issues with sessions

[mbrown]

i am getting an error about can not sessions. i have not echoed anything out. my test is with correct data. so the user trying to log in is a user in the user db

 

Errors:

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 120

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 120

 

Warning: Cannot modify header information - headers already sent by (output started at C:\webserver\xampp\htdocs\mits\index.php:11) in C:\webserver\xampp\htdocs\mits\includes\functions.php on line 128

 

index.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title>MITS Login</title>
	<link type="text/css" rel="stylesheet" href="./css/login.css" />

</head>

<body>
	<?php
		/* Copyright (c) 2009 Michael Brown.  All rights reserved */
		/* Mike Brown's Asset Tracking System
	   Copyright (C) 2009  Michael Brown

		This program is free software: you can redistribute it and/or modify
		it under the terms of the GNU General Public License as published by
		the Free Software Foundation, either version 3 of the License, or
		(at your option) any later version.

		This program is distributed in the hope that it will be useful,
		but WITHOUT ANY WARRANTY; without even the implied warranty of
		MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
		GNU General Public License for more details.

		You should have received a copy of the GNU General Public License
		along with this program.  If not, see <http://www.gnu.org/licenses/>*/


		require_once("./includes/functions.php");
	?>

	<div class="loginForm">
		<div style="text-align: right;">
			<?php visitorIP() ?>
		</div> 

		<?php	
			if (!($_POST['submit']))
			{
				//Debug Code
				//echo "Request Method: " . $_SERVER['REQUEST_METHOD'];
				loginForm();
			}
			else
			{
				$username=$_POST['user'];
				$password=$_POST['password'];

				validateLogin($username, $password);									
			}
			loadTime();

		?>
	</div>

</body>
</html>

 

 

functions.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  
<?php
	/* Copyright (c) 2009 Michael Brown.  All rights reserved */
	/* Mike Brown's Asset Tracking System
   Copyright (C) 2009  Michael Brown

	This program is free software: you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation, either version 3 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program.  If not, see <http://www.gnu.org/licenses/>*/



	function loadTime()
	{
		// Insert this block of code at the very top of your page:
		$time = microtime();$time = explode(" ", $time);
		$time = $time[1] + $time[0];$start = $time;

		// Place this part at the very end of your page$time = microtime();
		$time = explode(" ", $time);$time = $time[1] + $time[0];
		$finish = $time;$totaltime = ($finish - $start);
		printf ("<div style='text-align: right;'>Page genearted in: %f seconds.</div>", $totaltime);
	}

	function emailverify($email)
	{
		if(eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)) 
		{
			echo "Valid email address.";
		}
		else
		{
			echo "Invalid email address.";
		}
	}

	function visitorIP()
	{
		$ip = getenv('REMOTE_ADDR');
		echo "IP Address: $ip";
	}

	function validateLogin ($username, $password)
	{

		global $errorMessage;

		if ($username == "")
		{
			$errorMessage = "Please enter your username.<br />";
		}

		if ($password == "")
		{
			$errorMessage .= "Please enter a password.<br />";
		}

		if (strlen($password)< 5)
		{
			//Debug: echo "Password $password <br />";
			//Debug: echo "Length: " . strlen($password) . "<br />";
			$errorMessage .= "Your password is too short";
		}

		if ($errorMessage == "")
		{
			//connect to the database
			dbconnect();

			//convert to sha1 hash
			$pwverify = sha1($password);

			//query string
			$query = "SELECT * FROM users WHERE username  = '$username' AND password='$pwverify'";

			//result
			$userResult = mysql_query($query) or die (mysql_error());

			//number of rows
			$numrows = mysql_num_rows($userResult);

			//Debug Information
			//echo "Username: " . $username . "<br />";
			//echo "Pw Verify: " . $pwverify . "<br />";
			//echo "Num Rows: " . $numrows . "<br />";

			if ($numrows == "1")
			{
				//getting the ip address of the user
				$ipaddress = $_SERVER['REMOTE_ADDR'];

				//getting current date and time
				$date = date("F j, Y, g:i a");

				//connecting to the database
				include ("connect.php");

				//Updating the user table with the most recent ip address and time user logged in with
				$SQL = "UPDATE users SET ";
				$SQL .= "ipAddress = '$ipaddress', ";
				$SQL .= "date = '$date' ";
				$SQL .= "WHERE username = '$username'";

				//running the sql query
				$result = mysql_query($SQL, $db) or die (mysql_error($db));

				//starting the session
				session_start();
				//setting the variable loggIn to true
				$_SESSION['loggedIn'] = TRUE;

				//setting the username variable to the username that user used to logged in
				$_SESSION['username'] = $username;

				//sending the user to the administrative homepage
				header("Location: ../administration/index.php");
				exit();
			}
			else
			{
				echo "Invalid User";
			}
		}

		else 
		{
			echo $errorMessage;
		}
	}

	function loginForm()
	{
	?>
					<form action='index.php' method='post'>
						Username: <input type='text' id='user' name='user' /><br />
						Password: <input type='password' id='password' name='password' /><br />
						<input type='submit' name='submit' value='Submit' />
						<input type='reset' name='reset' />
					</form>
	<?php
	}

	function greeting($username)
	{
		global $greeting;
		$theDate = date("H"); 
		if($theDate < 12) 
		{
			$greeting = "Good morning, " . $username;
		}
		else if($theDate < 18) 
		{
			$greeting = "Good afternoon, " . $username;
		}
		else 
		{
			$greeting = "Good evening, " . $username;
		}

		echo  $greeting;
	}

	function dbconnect()
	{
		$host="localhost";
		$dbuser="mits";
		$dbpw="Fu59e123#";
		$database="mits";
		global $db;

		$db = mysql_connect($host,$dbuser, $dbpw) or die("Unable to connect to MySQL");
		//mysql_select_db( $database ,$db) or die("Could not select database");
		mysql_select_db($database, $db) or die ($database . " Database not found." . $dbuser);
		//echo "<br />Database " . $database . " is selected";

		if (!$db)
		{
			 die('Could not connect: ' . mysql_error());
		}

	}
?>

 

Any help would be great!

 

Thanks

 

Mike

[void]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"

      "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 

this is echoed before the session_start(), that's why you are getting this error. put all the html after the php.

[mbrown]

Thanks Void. I just saw that!

 

Mike

[mbrown]

That is not the only thing and now I really can not tell what the issue was.