Just simple log in form. Works for everybody but not me. Please help

[shinichi_nguyen]

I have searched for many tuts and applied it to my project. Everyone else says thanks, it works, but not for me? I'm newbie to programming and php. Please someone take a look at my project.

Problem:

When I type correct info, it take me to loginsucess page. When I type wrong, it does say wrong password but just stay in a blank page. When I type directly the loginsucess.php, it takes me there too and say Log in successful and there is a warning too. Warning is:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/somepath/public_html/loginsucess.php:2) in /home/somepath/public_html/loginsucess.php on line 3

 

Log in successful!!

//Note: I changed real path to "somepath"

 

 

Please help me! I'm posting the code too

==============================

====login.html====

<form name="login" id="login" method="post" action="checklogin.php">
<table align="center">
<tr>
<td><label for="username">Username</label></td>
<td><input type="text" name="myusername" id="myusersame" /></td>
</tr>
<tr>
<td><label for="password">Password</label></td>
<td><input type="password" name="mypassword" id="mypassword" /></td>
<tr>
<td></td>
<td><input type="submit" name="submit" id="submit" value="Submit" /></td>
</tr>
</tr>
</table>
</form>

 

===============

 

==checklogin.php==

<?php
ob_start();
$host="localhost"; // Host name 
$username="myusermod"; // Mysql username 
$password="myuserpassword"; // Mysql password 
$db_name="mymembersdb"; // Database name 
$tbl_name="myuserstable"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword"); 
header("location:loginsucess.php");
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

 

=======

 

===loginsucess.php=====

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<? 
session_start();
if(!session_is_registered(myusername)){
header("location:login.html");
}
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Administrative page</title>

</head>

<body>
<h2>Log in successful!!</h2>
</body>
</html>

 

[calmchess]

well everything in pretty ok just your php needs to go in the head area of your document and you need another header for when it fails right now you just have it echoing failed

[teamatomic]

You can't output anything before calling the session start. That includes !DOCTYPE. Just move it to right above the <html> tag.

[calmchess]

good catch i missed that in login success

[shinichi_nguyen]

Thanks you guys. But I'm confused from reading both of your replies

Can you tell me again more specific on which file.php that need header and move thing around? please? Thank you

[hkothari]

In loginsuccess.php take:

<? 
session_start();
if(!session_is_registered(myusername)){
header("location:login.html");
}
?>

and move it to the top.