[SOLVED] Session Admin Area Issue

[Zeradin]

Hello. I can get this to work using error_reporting(0) but it shouldn't be that way!

 

I have an index file that loads all the pages on the website. If it reads the $_GET['m'] variable as 1 it loads from the admin folder. In there I have all the links relative like index.php?m=1&p=members so that it looks like it's still in the website rather than copying over all the headers.

 

It looks like this:

http://aqua.thehyp.net/index.php?m=1

 

Then I have a logincheck.php that checks if the person has started a session before showing them them the admin content:

<?php
session_start();

if (!isset($_SESSION['name']) && !isset($_SESSION['password'])) {
echo 'Not logged in. Try <a href="index.php?m=1">logging in</a>';
exit;
}
if ($_SESSION['title'] == "pending") {
include('pending.php');
}
else {
$membername = $_SESSION['name'];
$memberpass = $_SESSION['password'];
$membertitle = 'title';
}

 

The problem is I get this:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/hypboard/public_html/aqua/index.php:5) in /home/hypboard/public_html/aqua/admin/logincheck.php on line 2

for every page that the logincheck.php is included on... but if I take the session_start out of the logincheck.php it always thinks the person isn't logged in. I need a new way of thinking of this. Please help.

[PFMaBiSmAd]

I'm pretty sure that error_reporting(0) does not get your code to work, it just hides the error message that is telling you why it does not work.

 

The error message tells you where the output is occurring at that is preventing the session_start() from working -

 

output started at /home/hypboard/public_html/aqua/index.php:5 (line 5)

 

You have something at or before line 5 in index.php that is content that is being output to the browser. You must send headers before any content, so session_start() must be before whatever you have at the beginning of index.php.

[Zeradin]

By work I meant not spit out annoying code:)

 

So basically I should have session start at the beginning of my index page... whether the page is an admin page or not? Seems a bit weird to have a session start even when a visitor goes to the page.

 

There's got to be some simpler way that websites with login areas do this sort of thing.

 

PS I hate cookies.

[Zeradin]

bump

[DavidAM]

There are a couple of ways to work around this.  Post the first few lines of index.php so we can see what is being output and we might be able to suggest a workaround.

[Zeradin]

it's like this. the beginning of the index:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<script src="SpryAssets/SpryMenuBar.js" type="text/javascript"></script>
<link href="SpryAssets/SpryMenuBarHorizontal.css" rel="stylesheet" type="text/css" />
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Aquamatics - Premium Aquarium Fabrication</title>
<?php
/* DETERMINE BROWSER */
if (isset($_SERVER['HTTP_USER_AGENT']) && 
    (strpos($_SERVER['HTTP_USER_AGENT'], 'MSIE') !== false))
{
echo '<link href="iestyle.css" rel="stylesheet" type="text/css">';
$browser = "ie";
}
else
{
echo '<link href="style.css" rel="stylesheet" type="text/css">';
} ?>

then some more bs and then later on in the body it loads the page, admin area or not

/* PAGE DETERMINATION */
$page = $_GET['p'];
$admin = $_GET['m'];
if($admin == 1)
{
	echo '<div style="text-align:center">Admin Area</div><br />';
	$pre = 'admin/';
	if($page == NULL)
	{
		include($pre.'index.php');
	}
	else
	{
		include($pre.$page.'.php');
	}
}
else
{
	if($page == NULL)
	{
		$sql = 'SELECT * FROM info WHERE name = "home"';
		$result = mysql_query($sql);
		$row = mysql_fetch_assoc($result);
		echo $row['info'];
	}
	else
	{
		include('pages/'.$page.'.php');
	}
}

 

then all the admin pages include logincheck.php

<?php
session_start();

if (!isset($_SESSION['name']) && !isset($_SESSION['password'])) {
echo 'Not logged in. Try <a href="index.php?m=1">logging in</a>';
exit;
}
if ($_SESSION['title'] == "pending") {
include('pending.php');
}
else {
$membername = $_SESSION['name'];
$memberpass = $_SESSION['password'];
$membertitle = 'title';
}

[mikesta707]

if you are using a header, you have to do the header before any output. that means before an HTML tags, so whereever your header is, put it at the top of the page

[DavidAM]

OK, all of that HTML at the top of your index page is being sent to the browser.  So now it is too late to send any new headers.  session_start() needs to send a header, and it can't.  If you don't want to just blindly start a session, you could try putting the following at the top of the index (and any other pages that call the logincheck.php)

<?php
if ( (isset($_GET['m'])) && ($_GET['m'] == 1) ) session_start();
?>
<!DOCTYPE ...

Then you only start a session if you are going to need it later.

 

Another way to do this is to put

<?php ob_start();?>

at the very top of the index.  This will hold all the output in a buffer so headers and stuff can be modified.  Then, somewhere after doing the logincheck.php (or not doing it) -- say right after the PAGE DETERMINATION block, you will have to call ob_end_flush() to send the headers and whatever has been buffered.

[Zeradin]

Awesome. Great idea. Thank you!