issues with sessions

mbrown · April 11, 2010

i am getting an error about can not sessions. i have not echoed anything out. my test is with correct data. so the user trying to log in is a user in the user db

Errors:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 120

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 120

Warning: Cannot modify header information - headers already sent by (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 128

index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>MITS Login</title>
	<link type="text/css" rel="stylesheet" href="./css/login.css" />

</head>

<body>
	<?php
		/* Copyright (c) 2009 Michael Brown.  All rights reserved */
		/* Mike Brown's Asset Tracking System
	   Copyright (C) 2009  Michael Brown

		This program is free software: you can redistribute it and/or modify
		it under the terms of the GNU General Public License as published by
		the Free Software Foundation, either version 3 of the License, or
		(at your option) any later version.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
		GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program.  If not, see <http://www.gnu.org/licenses/>*/


		require_once("./includes/functions.php");
	?>

	<div class="loginForm">
		<div style="text-align: right;">
			<?php visitorIP() ?>
		</div> 

		<?php	
			if (!($_POST['submit']))
			{
				//Debug Code
				//echo "Request Method: " . $_SERVER['REQUEST_METHOD'];
				loginForm();
			}
			else
			{
				$username=$_POST['user'];
				$password=$_POST['password'];

				validateLogin($username, $password);									
			}
			loadTime();

		?>
	</div>

</body>
</html>

functions.php


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  
<?php
	/* Copyright (c) 2009 Michael Brown.  All rights reserved */
	/* Mike Brown's Asset Tracking System
   Copyright (C) 2009  Michael Brown

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>*/



	function loadTime()
	{
		// Insert this block of code at the very top of your page:
		$time = microtime();$time = explode(" ", $time);
		$time = $time[1] + $time[0];$start = $time;

		// Place this part at the very end of your page$time = microtime();
		$time = explode(" ", $time);$time = $time[1] + $time[0];
		$finish = $time;$totaltime = ($finish - $start);
		printf ("<div style='text-align: right;'>Page genearted in: %f seconds.</div>", $totaltime);
	}

	function emailverify($email)
	{
		if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) 
		{
			echo "Valid email address.";
		}
		else
		{
			echo "Invalid email address.";
		}
	}

	function visitorIP()
	{
		$ip = getenv('REMOTE_ADDR');
		echo "IP Address: $ip";
	}

	function validateLogin ($username, $password)
	{

		global $errorMessage;

		if ($username == "")
		{
			$errorMessage = "Please enter your username.<br />";
		}

		if ($password == "")
		{
			$errorMessage .= "Please enter a password.<br />";
		}

		if (strlen($password)< 5)
		{
			//Debug: echo "Password $password <br />";
			//Debug: echo "Length: " . strlen($password) . "<br />";
			$errorMessage .= "Your password is too short";
		}

		if ($errorMessage == "")
		{
			//connect to the database
			dbconnect();

			//convert to sha1 hash
			$pwverify = sha1($password);

			//query string
			$query = "SELECT * FROM users WHERE username  = '$username' AND password='$pwverify'";

			//result
			$userResult = mysql_query($query) or die (mysql_error());

			//number of rows
			$numrows = mysql_num_rows($userResult);

			//Debug Information
			//echo "Username: " . $username . "<br />";
			//echo "Pw Verify: " . $pwverify . "<br />";
			//echo "Num Rows: " . $numrows . "<br />";

			if ($numrows == "1")
			{
				//getting the ip address of the user
				$ipaddress = $_SERVER['REMOTE_ADDR'];

				//getting current date and time
				$date = date("F j, Y, g:i a");

				//connecting to the database
				include ("connect.php");

				//Updating the user table with the most recent ip address and time user logged in with
				$SQL = "UPDATE users SET ";
				$SQL .= "ipAddress = '$ipaddress', ";
				$SQL .= "date = '$date' ";
				$SQL .= "WHERE username = '$username'";

				//running the sql query
				$result = mysql_query($SQL, $db) or die (mysql_error($db));

				//starting the session
				session_start();
				//setting the variable loggIn to true
				$_SESSION['loggedIn'] = TRUE;

				//setting the username variable to the username that user used to logged in
				$_SESSION['username'] = $username;

				//sending the user to the administrative homepage
				header("Location: ../administration/index.php");
				exit();
			}
			else
			{
				echo "Invalid User";
			}
		}

		else 
		{
			echo $errorMessage;
		}
	}

	function loginForm()
	{
	?>
					<form action='index.php' method='post'>
						Username: <input type='text' id='user' name='user' /><br />
						Password: <input type='password' id='password' name='password' /><br />
						<input type='submit' name='submit' value='Submit' />
						<input type='reset' name='reset' />
					</form>
	<?php
	}

	function greeting($username)
	{
		global $greeting;
		$theDate = date("H"); 
		if($theDate < 12) 
		{
			$greeting = "Good morning, " . $username;
		}
		else if($theDate < 18) 
		{
			$greeting = "Good afternoon, " . $username;
		}
		else 
		{
			$greeting = "Good evening, " . $username;
		}

		echo  $greeting;
	}

	function dbconnect()
	{
		$host="localhost";
		$dbuser="mits";
		$dbpw="Fu59e123#";
		$database="mits";
		global $db;

		$db = mysql_connect($host,$dbuser, $dbpw) or die("Unable to connect to MySQL");
		//mysql_select_db( $database ,$db) or die("Could not select database");
		mysql_select_db($database, $db) or die ($database . " Database not found." . $dbuser);
		//echo "<br />Database " . $database . " is selected";

		if (!$db)
		{
			 die('Could not connect: ' . mysql_error());
		}

	}
?>

Any help would be great!

Thanks

Mike

void · April 11, 2010

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

this is echoed before the session_start(), that's why you are getting this error. put all the html after the php.

mbrown · April 11, 2010

Thanks Void. I just saw that!

Mike

mbrown · April 11, 2010

That is not the only thing and now I really can not tell what the issue was.

Sign In

issues with sessions

Recommended Posts

mbrown

Link to comment

Share on other sites

void

Link to comment

Share on other sites

mbrown

Link to comment

Share on other sites

mbrown

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information