Jump to content

Login and session question (Easy..hopefully)

mattdawg

By mattdawg
in PHP Coding Help

Recommended Posts

mattdawg Newbie

mattdawg

Posted
Posted

I am really new to PHP and I am trying to get my feet wet with a simple recipe website.  I have created several pages with a sql back end.  I have been following several tutorials and I have added a lot to them and it has gotten me to this problem.  So I am wondering if someone can help me figure this out.  Hopefully it is an easy question.

 

I have a login page that asks for a user name and password.  I validate those through the database.  That part is working perfectly.  Then when I am done checking I register the session and kick them off the the site with:

 

            session_register("username");

            session_register("pswd");

            header("location:form6.php");

 

at the top of form6.php I have the following to check the session to make sure they are validated, if they are not I send them to the login page with the following code:

 

            <?php

                session_start();

                if(!session_is_registered(username))

              {

              header("location:login.php");

                }

            ?>

 

even that part works great.  Here is where I get stuck.  I want to add this same type of functionality to other pages but when I do I get the following error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_input.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_input.php on line 2

 

I am a little stuck on this one.  People who directly type the page address can bypass the login without this so I would just like to get this figured out.  And the sooner the better as there are other bigger things I would like to tackle.

 

Thanks,

Matt

 

 

 

mattdawg Newbie

mattdawg

Posted
  • Author
Posted

Ok that didn't work so maybe I didn't post all the relavent information. so here is what I have to validate the user name and password and store them in the session;

 

    $dbcon = mysql_connect("localhost", $dbuser, $dbpswd);

    if (!mysql_errno())

    {

        mysql_select_db($dbuser, $dbcon);

 

        $username=$_POST['username'];

        $pswd=$_POST['pswd'];

   

        $myusername = stripslashes($username);

        $mypassword = stripslashes($pswd);

        $myusername = mysql_real_escape_string($username);

        $mypassword = mysql_real_escape_string($pswd);

   

        $query="SELECT * FROM credentials WHERE username='$username' and password='$pswd'";

        $result=mysql_query($query);

   

        $count=mysql_num_rows($result);

   

        if($count==1)

        {

            $_SESSION['username'] = $username;

            $_SESSION['pswd'] = $pswd;

            header("location:form6.php");

        }

        else

        {

            echo "Wrong Username or Password";

        }

    }

 

then in form6.php, right at the top of the file, I have the following:

 

<?php

    session_start();

    if(!session_is_registered(username))

    {

header("location:login.php");

    }

?>

 

form 6 can then get me to recipe_wizard.php through a get method

 

        <form action="recipe_wizard.php" method="get">

            <input type="submit" name="addscore" value="New Recipe" />

        </form>

 

I am thinking that's why I can't have the above code.  I am not sure but does that add html to the next page preventing the validation above to not be the first thing in the next file?  Anyway's I then have this at the top fo the recipe_wizard.php file the very first thing:

 

<?php

    session_start();

    if(!session_is_registered(username))

    {

header("location:login.php");

    }

?>

 

when I try to navigate to this page I get the following error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_input.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_input.php on line 2

 

 

unidox Advanced Member

unidox

Posted
Posted

Try this:

 

<?php
$dbcon = mysql_connect("localhost", $dbuser, $dbpswd);
if ($dbcon) {
mysql_select_db($dbuser, $dbcon);

$username = $_POST['username'];
$password = $_POST['pswd'];

$username = stripslashes($username);
$password = stripslashes($pswd);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($pswd);

$q = mysql_query("SELECT * FROM `credentials` WHERE `username` = '$username' and `password` = '$password'");

$count = mysql_num_rows($q);

if($count == 1)	{
	$_SESSION['username'] = $username;
	$_SESSION['pswd'] = $password;
	header("location: form6.php");
	exit();
} else {
	echo "Wrong Username or Password";
	exit();
}
}
?>
then in form6.php, right at the top of the file, I have the following:

<?php
session_start();
if(!$_SESSION['username']) {
header("location:login.php");
exit();
}
?>

form 6 can then get me to recipe_wizard.php through a get method

<form action="recipe_wizard.php" method="POST">
<input type="submit" name="addscore" value="New Recipe" />
</form>

I am thinking that's why I can't have the above code.  I am not sure but does that add html to the next page preventing the validation above to not be the first thing in the next file?  Anyway's I then have this at the top fo the recipe_wizard.php file the very first thing:

<?php
session_start();
if(!$_SESSION['username']) {
header("location:login.php");
exit();
}
?>

 

I changed some of the names and changed the form method to post. See if that works.

mattdawg Newbie

mattdawg

Posted
  • Author
Posted

Thanks for the tips. I made the minor adjustments and I found a couple errors that I had missed especially with the strip slashes and such I didn't realize I was re-naming them.

 

I am still getting the error.  I was really hoping the chaning it from get to post would fix it I don't know why I didn't try before but it still isn't working I still get the following error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /Volumes/Data/Users/10265897/Sites/recipe_wizard.php:1) in /Volumes/Data/Users/10265897/Sites/recipe_wizard.php on line 2

 

I ahve read in a few places that with that error you have to make sure there is no HTML code before the session_start() function.  And as far as my knowledge goes that is true.  I must be missing something because I can't for the life of me figure out why it's breaking.

mattdawg Newbie

mattdawg

Posted
  • Author
Posted

maybe I just need to post all of the code I have for this so far.

 

login.php

<table border="1">
    <tr>
        <form name="form1" method="post" action="chklogin.php">
            <td>
                <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
                    <tr>
                        <td colspan="3"><strong>Member Login </strong></td>
                    </tr>
                    <tr>
                        <td width="78">Username</td>
                        <td width="294">
                            <input name="username" type="text" id="username">
                        </td>
                    </tr>
                    <tr>
                        <td>Password</td>
                        <td><input name="pswd" type="text" id="pswd"></td>
                    </tr>
                    <tr>
                        <td><a href="newuser.php">Register Here</a></td>
                        <td><input type="submit" name="Submit" value="Login"></td>
                    </tr>
                </table>
            </td>
        </form>
    </tr>
</table>
[\code]

chklogin.php
[code]
<?php
    session_start();
    $file = fopen("dblogin.csv","r");
    while(($data = fgetcsv($file)) !== FALSE)
    {
        $dbuser = $data[0];
        $dbpswd = $data[1];
        break;
    }
    fclose($file);
    
    $dbcon = mysql_connect("localhost", $dbuser, $dbpswd);
    if (!mysql_errno())
    {
        mysql_select_db($dbuser, $dbcon);

        $username=$_POST['username']; 
        $password=$_POST['pswd']; 
    
        $username = stripslashes($username);
        $password = stripslashes($password);
        $username = mysql_real_escape_string($username);
        $password = mysql_real_escape_string($password);
    
        $query="SELECT * FROM credentials WHERE username='$username' and password='$password'";
        $result=mysql_query($query);
    
        $count=mysql_num_rows($result);
    
        if($count==1)
        {
            $_SESSION['username'] = $username;
            $_SESSION['pswd'] = $password;
            header("location:form6.php");
        }
        else
        {
            echo "Wrong Username or Password";
        }
    }
?>

 

form6.php

<?php
    session_start();
    if(!$_SESSION[username])
    {
header("location:login.php");
exit();
    }
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">

<html lang="en">
<head>
    <title>CS 3660 - Project - Recipe Keeper</title>
</head>
    <body>
        <h1>Welcome to the Recipe web page where you can add you own recipies.</h1>
<!--<a href="recipe_wizard.php">New Recipe</a> -->
        <form action="recipe_wizard.php" method="post">
            <input type="submit" name="addscore" value="New Recipe" />
        </form>
    </body>
</html>

 

recipe_input.php

<html>
<head>
	<title>Reciepe Wizard</title>
</head>
<body>
	<?php
		$file = fopen("dblogin.csv","r");
		while(($data = fgetcsv($file)) !== FALSE)
		{
			$dbuser = $data[0];
			$dbpswd = $data[1];
			break;
		}
		fclose($file);

		$dbcon = mysql_connect("localhost", $dbuser, $dbpswd);
		if (!mysql_errno())
		{
			mysql_select_db($dbuser, $dbcon);

			$repeat = $_POST['ingredientsNum'];
			$cat = $_POST['category'];
			$title = $_POST['title'];

			$queryTitle = "SELECT * FROM recipe WHERE title='$title'";
			//echo $queryTitle;
			//echo "<br/>";
    
			$result = mysql_query($queryTitle, $dbcon) or die("<h1>SQL failed most likly due to improperly formed query</h1>");
			if (mysql_num_rows($result) >= 1)
			{
				exit("<h1>The title you entered is already being used.</h1>");
			}


			else if (mysql_num_rows($result) == 0)
			{
				$queryUser = "SELECT uid FROM credentials WHERE userName='matt'";
				//echo $queryUser;
				$result = mysql_query($queryUser, $dbcon);
				$row = mysql_fetch_row($result);
				$uid = $row[0];
				$queryCat = "SELECT catid FROM category WHERE catname = '$cat'";
				echo $queryCat;
				$result = mysql_query($queryCat, $dbcon);
				if (mysql_num_rows($result) >= 1)
				{
					$row = mysql_fetch_row($result);
					$catid = $row[0];
					//echo "<br/>cat id = " . $catid;
				}
				else
				{
					$insert = "INSERT INTO category (catname) VALUES ('$cat')";
					mysql_query($insert, $dbcon);
					$catid = mysql_insert_id($dbcon);
					//echo "<br/>cat id = " . $catid;
				}
				$insert = "INSERT INTO recipe (uid,catid,title,pubpri,rating) VALUES ($uid,$catid,'$title', -1, -1)"; /*the last 2 are not implemented features yet so I set them to -1*/
				//echo $insert;
				mysql_query($insert, $dbcon);
				$rid = mysql_insert_id($dbcon);
			}
		}
		else
		{
			echo "<h1>Connection Error.</h1>";
		}

		echo "<fieldset name=\"Group1\" style=\"height: auto; width: 425px\">";
			echo "<legend>" . $title . "</legend>";
			echo "<form action=\"uploadRecipe.php?cat=" . $cat . "&rid=" . $rid . "&ingredients=" . $repeat . "&title=" . $title . "\" method=\"post\">";
				echo "<fieldset name=\"Group1\" style=\"height: auto\">";
					echo "<legend>Ingredience</legend>";

					echo "<table>";
						echo "<tr><td>Amount</td><td>Mesurement</td><td>Ingredient</td></tr>";

						for ($i = 0; $i < $repeat; $i++)
						{
							//Nedds to be repeated for how many ingredients selected
							echo "<tr><td>";
								echo "<select name=\"amount" . $i . "\" style=\"width: auto\">";
									echo "<option>1</option><option>2</option><option>3</option><option>4</option>";
									echo "<option>5</option><option>6</option><option>7</option><option>8</option>";
									echo "<option>9</option><option>10</option><option>11</option><option>12</option>";
									echo "<option>13</option><option>14</option><option>15</option><option>16</option>";
									echo "<option>17</option><option>18</option><option>19</option><option>20</option>";
								echo "</select>";
							echo "</td><td>";
								echo "<input name=\"mesurement" . $i . "\" type=\"text\" style=\"width: 163px\" />";
							echo "</td><td>";
								echo "<input name=\"ingredient" . $i . "\" type=\"text\" style=\"width: 163px\" />";
							echo "</td>";
							echo "</tr>";
							//repeat to here ***********************************************************
						}

					echo "</table>";
				echo "</fieldset>";
				echo "<fieldset name=\"Group1\" style=\"height: 140 px\">";
					echo "<legend>Directions</legend>";
					echo "<textarea name=\"directions\" style=\"width: 390; height: 120px\"></textarea>";
				echo "</fieldset>";
				echo "<input name=\"Next\" type=\"submit\" value=\"Next\" />";
			echo "</form>";
		echo "</fieldset>";
	?>
</body>
</html>

 

I know most of my code is a hack job as I learn new things I try and fix thing but some times I don't go back and fix things that work.  When I get it all finished I will try and go back and polish this up I just want this working first.  But any suggestions that anyone has for me are gladly accepted as I am very new to this stuff.  I find it very powerful and exciting so any tips along the way are very helpful.

 

If you need any more code feel free to let me know and I will see what I can do.

 

Thanks,

Matt

 

[/code]

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.