some small errors

Slowie · June 13, 2011

hey guys

I'm currently having a small problem which my website. i have tested and had it working no problem whilst on a local Ubuntu machine. all of the queries work all of the functions.

however once i upload it to my web host I'm receiving errors once opened. what happens is i put my user-name and password into the form and press login. it then should go to a page called "myaccount.php" however i am receiving the following errors instead

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php: in C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php on line 126

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php: in C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php on line 126

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php on line 128

Warning: Cannot modify header information - headers already sent by (output started at C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php: in C:\Inetpub\vhosts\paulkemphairdressing.com\httpdocs\login.php on line 170

the code i have is


<link rel="icon" type="image/ico" href="/images/JakataIcon.ico"></link> 

<div id="Headerlogo"> <img src="/images/Apollo.png" width="100%" alt="Smile"></div>



<?php

$path = $_SERVER['DOCUMENT_ROOT'];

$path .= "/dbc.php";

include_once($path);



$user_name = $_POST['usr_email'];



$err = array();



foreach($_GET as $key => $value) {

$get[$key] = filter($value); //get variables are filtered.

}



if ($_POST['doLogin']=='Login')

{



foreach($_POST as $key => $value) {

$data[$key] = filter($value); // post variables are filtered

}





$user_email = $data['usr_email'];

$pass = $data['pwd'];





if (strpos($user_email,'@') === false) {

    $user_cond = "user_name='$user_email'";

} else {

      $user_cond = "user_email='$user_email'";

    

}





$result = mysql_query("SELECT `id`,`pwd`,`full_name`,`approved`,`user_level` FROM StaffList WHERE 

           $user_cond

		AND `banned` = '0'

		") or die (mysql_error()); 

$num = mysql_num_rows($result);



  // Match row found with more than 1 results  - the user is authenticated. 

    if ( $num > 0 ) { 



list($id,$pwd,$full_name,$approved,$user_level) = mysql_fetch_row($result);



if(!$approved) {

//$msg = urlencode("Account not activated. Please check your email for activation code");

$err[] = "Account not yet activated. Please contact your manager";

mysql_query	("INSERT INTO Events (UserName, Event ) VALUES ('$user_name', 'Login Failure, Account Not Approved' )");





//header("Location: login.php?msg=$msg");

 //exit();

 }



	//check against salt

if ($pwd === PwdHash($pass,substr($pwd,0,9))) { 

if(empty($err)){			



     // this sets session and logs user in  

       session_start();

   session_regenerate_id (true); //prevent against session fixation attacks.



   // this sets variables in the session 

	$_SESSION['user_id']= $id;  

	$_SESSION['user_name'] = $full_name;

	$_SESSION['user_level'] = $user_level;

	$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);



	//update the timestamp and key for cookie

	$stamp = time();

	$ckey = GenKey();

	mysql_query("update StaffList set `ctime`='$stamp', `ckey` = '$ckey' where id='$id'") or die(mysql_error());

	mysql_query	("INSERT INTO Events (UserName, Event ) VALUES ('$user_name', 'Login Success' )");



	//set a cookie 



   if(isset($_POST['remember'])){

			  setcookie("user_id", $_SESSION['user_id'], time()+60*60*24*COOKIE_TIME_OUT, "/");

			  setcookie("user_key", sha1($ckey), time()+60*60*24*COOKIE_TIME_OUT, "/");

			  setcookie("user_name",$_SESSION['user_name'], time()+60*60*24*COOKIE_TIME_OUT, "/");

			  }

	  header("Location: myaccount.php");

	 }

	}

	else

	{

	//$msg = urlencode("Invalid Login. Please try again with correct user email and password. ");

	$err[] = "Invalid Login. Please try again with correct user email and password.";

	mysql_query	("INSERT INTO Events (UserName, Event ) VALUES ('$user_name', 'Login Failure, Username or Password Error' )");

	//header("Location: login.php?msg=$msg");

	}

} else {

	$err[] = "Error - Invalid login. No such user exists";

	mysql_query	("INSERT INTO Events (UserName, Event ) VALUES ('$user_name', 'Login Failure, Invalid Username' )");

  }		

}







?>

<html>

<head>

<title>Apollo - Data Management System</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

<script language="JavaScript" type="text/javascript" src="js/jquery-1.3.2.min.js"></script>

<script language="JavaScript" type="text/javascript" src="js/jquery.validate.js"></script>

  <script>

  $(document).ready(function(){

    $("#logForm").validate();

  });

  </script>

<link href="/1.css" rel="stylesheet" type="text/css">



</head>



<body>

<table width="100%" border="0" cellspacing="0" cellpadding="5" class="main">

  <tr> 

    <td colspan="3"> </td>

  </tr>

  <tr> 

    <td width="160" valign="top"><p> </p>

      <p>  </p>

      <p> </p>

      <p> </p>

      <p> </p></td>

    <td width="732" valign="top"><p> </p>

      <h3 class="titlehdr">User Login 

      </h3>  

  <p>

  <?php

  /******************** ERROR MESSAGES*************************************************

  This code is to show error messages 

  **************************************************************************/

  if(!empty($err))  {

   echo "<div class=\"msg\">";

  foreach ($err as $e) {

    echo "$e <br>";

    }

  echo "</div>";	

   }

  /******************************* END ********************************/	  

  ?></p>

      <form action="/login.php" method="post" name="logForm" id="logForm" >

        <table width="100%" border="0" cellpadding="4" cellspacing="4" class="loginform">

          <tr> 

            <td colspan="2"> </td>

          </tr>

          <tr> 

            <td width="38%" align="right">Username / Email</td>

            <td width="62%"><input name="usr_email" type="text" class="required" id="txtbox" size="25"></td>

          </tr>

          <tr> 

            <td width="38%" align="right">Password</td>

            <td width="62%"><input name="pwd" type="password" class="required password" id="txtbox" size="25"></td>

          </tr>

          <tr> 

           

          </tr>

          <tr> 

            <td colspan="2"> <div align="center"> 

                <p> 

                  <input name="doLogin" type="submit" id="doLogin3" value="Login">

                </p>

                

               

              </div></td>

          </tr>

        </table>

        <div align="center"></div>

        <p align="center">  </p>

      </form>

      <p> </p>

   

      </td>

    <td width="196" valign="top"> </td>

  </tr>

  <tr> 

    <td colspan="3"> </td>

  </tr>

</table>



</body>

</html>

any help would be greatly appriciated

fugix · June 13, 2011

this is because you are outputting html before using these 2 functions

<div id="Headerlogo"> <img src="/images/Apollo.png" width="100%" alt="Smile"></div>

place the session_start() and session_regenerate_id() before you output an html to avoid these errors

Sign In

some small errors

Recommended Posts

Slowie

Link to comment

Share on other sites

fugix

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information