steviemac Posted January 6, 2012 Share Posted January 6, 2012 I have been trying to figure this out for a couple hours and to no avail. I am getting this error: <b>Warning</b>: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/name/www/www/members/dbmembers.php:5) in <b>/home/name/www/www/members/adminpro_class.php</b> on line <b>59</b><br /> This is the code for the page: <?php ////YOU ARE NOT APPROVED include("dbmembers.php"); $userName = $_POST['userName']; $userPass = $_POST['userPass']; $encript_pass = md5($userPass); if(isset($_POST['submit'])) {$sql = mysql_query("SELECT * FROM table WHERE userName = '".$userName."' AND userPass = '".$encript_pass."'") or die(mysql_error()); while($record = mysql_fetch_array($sql)) {if($record['status'] == "0") {die("You are not yet approved");exit; } } } ?> <?php include("adminpro_class.php"); $prot=new protect("0","1"); if ($prot->showPage) { $curUser=$prot->getUser();?> HTML CODE HERE FOR PROTECTED WEB PAGE <?php } ?> If I remove the YOU ARE NOT APPROVED code the error goes away. I appreciate any help, I am my frustration level. Thanks Quote Link to comment Share on other sites More sharing options...
Pikachu2000 Posted January 6, 2012 Share Posted January 6, 2012 There's a sticky topic regarding this: HEADER ERRORS - READ HERE BEFORE POSTING THEM Quote Link to comment Share on other sites More sharing options...
steviemac Posted January 6, 2012 Author Share Posted January 6, 2012 I read that. I think I have a white space issue somewhere but I cannot see or find it. Like I said I have been trying for a while and have reached my frustration level. Thanks anyway. Quote Link to comment Share on other sites More sharing options...
scootstah Posted January 6, 2012 Share Posted January 6, 2012 Post the file with the session_start in it. Quote Link to comment Share on other sites More sharing options...
steviemac Posted January 6, 2012 Author Share Posted January 6, 2012 OK, here it is. I have been using this program for a few years now and have never had a problem. <?php class protect{ /*** **** @class: protect **** @project: AdminPro Class **** @version: 1.3; **** @author: Giorgos Tsiledakis; **** @date: 2004-09-04; **** @license: GNU GENERAL PUBLIC LICENSE; **** **** This class protects your php pages using a MySQL Database and the PHP session functions **** Please read the readme.html file (included in this package) first ****/ var $errorMsg=""; var $showPage=false; /* **** @function: protect; Class Constructor **** @include: the class configuration file: adminpro_config.php **** @include: the class to access MySQL: mysql_dialog.php **** if some var is passed, it will be an administrator page **** makes the configuration vars public, starts a session and goes to checkSession() */ function protect($isAdmin=false,$userGroup=false){ include("adminpro_config.php"); include("mysql_dialog.php"); $this->accNoCookies=$globalConfig['acceptNoCookies']; $this->dbhost=$globalConfig['dbhost']; $this->dbuser=$globalConfig['dbuser']; $this->dbpass=$globalConfig['dbpass']; $this->dbase=$globalConfig['dbase']; $this->tbl=$globalConfig['tbl']; $this->tblID=$globalConfig['tblID']; $this->tblUserName=$globalConfig['tblUserName']; $this->tblUserPass=$globalConfig['tblUserPass']; $this->tblIsAdmin=$globalConfig['tblIsAdmin']; $this->tblUserGroup=$globalConfig['tblUserGroup']; $this->tblSessionID=$globalConfig['tblSessionID']; $this->tblLastLog=$globalConfig['tblLastLog']; $this->tblUserRemark=$globalConfig['tblUserRemark']; $this->inactiveMin=$globalConfig['inactiveMin']; $this->loginUrl=$globalConfig['loginUrl']; $this->logoutUrl=$globalConfig['logoutUrl']; $this->enblRemember=$globalConfig['enblRemember']; $this->cookieRemName=$globalConfig['cookieRemName']; $this->cookieRemPass=$globalConfig['cookieRemPass']; $this->cookieExpDays=$globalConfig['cookieExpDays']; $this->isMd5=$globalConfig['isMd5']; $this->errorPageTitle=$globalConfig['errorPageTitle']; $this->errorPageH1=$globalConfig['errorPageH1']; $this->errorPageLink=$globalConfig['errorPageLink']; $this->errorNoCookies=$globalConfig['errorNoCookies']; $this->errorNoLogin=$globalConfig['errorNoLogin']; $this->errorInvalid=$globalConfig['errorInvalid']; $this->errorDelay=$globalConfig['errorDelay']; $this->errorNoAdmin=$globalConfig['errorNoAdmin']; $this->errorNoGroup=$globalConfig['errorNoGroup']; $this->errorCssUrl=$globalConfig['errorCssUrl']; $this->errorCharset=$globalConfig['errorCharset']; session_start(); $this->isAdmin=$isAdmin; $this->userGroup=$userGroup; $this->checkSession(); } /* **** @function: checkSession(called by class constructor or by checkLogin) **** calls hasCookie() and checks if the $globalConfig['acceptNoCookies'] is true; **** if no cookie was set and we do not accept that -> makes an error message; else: **** checks if a session is active: if not -> checkPost() (checks if some post was sent); **** if session exists, it checks if some $_POST['action']==logout -> makeLogout(); **** if not -> checkTime(); */ function checkSession(){ if (!$this->hasCookie() && $this->accNoCookies && (@$_POST['action']!="login" || @$_GET)){ $this->errorMsg=$this->errorNoCookies; $this->makeErrorHtml(); } else{ if (!@$_SESSION['userID'] || !@$_SESSION['sessionID']) { $this->checkRemember(); } elseif (@$_SESSION['userID'] && @$_SESSION['sessionID']) { if (@$_POST['action']=="logout") { $this->makeLogout(); } else{ $this->checkTime(); } } } } /* **** @function: hasCookie(called by checkSession()) **** checks if the client's browser has accepted the cookie of the active session; **** if yes, it returns true; **** if not -> it returns false; */ function hasCookie(){ if ( isset($_COOKIE[session_name()])) { return true; } else { return false; } } /* **** @function: makeLogout(called by checkSession()) **** sets MySQL Time Field=0 and SessionID Field=''; **** closes the session and goes to logout page, if some $_POST['action']="logout" was sent; */ function makeLogout(){ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="UPDATE ".$this->tbl." SET "; $SQL.=$this->tblLastLog."= 0, "; $SQL.=$this->tblSessionID."='' "; $SQL.="WHERE ".$this->tblID."='".$_SESSION['userID']."'"; $db->speak($SQL); if ($this->enblRemember && isset($_COOKIE[$this->cookieRemName]) && isset($_COOKIE[$this->cookieRemPass])){ setcookie($this->cookieRemName,$_COOKIE[$this->cookieRemName],time()); setcookie($this->cookieRemPass,$_COOKIE[$this->cookieRemPass],time()); } session_destroy(); header ("Location: ".$this->logoutUrl); } /* **** @function: checkTime(called by checkSession()) **** gets the time of the last page access from the database; **** compares this time with the time now. If the elapsed minutes>inactiveMin (configuration); **** or the session ID has changed (by some second login) -> it creates an error page **** if not -> sets the time now in the MySQL Time Field and goes to checkAdmin(); */ function checkTime(){ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="SELECT UNIX_TIMESTAMP(".$this->tblLastLog.") as lastLog FROM ".$this->tbl; $SQL.=" WHERE ".$this->tblID."=".$_SESSION['userID']." AND ".$this->tblSessionID."='".$_SESSION['sessionID']."'"; $db->speak($SQL); $data=$db->listen(); $nowtime=time(); $inactiveSec=$nowtime-$data['lastLog']; if ($inactiveSec/60>$this->inactiveMin) { $this->errorMsg=$this->errorDelay; $this->makeErrorHtml(); } else { $SQ="UPDATE ".$this->tbl." SET "; $SQ.=$this->tblLastLog."= now() "; $SQ.="WHERE ".$this->tblID."='".$_SESSION['userID']."'"; $db->speak($SQ); $this->checkAdmin(); } } /* **** @function: checkAdmin (called by checkTime()) **** checks if the page is an administrator page. If not -> checkGroup(); **** if yes -> gets the value from the MySQL Admin Field (1=admin,-1=normal user); **** if the value==1 -> showPage() else -> it creates an error page; */ function checkAdmin(){ if ($this->isAdmin!="1") { $this->checkGroup(); } else{ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="SELECT ".$this->tblIsAdmin." as isAdmin FROM ".$this->tbl; $SQL.=" WHERE ".$this->tblID."=".$_SESSION['userID']." AND "; $SQL.=$this->tblSessionID."='".$_SESSION['sessionID']."'"; $db->speak($SQL); $data=$db->listen(); if ($data['isAdmin']==-1){ $this->errorMsg=$this->errorNoAdmin; $this->makeErrorHtml(); } elseif ($data['isAdmin']==1){ $this->showPage(); } } } /* **** @function: checkGroup (called by checkAdmin()) **** checks if the page is belongs only to some user group. If not -> showPage(); **** if yes -> gets the user's group number from the MySQL User Group Field; **** if the group is the same-> showPage() else -> it creates an error page; */ function checkGroup(){ if (!$this->userGroup){ $this->showPage(); } else { $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="SELECT ".$this->tblUserGroup." as userGroup, "; $SQL.=$this->tblIsAdmin." as isAdmin"; $SQL.=" FROM ".$this->tbl; $SQL.=" WHERE ".$this->tblID."=".$_SESSION['userID']." AND "; $SQL.=$this->tblSessionID."='".$_SESSION['sessionID']."'"; $db->speak($SQL); $data=$db->listen(); if ($data['userGroup']!=$this->userGroup && $data['isAdmin']!=1){ $this->errorMsg=$this->errorNoGroup; $this->makeErrorHtml(); } else{ $this->showPage(); } } } /* **** @function: checkRemember (called by checkSession() if no session is active) **** checks if some username + password cookies were set and if we have this function enabled; **** If not -> checkPost() **** if yes -> it updates the MySQL table, registers the Session vars -> checkSession() */ function checkRemember(){ if ($this->enblRemember && isset($_COOKIE[$this->cookieRemName]) && isset($_COOKIE[$this->cookieRemPass])){ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="SELECT ".$this->tblID." as ID, "; $SQL.=$this->tblUserName." as userName, "; $SQL.=$this->tblUserPass." as userPass "; $SQL.="FROM ".$this->tbl; $SQL.=" WHERE ".$this->tblUserName."='".$_COOKIE[$this->cookieRemName]."'"; $db->speak($SQL); $data=$db->listen(); if ($this->isMd5!="1" && $data['userPass']){ $data['userPass']=md5($data['userPass']); } if ($_COOKIE[$this->cookieRemName]==$data['userName'] && $_COOKIE[$this->cookieRemPass]==$data['userPass']){ $SQL="UPDATE ".$this->tbl." SET "; $SQL.=$this->tblLastLog."= now(), "; $SQL.=$this->tblSessionID."='".session_id()."' "; $SQL.="WHERE (".$this->tblID."='".$data['ID']."')"; $db->speak($SQL); $_SESSION['sessionID']=session_id(); $_SESSION['userID']=$data['ID']; setcookie($this->cookieRemName,$_COOKIE[$this->cookieRemName],time()+(60*60*24*$this->cookieExpDays)); setcookie($this->cookieRemPass,$_COOKIE[$this->cookieRemPass],time()+(60*60*24*$this->cookieExpDays)); $this->checkSession(); } } else { $this->checkPost(); } } /* **** @function: checkPost (called by checkRemember()) **** checks if some $_POST was sent. If not -> it creates an error page **** if yes -> checkLogin() */ function checkPost(){ if (!$_POST) { $this->errorMsg=$this->errorNoLogin; $this->makeErrorHtml(); } else { $this->checkLogin(); } } /* **** @function: checkLogin (called by checkPost()) **** checks if some $_POST['userName'] and $_POST['userPass'] and $_POST['action']="login" was sent; **** If not -> it creates an error page; **** if yes -> it compares the $_POST with the username and password on database; **** if all ok -> showPage() else -> it creates an error page; */ function checkLogin(){ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $action=@$_POST['action']; $userName=@$_POST['userName']; if ($this->isMd5=="1"){ $userPass=md5(@$_POST['userPass']); } else { $userPass=@$_POST['userPass']; } $SQL="SELECT ".$this->tblID." as ID, "; $SQL.=$this->tblUserName." as userName, "; $SQL.=$this->tblUserPass." as userPass "; $SQL.="FROM ".$this->tbl; $SQL.=" WHERE ".$this->tblUserName."='".$userName."' "; $SQL.="and ".$this->tblUserPass."='".$userPass."'"; $db->speak($SQL); $data=$db->listen(); if ($action=="login" && ($userName || $userPass)){ if ($userName==$data['userName'] && $userPass==$data['userPass']) { $SQL="UPDATE ".$this->tbl." SET "; $SQL.=$this->tblLastLog."= now(), "; $SQL.=$this->tblSessionID."='".session_id()."' "; $SQL.="WHERE (".$this->tblID."='".$data['ID']."')"; $db->speak($SQL); $_SESSION['sessionID']=session_id(); $_SESSION['userID']=$data['ID']; if ($this->enblRemember && @$_POST['userRemember']=="yes"){ setcookie($this->cookieRemName,@$_POST['userName'],time()+(60*60*24*$this->cookieExpDays)); setcookie($this->cookieRemPass,md5(@$_POST['userPass']),time()+(60*60*24*$this->cookieExpDays)); } $this->checkSession(); } } if ($action=="login"){ if ($userName!=$data['userName'] || $userPass!=$data['userPass'] || $userName=="" || $userPass=="") { $this->errorMsg=$this->errorInvalid; $this->makeErrorHtml(); } } if ($action!="login") { $this->errorMsg=$this->errorInvalid; $this->makeErrorHtml(); } } /* **** @function: makeErrorHtml **** creates the error html page, if something went wrong; **** sets MySQL Time Field=0 and SessionID Field='' and closes the session; */ function makeErrorHtml() { if ($_SESSION){ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="UPDATE ".$this->tbl." SET "; $SQL.=$this->tblLastLog."= 0, "; $SQL.=$this->tblSessionID."='' "; $SQL.="WHERE ".$this->tblID."='".$_SESSION['userID']."'"; $db->speak($SQL); } if ($this->enblRemember && isset($_COOKIE[$this->cookieRemName]) && isset($_COOKIE[$this->cookieRemPass])){ setcookie($this->cookieRemName,$_COOKIE[$this->cookieRemName],time()); setcookie($this->cookieRemPass,$_COOKIE[$this->cookieRemPass],time()); } session_destroy(); $out="<html>\n<head><title>".$this->errorPageTitle."</title>\n"; if ($this->errorCssUrl!=""){ $out.="<link rel=\"stylesheet\" type=\"text/css\" href=\"".$this->errorCssUrl."\">\n"; } if ($this->errorCharset!=""){ $out.="<meta http-equiv=\"content-type\" content=\"text/html;charset=".$this->errorCharset."\">\n"; } $out.="</head>\n<body>\n"; $out.="<h1>".$this->errorPageH1."</h1>\n"; $out.="<p>".$this->errorMsg."</p>\n"; $out.="<p><a href=".$this->loginUrl.">".$this->errorPageLink."</a></p>\n"; $out.="</body>\n</html>"; print $out; } /* **** @function: showPage **** makes the public var $showPage true, if everything was ok; */ function showPage(){ $this->showPage=true; } /* **** @function: getUser **** call it in your protected page, if you would like to display the username; */ function getUser(){ if ($this->showPage){ $db=new mysql_dialog(); $db->connect($this->dbhost, $this->dbuser, $this->dbpass, $this->dbase); $SQL="SELECT ".$this->tblUserName." as userName"; $SQL.=" FROM ".$this->tbl; $SQL.=" WHERE ".$this->tblID."='".$_SESSION['userID']."'"; $db->speak($SQL); $data=$db->listen(); return $data['userName']; } else {return false;} } } ?> Quote Link to comment Share on other sites More sharing options...
dharmeshpat Posted January 6, 2012 Share Posted January 6, 2012 one thing u can do just to hide that warning use @session_start(); Quote Link to comment Share on other sites More sharing options...
scootstah Posted January 6, 2012 Share Posted January 6, 2012 one thing u can do just to hide that warning use @session_start(); No. Errors are still errors when hidden. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 6, 2012 Share Posted January 6, 2012 Please just read the error message, it tells you where the output is occurring at, that you must find the cause of and fix - output started at /home/name/www/www/members/dbmembers.php:5 (line 5) Something on line 5 and probably lines 1-4 of your dbmembers.php files is sending output to the browser. If you cannot determine what that output is and rearrange your logic to prevent any output from occurring before the session start statement, you would need to post your code for the dbmembers.php file. Quote Link to comment Share on other sites More sharing options...
steviemac Posted January 7, 2012 Author Share Posted January 7, 2012 OK Thank you I will work on that and see if I can get it fixed. Quote Link to comment Share on other sites More sharing options...
steviemac Posted January 7, 2012 Author Share Posted January 7, 2012 Thank you an empty space on line 5 and line 4 that I did not see. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.