Jump to content

problem with a simple login script.


colleyboy

Recommended Posts

Hi there,

 

I have a simple login script written but I get an error with it.  It does work but shows an error on some pages.

 

Let me explain.

 

Three Files:

 

Admin.php

Login.html

checklogin.php

 

When the user has logged in they go to checklogin.php.  If the username and password match 1 row in the database then it forwards the user to admin.php fine.  Except I keep getting mysql warning messages:

 

Warning: Cannot modify header information - headers already sent by (output started at /home/wormste1/public_html/tilburywebdesign/shop/templates/template1/admin/updatescompanyinformation.php:3) in /home/wormste1/public_html/tilburywebdesign/shop/templates/template1/admin/companyinfoupdated.php on line 3

 

 

At the start of each page I want password protected I put the following code:

 

<? 
session_start();
if(!session_is_registered(myusername)){
header("location:login.html");
}
?>

 

I can't work out why I am getting this error.

 

Many Thanks,

Ian

 

Link to comment
Share on other sites

output started at . . . /updatescompanyinformation.php:3

 

^^^ Something at or up to line 3 in that file is sending output to the browser.

 

Also, read the following post as to why the code you are putting on each page is out of date and is not secure - http://www.phpfreaks.com/forums/php-coding-help/forms-gone-crazy/msg1510368/#msg1510368

 

 

Link to comment
Share on other sites

Thanks for that,

 

I replaced the code in admin.php with :

 

This is now at the start of all 'protected' pages:

 

<?

session_start();

if(!isset($_SESSION['username'])){

header("location:login.html");

exit; // prevent access to all the rest of the code on the page

}

?>

 

but now when I login it doesnt stay on the protected page instead it redirects back to the login.html any idea why? :S

Link to comment
Share on other sites

This is the code for checklogin.php if that helps:

 

<?php
$host="localhost"; // Host name 
$username="xxxxxxxxxxx"; // Mysql username 
$password="xxxxxxxxxx"; // Mysql password 
$db_name="xxxxxxxxxxxxx"; // Database name 
$tbl_name="xxxxxxxxxxxxx"; // Table name 

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form 
$myusername=$_POST['myusername']; 
$mypassword=$_POST['mypassword']; 

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "index.php"
session_register("myusername");
session_register("mypassword"); 
header("location:index.php");
}
else {
echo "Wrong Username or Password";
}
?>


Link to comment
Share on other sites

Oh no...

 

The login itself is still working... but I still get the same error:

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/wormste1/public_html/tilburywebdesign/shop/templates/template1/admin/updatescompanyinformation.php:3) in /home/wormste1/public_html/tilburywebdesign/shop/templates/template1/admin/companyinfoupdated.php on line 2

 

This is line 2:

 

<?

session_start();  <--------------- LINE 2

if(!isset($_SESSION['myusername'])){

header("location:login.html");

exit; // prevent access to all the rest of the code on the page

}

?>

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.