AKalair Posted September 22, 2008 Share Posted September 22, 2008 Hi guys, Still working on my login form thingy and I'm having another issue. I want to auto redirect the people if they log in successfully but when I use header( 'Location: http://www.thegamerspad.com/members.php' ) ; I get an error. <? if (!$dbcnx) { echo( "<P>Unable to connect to the " . "database server at this time.</P>" ); exit(); } $query = "SELECT username FROM users WHERE username = '{$_POST['username']}'"; $result = mysql_query($query); $row = mysql_fetch_assoc($result); $user = mysql_num_rows($result); if ($user == 1 ) { $queryo = "SELECT password FROM users WHERE password = '{$_POST['password']}'"; $resulto = mysql_query($queryo); $rowo = mysql_fetch_assoc($resulto); $usero = mysql_num_rows($resulto); } if ($usero == 1) { session_start(); $_SESSION['auth'] = 1; header( 'Location: http://www.thegamerspad.com/members.php' ) ; } else { echo "Invalid Sorry"; } ?> This is the error message Warning: Cannot modify header information - headers already sent by (output started at /home/thegamer/public_html/PHP/login2.php:34) in /home/thegamer/public_html/PHP/login2.php on line 36 Any ideas thanks Quote Link to comment Share on other sites More sharing options...
FVxSF Posted September 22, 2008 Share Posted September 22, 2008 Take a look where you placed session_start(). This might be the cause. All way stick session_start() at the top of the file. right after <?php See if that helps. Also. When you post mysql_connect() leave out the DB username and password. Don't want peps to hack yer site Quote Link to comment Share on other sites More sharing options...
AKalair Posted September 22, 2008 Author Share Posted September 22, 2008 I need session start there though as I only want them logged in if they get the username and password right. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted September 22, 2008 Share Posted September 22, 2008 white spaces could be the problem as well: <?php session_start(); if (!$dbcnx) { echo "<P>Unable to connect to the database server at this time.</P>"; exit(); } $query = "SELECT username FROM users WHERE username = '{$_POST['username']}'"; $result = mysql_query($query); $row = mysql_fetch_assoc($result); $user = mysql_num_rows($result); if ($user == 1) { $queryo = "SELECT password FROM users WHERE password = '{$_POST['password']}'"; $resulto = mysql_query($queryo); $rowo = mysql_fetch_assoc($resulto); $usero = mysql_num_rows($resulto); } if ($usero == 1) { $_SESSION['auth'] = 1; header( 'Location: http://www.thegamerspad.com/members.php' ) ; } else { echo "Invalid Sorry"; } ?> Quote Link to comment Share on other sites More sharing options...
slapdashgrim Posted September 22, 2008 Share Posted September 22, 2008 I need session start there though as I only want them logged in if they get the username and password right. the session can start at the begining. but just set the session variable where it is now. session_start should always be the first thing after <?php Quote Link to comment Share on other sites More sharing options...
FVxSF Posted September 22, 2008 Share Posted September 22, 2008 I need session start there though as I only want them logged in if they get the username and password right. **Not no to slapdashgrim, he beat me to the post** No, SESSIONS are used for many things. They are used to track guests, page views, you can log how long people are staying at your site, security tokens, user authentication and more. When I work on my app that users inter act with, I use the session to store their User ID, User Name, Login Time, Their Power level (then match with DB) and a few other things if needed. So if the user is not logged in, you can create a variable say UserLoggedIn and have it equal FALSE if they are not or TRUE if they are. This also adds a little more security. Quote Link to comment Share on other sites More sharing options...
jonsjava Posted September 22, 2008 Share Posted September 22, 2008 decided to clean up the code some more (to make it run faster): <?php session_start(); if (!$dbcnx) { echo "<P>Unable to connect to the database server at this time.</P>"; exit(); } if (isset($_POST['username']) && isset($_POST['password'])){ $username = mysql_real_escape_string($_POST['username']); $password = mysql_real_escape_string($_POST['password']); $query = "SELECT `username` FROM `users` WHERE `username` = '$username' AND `password`='$password' LIMIT 1;"; $result = mysql_query($query); $row = mysql_fetch_assoc($result); $user = mysql_num_rows($result); if ($user == 1) { $_SESSION['auth'] = 1; $_SESSION['username'] = $username; header('Location: http://www.thegamerspad.com/members.php'); } else { echo "Invalid Sorry"; } } else { echo "You Did Not Enter a Username/Password"; } ?> Quote Link to comment Share on other sites More sharing options...
jonsjava Posted September 22, 2008 Share Posted September 22, 2008 So if the user is not logged in, you can create a variable say UserLoggedIn and have it equal FALSE if they are not or TRUE if they are. This also adds a little more security. you don't need to create the variable, until it is true. this way, you can say: <?php if ($_SESSION['is_logged_in']){ //bleh } else{ //blah } ?> if a variable has a value, it is taken to be true. If it doesn't, it's taken as false Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.