"></td>
                    </tr>
                </table>
            </td>
        </form>
    </tr>
</table>
[\code]

chklogin.php
[code]
<?php
    session_start();
    $file = fopen("dblogin.csv","r");
    while(($data = fgetcsv($file)) !== FALSE)
    {
        $dbuser = $data[0];
        $dbpswd = $data[1];
        break;
    }
    fclose($file);
    
    $dbcon = mysql_connect("localhost", $dbuser, $dbpswd);
    if (!mysql_errno())
    {
        mysql_select_db($dbuser, $dbcon);

        $username=$_POST['username']; 
        $password=$_POST['pswd']; 
    
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);
    
        $query="SELECT * FROM credentials WHERE username='$username' and password='$password'";
        $result=mysql_query($query);
    
        $count=mysql_num_rows($result);
    
        if($count==1)
        {
            $_SESSION['username'] = $username;
            $_SESSION['pswd'] = $password;
            header("location:form6.php");
        }
        else
        {
            echo "Wrong Username or Password";
        }
    }
?>

 

form6.php

<?php
    session_start();
    if(!$_SESSION[username])
    {
header("location:login.php");
exit();
    }
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html lang="en">
<head>
    <title>CS 3660 - Project - Recipe Keeper</title>
</head>
    <body>
        <h1>Welcome to the Recipe web page where you can add you own recipies.</h1>
<!--<a href="recipe_wizard.php">New Recipe</a> -->
        <form action="recipe_wizard.php" method="post">
            <input type="submit" name="addscore" value="New Recipe" />
        </form>
    </body>
</html>

 

recipe_input.php

<html>
<head>
	<title>Reciepe Wizard</title>
</head>
<body>
	<?php
		$file = fopen("dblogin.csv","r");
		while(($data = fgetcsv($file)) !== FALSE)
		{
			$dbuser = $data[0];
			$dbpswd = $data[1];
			break;
		}
		fclose($file);

		$dbcon = mysql_connect("localhost", $dbuser, $dbpswd);
		if (!mysql_errno())
		{
			mysql_select_db($dbuser, $dbcon);

			$repeat = $_POST['ingredientsNum'];
			$cat = $_POST['category'];
			$title = $_POST['title'];

			$queryTitle = "SELECT * FROM recipe WHERE title='$title'";
			//echo $queryTitle;
			//echo "<br/>";
    
			$result = mysql_query($queryTitle, $dbcon) or die("<h1>SQL failed most likly due to improperly formed query</h1>");
			if (mysql_num_rows($result) >= 1)
			{
				exit("<h1>The title you entered is already being used.</h1>");
			}


			else if (mysql_num_rows($result) == 0)
			{
				$queryUser = "SELECT uid FROM credentials WHERE userName='matt'";
				//echo $queryUser;
				$result = mysql_query($queryUser, $dbcon);
				$row = mysql_fetch_row($result);
				$uid = $row[0];
				$queryCat = "SELECT catid FROM category WHERE catname = '$cat'";
				echo $queryCat;
				$result = mysql_query($queryCat, $dbcon);
				if (mysql_num_rows($result) >= 1)
				{
					$row = mysql_fetch_row($result);
					$catid = $row[0];
					//echo "<br/>cat id = " . $catid;
				}
				else
				{
					$insert = "INSERT INTO category (catname) VALUES ('$cat')";
					mysql_query($insert, $dbcon);
					$catid = mysql_insert_id($dbcon);
					//echo "<br/>cat id = " . $catid;
				}
				$insert = "INSERT INTO recipe (uid,catid,title,pubpri,rating) VALUES ($uid,$catid,'$title', -1, -1)"; /*the last 2 are not implemented features yet so I set them to -1*/
				//echo $insert;
				mysql_query($insert, $dbcon);
				$rid = mysql_insert_id($dbcon);
			}
		}
		else
		{
			echo "<h1>Connection Error.</h1>";
		}

		echo "<fieldset name=\"Group1\" style=\"height: auto; width: 425px\">";
			echo "<legend>" . $title . "</legend>";
			echo "<form action=\"uploadRecipe.php?cat=" . $cat . "&rid=" . $rid . "&ingredients=" . $repeat . "&title=" . $title . "\" method=\"post\">";
				echo "<fieldset name=\"Group1\" style=\"height: auto\">";
					echo "<legend>Ingredience</legend>";

					echo "<table>";
						echo "<tr><td>Amount</td><td>Mesurement</td><td>Ingredient</td></tr>";

						for ($i = 0; $i < $repeat; $i++)
						{
							//Nedds to be repeated for how many ingredients selected
							echo "<tr><td>";
								echo "<select name=\"amount" . $i . "\" style=\"width: auto\">";
									echo "<option>1</option><option>2</option><option>3</option><option>4</option>";
									echo "<option>5</option><option>6</option><option>7</option><option>8</option>";
									echo "<option>9</option><option>10</option><option>11</option><option>12</option>";
									echo "<option>13</option><option>14</option><option>15</option><option>16</option>";
									echo "<option>17</option><option>18</option><option>19</option><option>20</option>";
								echo "</select>";
							echo "</td><td>";
								echo "<input name=\"mesurement" . $i . "\" type=\"text\" style=\"width: 163px\" />";
							echo "</td><td>";
								echo "<input name=\"ingredient" . $i . "\" type=\"text\" style=\"width: 163px\" />";
							echo "</td>";
							echo "</tr>";
							//repeat to here ***********************************************************
						}

					echo "</table>";
				echo "</fieldset>";
				echo "<fieldset name=\"Group1\" style=\"height: 140 px\">";
					echo "<legend>Directions</legend>";
					echo "<textarea name=\"directions\" style=\"width: 390; height: 120px\"></textarea>";
				echo "</fieldset>";
				echo "<input name=\"Next\" type=\"submit\" value=\"Next\" />";
			echo "</form>";
		echo "</fieldset>";
	?>
</body>
</html>

 

I know most of my code is a hack job as I learn new things I try and fix thing but some times I don't go back and fix things that work.  When I get it all finished I will try and go back and polish this up I just want this working first.  But any suggestions that anyone has for me are gladly accepted as I am very new to this stuff.  I find it very powerful and exciting so any tips along the way are very helpful.

 

If you need any more code feel free to let me know and I will see what I can do.

 

Thanks,

Matt

 

[/code]

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.