Login script and sessions error

[regoch]

HI! I got 3 indetical pages (only different colors in css) on 3 subdomeins like this:

http://www.galerija-sikirica.kus-sinj.hr (http://galerija-sikirica.kus-sinj.hr/admin)

http://www.galerija-galiotovic.kus-sinj.hr (http://galerija-galiotovic.kus-sinj.hr/admin)

http://www.sinjske-novine.kus-sinj.hr (http://sinjske-novine.kus-sinj.hr/admin)

on

http://www.kus-sinj.hr/

Every page have own admin (for news and galleries) and own mysql database. And I try to every admin have their own users (because there are 3 separate sections of company) but my login script works only on first subdomain, on other two getting that cant star sessins, headers allready send. But when i conect login of all 3 admins to first admin that works fine, but all user are together.

This is my login form:

<?php include ("include/head.php"); ?>
<body>
<div id="main_container">

<div class="header_login">
    <div class="logo"><a href="index.php"><img src="images/logo.gif" alt="" title="" border="0" /></a></div>
    
    </div>

     
         <div class="login_form">
         
         <h3>Admin Panel - Prijava</h3>
<div class="form">   <br />      
<form action="login.php" method="post">
<table cellspacing="2" cellpadding="2" border="0">
<tr>
    <th align="right" style="width:150px">Korisnik: </th>
    <td><input type="text" name="login" id="login" size="44" /></td>
</tr>
<tr>
    <th align="right">Lozinka: </th>
    <td><input type="password" name="password" id="password" size="44" /></td>
</tr>
<tr>
    <th></th>
    <td><input type="submit" name="Submit" id="Submit" value="Pošalji" /></td>
</tr>
</table>                
</form>
</div> 
        </div>  
          

    
    <div class="footer_login">
    
<?php include ("include/footer.php"); ?>
    
    </div>

</div>		
</body>
</html>

 

login.php

 

<?php
//Start session
session_start();

//Podaci za spajanje na bazu podataka
require_once('config.php');

//Funkcija za konvertiranje tekstualnh polja
function clean($str) {
	$str = @trim($str);
	if(get_magic_quotes_gpc()) {
		$str = stripslashes($str);
	}
	return mysql_real_escape_string($str);
}

//Pozivanje funkcije za konvertiranje tekstualnh polja
$login = clean($_POST['login']);
$password = clean($_POST['password']);

//Provjera jesu li ispunjena sva polja
if($login == '') {
	$errmsg_arr[] = 'Niste upisali ime korisnika';
	$errflag = true;
}
if($password == '') {
	$errmsg_arr[] = 'Niste upisali lozinku';
	$errflag = true;
}

//Ako nisu sva polja ispunje vraća na stranicu unosa
if($errflag) {
	$_SESSION['ERRMSG_ARR'] = $errmsg_arr;
	session_write_close();
	header("location: prijava.php");
	exit();
}

//Izvršenje SELECT query
$qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'";
$result=mysql_query($qry);

//Provjera da li je izvršen Query
if($result) {
	if(mysql_num_rows($result) == 1) {
		//Login Successful
		session_regenerate_id();
		$member = mysql_fetch_assoc($result);
		$_SESSION['SESS_MEMBER_ID'] = $member['member_id'];
		$_SESSION['SESS_FIRST_NAME'] = $member['firstname'];
		$_SESSION['SESS_LAST_NAME'] = $member['lastname'];
		session_write_close();
		header("location: index.php");
		exit();
	}else {
		//Login failed
		header("location: prijava-nesupjela.php");
		exit();
	}
}else {
	die("Query nije izvršen");
}
?>

 

config.php

 

<?php		
//Podaci za spajanje na bazu podataka
define('DB_HOST', 'localhost');
    define('DB_USER', 'user');
    define('DB_PASSWORD', 'password');
    define('DB_DATABASE', 'database');

//Array za provjeru jesu li ispunjena sva polja
$errmsg_arr = array();

//Isključivanje provjere jesu li ispunjena sva polja
$errflag = false;

//Spajanje na mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
	die('Greška prilikom spajanja na server: ' . mysql_error());
}

//Odabir baze podataka
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
	die("Greška prilikom spajanja na bazu podataka");
}

 

logout.php

 

<?php
//Start session
session_start();

unset($_SESSION['SESS_MEMBER_ID']);
unset($_SESSION['SESS_FIRST_NAME']);
unset($_SESSION['SESS_LAST_NAME']);
?>
<?php include ("include/head.php"); ?>
<body>
<div id="main_container">

<div class="header_login">
    <div class="logo"><a href="index.php"><img src="images/logo.gif" alt="" title="" border="0" /></a></div>
    
    </div>

     
         <div class="login_form">
         
         <h3>Admin Panel - Odjava</h3>
<p align="center"> </p>
<h4 align="center" class="err">Odjavili ste se.</h4>
<p align="center">Kliknite za ponovnu <a href="prijava.php">prijavu.</a></p>
         </div>  
          

    
    <div class="footer_login">
    
<?php include ("include/footer.php"); ?>
    
    </div>

</div>		
</body>
</html>

 

and here is error code

 

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /home/kussinj/public_html/sinjske-novine/admin/login.php on line 47

Warning: Cannot modify header information - headers already sent by (output started at /home/kussinj/public_html/sinjske-novine/admin/config.php:1) in /home/kussinj/public_html/sinjske-novine/admin/login.php on line 53

[RussellReal]

check for whitespace before your opening <?php tag..

 

That error means that there is output being sent somewhere before you're attempting to modify header information.. E.G. cookies(includes sessions), use the header() function/language construct.. etc...

 

- Russell

 

 

[regoch]

But I copy-paste first subdomain admin to other 2 subdomains admins, and everything works fine only if I connect other 2 subdomein admin to database of first subdomain. If I connect other two admins to their databases getting error.

[RussellReal]

Those errors don't come from nothing man..

 

Check for the whitespace, you might have pasted with 1 space before the <?php

 

also, check that you're not getting errors from connecting to the database, and thats outputting, forcing the headers to be sent first..

 

 

it seems looking at the errors again, that config.php at line 1 (probably your opening <?php tag) is where the output is starting.. which is almost 100% a whitespace problem

 

-Russell

 

[regoch]

ok, I start from zero again, copy whole (http://galerija-sikirica.kus-sinj.hr/admin) working admin to (http://galerija-galiotovic.kus-sinj.hr/admin) and just change in config.php "define('DB_DATABASE', 'database');" line, so now I shure that there is no white space . If i leave connected to first database bout admin login works fine, but when I connect second admin to his database get same error again. I try to name session but no help with that!

[RussellReal]

I don't see how you're getting those errors, with copied files and no whitespace, can you post full code, omit passwords, in

 brackets so that there is syntax highlighting..

[regoch]

I post it in first post, if you think of that?

[RussellReal]

config.php is not full code #1...

 

#2, The errors that you're receiving, are exactly the same?

 

#3, if you're getting these errors,  there is usually a problem, possibly an error, getting output

 

#4 the first error pertains to the login page, and I don't see any output anywhere, which means its prolly in your copies and not what we're seeing here..

 

I suggest you look around for errors in your code, warnings, fatal errors.. whitespace..

 

[regoch]

can I send you config in pt message?

[RussellReal]

Yes you can, please omit passwords, and send them as files to me, so I can do a physical inspection for you

[PFMaBiSmAd]

Reply #2 in the sticky post on HEADER ERRORS - READ HERE BEFORE POSTING THEM will probably help - http://www.phpfreaks.com/forums/index.php?topic=37442.0