Jump to content

Recommended Posts

I wanted to ask step by step but I'll post all question regarding to this issue in one post. Please help me separately each.

Here is the checklogin.php

<?php

$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword']; 
echo $myusername; //for testing purpose;
echo $mypassword;// for testing purpose;
if (!isset($myusername) || !isset($mypassword)) {
echo "Dont go straight to this page please. Use the login form!";
header("location:http://www.mysite.com/login.html");

} 
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($myusername) || empty($mypassword)) {
echo "Blank username and password";// for testing purpose
header( "location:http://www.mysite.com/login.html" );

												}
else{

echo "User name and password are entered";// for testing purpose
$host="localhost"; // Host name 
$username="myusername"; // Mysql username 
$password="mypassword"; // Mysql password 
$db_name="mydbname"; // Database name 
$tbl_name="mytablename"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
//$myusername=$_POST['myusername']; 
//$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count== 1){
while($row = mysql_fetch_array($result))	{
//start the session and register a variable
session_start();
session_register('mysession');
//successful login code will go here...
echo 'Success!';
//we will redirect the user to another page where we will make sure they're logged in
  	header( "location:http://www.mysite.com/administrative.php" );  
											}

			  }
else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
} 
?>



 

1. During I test the page, when log in success, it post out those message: (I had to alter anything that similar to the real page):

 

bla-usernamebla-passwordUser name and password are entered

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/bla/public_html/checklogin.php:5) in /home/bla/public_html/checklogin.php on line 51

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/bla/public_html/checklogin.php:5) in /home/bla/public_html/checklogin.php on line 51

Success!

Warning: Cannot modify header information - headers already sent by (output started at /home/bla/public_html/checklogin.php:5) in /home/bla/public_html/checklogin.php on line 56

 

 

 

2. When I hit submit without entering anything, this one show up:

 

Blank username and password

Warning: Cannot modify header information - headers already sent by (output started at /home/bla/public_html/checklogin.php:14) in /home/bla/public_html/checklogin.php on line 15

 

 

 

3. When I type to go straight to the administrative.php page which user supposed to log in successful first and being transferred to, yet this message show up:

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/bla/public_html/administrative.php:2) in /home/bla/public_html/administrative.php on line 3

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/bla/public_html/administrative.php:2) in /home/bla/public_html/administrative.php on line 3

 

Warning: Cannot modify header information - headers already sent by (output started at /home/bla/public_html/administrative.php:2) in /home/bla/public_html/administrative.php on line 5

Log in successful!!

 

==================

Why it says "log in successful?" and why duplicate warning messages? Can you help me modify the code? Thank you

 

 

 

Following is the administrative.php code


<? 
session_start();
if(!session_is_registered('mysession')){
header("location:http://www.mysite.com/login.html");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Administrative page</title>

</head>

<body>
<h2>Log in successful!!</h2>
</body>
</html>


Link to comment
https://forums.phpfreaks.com/topic/187764-question-log-in-process-problem/
Share on other sites

Right before any of your headers/session_starts() you have an echo. This is the problem. You can't send a header if you output something to the page. I realize those echo's are there for testing purposes, but if you want your headers to work, you need to get rid of them.

 

 

also, session_register() is deprecated. above PHP version 4.2 (i think) you can simply do this

$_SESSION['whatever'] = "value";

and it is the exact same.

 

read up on headers for more info

I'm new to php, and so far as I know of header is a command to re-direct to another page. That's why I use it. I read the head page link in your reply, and still dont understand it. If we cannot put anything before "header" then how would I fix my code? This is my first strike:

<?php


if (!isset($_POST['myusername']) || !isset($_POST['mypassword']) {
header("location:http://www.mysite.com/login.html");
echo "Dont go straight to this page please. Use the login form!";
} 
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($_POST['myusername']) || empty($_POST['mypassword'])) {
header( "location:http://www.mysite.com/login.html" );
echo "Blank username and password";// for testing purpose
												}
else{

echo "User name and password are entered";// for testing purpose
$host="localhost"; // Host name 
$username="myusername"; // Mysql username 
$password="mypass"; // Mysql password 
$db_name="mydbname"; // Database name 
$tbl_name="mytablename"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count == 1){
while($row = mysql_fetch_array($result))	{
//start the session and register a variable
session_start();
$_SESSION['mysession']="mysession";
//successful login code will go here...
echo 'Success!';
//we will redirect the user to another page where we will make sure they're logged in
  	header( "location:http://www.mysite.com/administrative.php" );  
											}

			  }
else {

  //if nothing is returned by the query, unsuccessful login code goes here...

  echo 'Incorrect login name or password. Please try again.';
  }
} 
?>


 

 

And it still doesnot work! I put in correct user and password, it says log in sucesss with the warning:

 

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/bla/public_html/checklogin.php:15) in /home/bla/public_html/checklogin.php on line 46

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/bla/public_html/checklogin.php:15) in /home/bla/public_html/checklogin.php on line 46

Success!

Warning: Cannot modify header information - headers already sent by (output started at /home/bla/public_html/checklogin.php:15) in /home/bla/public_html/checklogin.php on line 51

 

 

and why 3 warning again? got soemthing to do with the header, i believe, but how can there should be nothing above the header? it is under the if statement...well, it's into the code!! I'm confused!

Please ignore all the code I post as well as the problem I asked before this message. Cos this time, I don't get any warning or notice (thanks God and thanks to you guys too). I think I'm about to get it work but still something missing here. Please revise my code and let me know how to fix the problem number:

1. Why either I enter anything into login form or enter nothing or go straight to the administrative.php page (where registered user can do something else after log in successful), it takes me back to the login.html.

2. It is so cold. It does not say anything to user to let him/her know if no info is inputted or wrong username or password or "you have to log in to get to this page" message. I dont know how to add those messages in without causing the header is already sent problem or any other problem.

 

Conclusion: basically, i dont know if it works or not! Whatever I do, it bring me back to the login form! please revise my code! Thank you

Here is the code of 2 files: checklogin.php and administrative.php.

 

Checklogin.php

<?php
if (!isset($_POST['myusername']) || !isset($_POST['mypassword'])) {
header("location:http://www.mysite.com/login.html");

} 
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($_POST['myusername']) || empty($_POST['mypassword'])) {
header( "location:http://www.mysite.com/login.html" );

												}
else{

$host="localhost"; // Host name 
$username="mysqlusername"; // Mysql username 
$password="mypassword"; // Mysql password 
$db_name="mydbname"; // Database name 
$tbl_name="mytablename"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count == 1){
while($row = mysql_fetch_array($result))	{
//start the session and register a variable
session_start();
$_SESSION['mysession']="mysession";
//successful login code will go here...

//we will redirect the user to another page where we will make sure they're logged in
  	header( "location:http://www.mysite.com/administrative.php" );  
echo 'Success!';												}

			  }
else {

  //if nothing is returned by the query, unsuccessful login code goes here...
  header( "location:http://www.mysite.com/login.html" );  
  echo 'Incorrect login name or password. Please try again.';
  }
} 
?>


 

administrative.php

<? 
if($_SESSION['mysession']<>'mysession'){
header("location:http://www.mysite.com/login.html");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Administrative page</title>

</head>

<body>
<h2>Log in successful!!</h2>
</body>
</html>

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.