mattdawg Posted April 19, 2008 Share Posted April 19, 2008 I am really new to PHP and I am trying to get my feet wet with a simple recipe website. I have created several pages with a sql back end. I have been following several tutorials and I have added a lot to them and it has gotten me to this problem. So I am wondering if someone can help me figure this out. Hopefully it is an easy question. I have a login page that asks for a user name and password. I validate those through the database. That part is working perfectly. Then when I am done checking I register the session and kick them off the the site with: session_register("username"); session_register("pswd"); header("location:form6.php"); at the top of form6.php I have the following to check the session to make sure they are validated, if they are not I send them to the login page with the following code: <?php session_start(); if(!session_is_registered(username)) { header("location:login.php"); } ?> even that part works great. Here is where I get stuck. I want to add this same type of functionality to other pages but when I do I get the following error: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_input.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_input.php on line 2 I am a little stuck on this one. People who directly type the page address can bypass the login without this so I would just like to get this figured out. And the sooner the better as there are other bigger things I would like to tackle. Thanks, Matt Quote Link to comment Share on other sites More sharing options...
unidox Posted April 19, 2008 Share Posted April 19, 2008 Try setting your sessions the proper way, $_SESSION['name'] = value; Then try it. Quote Link to comment Share on other sites More sharing options...
mattdawg Posted April 19, 2008 Author Share Posted April 19, 2008 Ok i'll give it a try thanks. Quote Link to comment Share on other sites More sharing options...
mattdawg Posted April 19, 2008 Author Share Posted April 19, 2008 Ok that didn't work so maybe I didn't post all the relavent information. so here is what I have to validate the user name and password and store them in the session; $dbcon = mysql_connect("localhost", $dbuser, $dbpswd); if (!mysql_errno()) { mysql_select_db($dbuser, $dbcon); $username=$_POST['username']; $pswd=$_POST['pswd']; $myusername = stripslashes($username); $mypassword = stripslashes($pswd); $myusername = mysql_real_escape_string($username); $mypassword = mysql_real_escape_string($pswd); $query="SELECT * FROM credentials WHERE username='$username' and password='$pswd'"; $result=mysql_query($query); $count=mysql_num_rows($result); if($count==1) { $_SESSION['username'] = $username; $_SESSION['pswd'] = $pswd; header("location:form6.php"); } else { echo "Wrong Username or Password"; } } then in form6.php, right at the top of the file, I have the following: <?php session_start(); if(!session_is_registered(username)) { header("location:login.php"); } ?> form 6 can then get me to recipe_wizard.php through a get method <form action="recipe_wizard.php" method="get"> <input type="submit" name="addscore" value="New Recipe" /> </form> I am thinking that's why I can't have the above code. I am not sure but does that add html to the next page preventing the validation above to not be the first thing in the next file? Anyway's I then have this at the top fo the recipe_wizard.php file the very first thing: <?php session_start(); if(!session_is_registered(username)) { header("location:login.php"); } ?> when I try to navigate to this page I get the following error: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_input.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_input.php on line 2 Quote Link to comment Share on other sites More sharing options...
unidox Posted April 19, 2008 Share Posted April 19, 2008 Try this: <?php $dbcon = mysql_connect("localhost", $dbuser, $dbpswd); if ($dbcon) { mysql_select_db($dbuser, $dbcon); $username = $_POST['username']; $password = $_POST['pswd']; $username = stripslashes($username); $password = stripslashes($pswd); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($pswd); $q = mysql_query("SELECT * FROM `credentials` WHERE `username` = '$username' and `password` = '$password'"); $count = mysql_num_rows($q); if($count == 1) { $_SESSION['username'] = $username; $_SESSION['pswd'] = $password; header("location: form6.php"); exit(); } else { echo "Wrong Username or Password"; exit(); } } ?> then in form6.php, right at the top of the file, I have the following: <?php session_start(); if(!$_SESSION['username']) { header("location:login.php"); exit(); } ?> form 6 can then get me to recipe_wizard.php through a get method <form action="recipe_wizard.php" method="POST"> <input type="submit" name="addscore" value="New Recipe" /> </form> I am thinking that's why I can't have the above code. I am not sure but does that add html to the next page preventing the validation above to not be the first thing in the next file? Anyway's I then have this at the top fo the recipe_wizard.php file the very first thing: <?php session_start(); if(!$_SESSION['username']) { header("location:login.php"); exit(); } ?> I changed some of the names and changed the form method to post. See if that works. Quote Link to comment Share on other sites More sharing options...
mattdawg Posted April 19, 2008 Author Share Posted April 19, 2008 Thanks for the tips. I made the minor adjustments and I found a couple errors that I had missed especially with the strip slashes and such I didn't realize I was re-naming them. I am still getting the error. I was really hoping the chaning it from get to post would fix it I don't know why I didn't try before but it still isn't working I still get the following error: Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_wizard.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_wizard.php on line 2 I ahve read in a few places that with that error you have to make sure there is no HTML code before the session_start() function. And as far as my knowledge goes that is true. I must be missing something because I can't for the life of me figure out why it's breaking. Quote Link to comment Share on other sites More sharing options...
mattdawg Posted April 19, 2008 Author Share Posted April 19, 2008 maybe I just need to post all of the code I have for this so far. login.php <table border="1"> <tr> <form name="form1" method="post" action="chklogin.php"> <td> <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF"> <tr> <td colspan="3"><strong>Member Login </strong></td> </tr> <tr> <td width="78">Username</td> <td width="294"> <input name="username" type="text" id="username"> </td> </tr> <tr> <td>Password</td> <td><input name="pswd" type="text" id="pswd"></td> </tr> <tr> <td><a href="newuser.php">Register Here</a></td> <td><input type="submit" name="Submit" value="Login"></td> </tr> </table> </td> </form> </tr> </table> [\code] chklogin.php [code] <?php session_start(); $file = fopen("dblogin.csv","r"); while(($data = fgetcsv($file)) !== FALSE) { $dbuser = $data[0]; $dbpswd = $data[1]; break; } fclose($file); $dbcon = mysql_connect("localhost", $dbuser, $dbpswd); if (!mysql_errno()) { mysql_select_db($dbuser, $dbcon); $username=$_POST['username']; $password=$_POST['pswd']; $username = stripslashes($username); $password = stripslashes($password); $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $query="SELECT * FROM credentials WHERE username='$username' and password='$password'"; $result=mysql_query($query); $count=mysql_num_rows($result); if($count==1) { $_SESSION['username'] = $username; $_SESSION['pswd'] = $password; header("location:form6.php"); } else { echo "Wrong Username or Password"; } } ?> form6.php <?php session_start(); if(!$_SESSION[username]) { header("location:login.php"); exit(); } ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"> <html lang="en"> <head> <title>CS 3660 - Project - Recipe Keeper</title> </head> <body> <h1>Welcome to the Recipe web page where you can add you own recipies.</h1> <!--<a href="recipe_wizard.php">New Recipe</a> --> <form action="recipe_wizard.php" method="post"> <input type="submit" name="addscore" value="New Recipe" /> </form> </body> </html> recipe_input.php <html> <head> <title>Reciepe Wizard</title> </head> <body> <?php $file = fopen("dblogin.csv","r"); while(($data = fgetcsv($file)) !== FALSE) { $dbuser = $data[0]; $dbpswd = $data[1]; break; } fclose($file); $dbcon = mysql_connect("localhost", $dbuser, $dbpswd); if (!mysql_errno()) { mysql_select_db($dbuser, $dbcon); $repeat = $_POST['ingredientsNum']; $cat = $_POST['category']; $title = $_POST['title']; $queryTitle = "SELECT * FROM recipe WHERE title='$title'"; //echo $queryTitle; //echo "<br/>"; $result = mysql_query($queryTitle, $dbcon) or die("<h1>SQL failed most likly due to improperly formed query</h1>"); if (mysql_num_rows($result) >= 1) { exit("<h1>The title you entered is already being used.</h1>"); } else if (mysql_num_rows($result) == 0) { $queryUser = "SELECT uid FROM credentials WHERE userName='matt'"; //echo $queryUser; $result = mysql_query($queryUser, $dbcon); $row = mysql_fetch_row($result); $uid = $row[0]; $queryCat = "SELECT catid FROM category WHERE catname = '$cat'"; echo $queryCat; $result = mysql_query($queryCat, $dbcon); if (mysql_num_rows($result) >= 1) { $row = mysql_fetch_row($result); $catid = $row[0]; //echo "<br/>cat id = " . $catid; } else { $insert = "INSERT INTO category (catname) VALUES ('$cat')"; mysql_query($insert, $dbcon); $catid = mysql_insert_id($dbcon); //echo "<br/>cat id = " . $catid; } $insert = "INSERT INTO recipe (uid,catid,title,pubpri,rating) VALUES ($uid,$catid,'$title', -1, -1)"; /*the last 2 are not implemented features yet so I set them to -1*/ //echo $insert; mysql_query($insert, $dbcon); $rid = mysql_insert_id($dbcon); } } else { echo "<h1>Connection Error.</h1>"; } echo "<fieldset name=\"Group1\" style=\"height: auto; width: 425px\">"; echo "<legend>" . $title . "</legend>"; echo "<form action=\"uploadRecipe.php?cat=" . $cat . "&rid=" . $rid . "&ingredients=" . $repeat . "&title=" . $title . "\" method=\"post\">"; echo "<fieldset name=\"Group1\" style=\"height: auto\">"; echo "<legend>Ingredience</legend>"; echo "<table>"; echo "<tr><td>Amount</td><td>Mesurement</td><td>Ingredient</td></tr>"; for ($i = 0; $i < $repeat; $i++) { //Nedds to be repeated for how many ingredients selected echo "<tr><td>"; echo "<select name=\"amount" . $i . "\" style=\"width: auto\">"; echo "<option>1</option><option>2</option><option>3</option><option>4</option>"; echo "<option>5</option><option>6</option><option>7</option><option>8</option>"; echo "<option>9</option><option>10</option><option>11</option><option>12</option>"; echo "<option>13</option><option>14</option><option>15</option><option>16</option>"; echo "<option>17</option><option>18</option><option>19</option><option>20</option>"; echo "</select>"; echo "</td><td>"; echo "<input name=\"mesurement" . $i . "\" type=\"text\" style=\"width: 163px\" />"; echo "</td><td>"; echo "<input name=\"ingredient" . $i . "\" type=\"text\" style=\"width: 163px\" />"; echo "</td>"; echo "</tr>"; //repeat to here *********************************************************** } echo "</table>"; echo "</fieldset>"; echo "<fieldset name=\"Group1\" style=\"height: 140 px\">"; echo "<legend>Directions</legend>"; echo "<textarea name=\"directions\" style=\"width: 390; height: 120px\"></textarea>"; echo "</fieldset>"; echo "<input name=\"Next\" type=\"submit\" value=\"Next\" />"; echo "</form>"; echo "</fieldset>"; ?> </body> </html> I know most of my code is a hack job as I learn new things I try and fix thing but some times I don't go back and fix things that work. When I get it all finished I will try and go back and polish this up I just want this working first. But any suggestions that anyone has for me are gladly accepted as I am very new to this stuff. I find it very powerful and exciting so any tips along the way are very helpful. If you need any more code feel free to let me know and I will see what I can do. Thanks, Matt [/code] Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.