[SOLVED] Session help

[garry]

So I'm trying to make a login function for my website. I've managed to query the database and find out whether the information matches and whatnot. Now what I'm trying to do is make sessions. Here's the code I'm using:

 

<?php
if (isset($_POST['submitted'])) {

$username = $_POST['username'];
$password = $_POST['password'];

$query = "SELECT *
		  FROM users
		  WHERE username = '$username'
		  AND password = '$password'
		 ";

$result = mysql_query($query);

$row = mysql_fetch_array($result);

if (mysql_num_rows($result) == 0) {
	echo "Sorry, no match found!";
	die();
	}

if (mysql_num_rows($result) == 1) {

	session_start(); // Begin the session
	$_SESSION['username'] = $row['username'];

	echo "Welcome " . $row['firstname'] . "!";
	}

unset($_POST);
}

But I get a headers already sent error after starting the session

 

How can I tell it to start the session after the information has been verified?

 

And I was also wondering if someone could give me some help with explaining cookies and sessions and such. I know that sessions set a cookie on the users computer, but where do I put this information?

 

Any help is appreciated

[peranha]

Put this line at the very top of the page and delete it from where it is now.

 

session_start(); // Begin the session

 

Sessions need to be started before anything is outputed.

 

The only line you need to change is the session_start() line

[garry]

So it's okay to start the session even before I've verified any data?

[peranha]

Yes you have to.  then you can add info to the session as needed anywhere in the script.

[garry]

Ah okay, thankyou

 

I was also wondering if you knew how to set the cookie variables and such? Do I need to do this?

[peranha]

you dont need to unless you want users to stay logged in even after they close their browser.

[garry]

Alright, thank you very much for your help