php login issue

[ianhaney]

Hi

 

I have created a registration php file script and works perfect but can't work out the login script issue I am having

 

Below is the errors I get

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/sites/it-doneright.co.uk/public_html/affiliate-login.php:149) in /home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 152

Warning: Cannot modify header information - headers already sent by (output started at /home/sites/it-doneright.co.uk/public_html/affiliate-login.php:149) in /home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 153

Notice: Undefined index: mail in /home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 155

Notice: Undefined index: pass in /home/sites/it-doneright.co.uk/public_html/affiliate-login.php on line 156

 

Below is the coding I have

<form method="POST" action="affiliate-login.php" class="signup">
<table>
<tr>
<td>
<td colspan="3">
<strong>Affiliate Login</strong>
</td>
</tr>

<tr>
<td width="78">E-Mail</td>
<td width="6">:</td>
<td width="294"><input size="25" name="mail" type="text" placeholder="Your Email Address"></td>
</tr>

<tr>
<td>Password</td><td>:</td>
<td><input name="pass" size="25" type="password" placeholder="Your Password"></td>
</tr>

<tr>
<td></td>
<td></td>
<td><input type="submit" name="Submit" value="Login" id="submit" ></td>
</tr>
</table>

<?
session_start();
if($_SESSION['user']!=''){header("Location:affiliate-profile.php");}
$dbh=new PDO('mysql:dbname=dbname;host=localhost', 'dbusername', 'dbpassword');/*Change The Credentials to connect to database.*/
$email=$_POST['mail'];
$password=$_POST['pass'];
if(isset($_POST) && $email!='' && $password!=''){
 $sql=$dbh->prepare("SELECT id,password,psalt FROM tablename WHERE username=?");
 $sql->execute(array($email));
 while($r=$sql->fetch()){
  $p=$r['password'];
  $p_salt=$r['psalt'];
  $id=$r['id'];
 }
 $site_salt="subinsblogsalt";/*Common Salt used for password storing on site. You can't change it. If you want to change it, change it when you register a user.*/
 $salted_hash = hash('sha256',$password.$site_salt.$p_salt);
 if($p==$salted_hash){
  $_SESSION['user']=$id;
  header("Location:affiliate-profile.php");
 }else{
  echo "<h2>Username/Password is Incorrect.</h2>";
 }
}
?>

</form>

Just can't work the issue out, the page just loads back to the affiliate-login.php page again instead of logging in and going to affiliate-profile.php page

[Barand]

session_start() needs be called before any output is sent to the browser. You are currently sending the form fields first. Move the php code above the form code.

 

You are attempting to use the content of $_POST['mail'] and $_POST['pass'] before you check if any data was POSTed.

 

You only retrieve a single record with the query, so why is there a while() loop?

 

When you use header() to redirect, there should be an exit; command following it to prevent the rest of the script from being executed.

 

Use password_hash() and password_verify()

[cyberRobot]

session_start() needs to be called before anything is outputted to the screen. Note that there is a bunch of HTML being displayed to the screen before you call the function.

[ianhaney]

Thank you appreciate it, is all ok now

 

Just got one more little issue now

 

I have logged in but want to redirect the user to affiliate-profile.php?id=theiridnumber but I can't get the id number from the database to display within the url

[SalientAnimal]

You need to grab the user's id from your session data and add it to your url. It appears as if you are assigning the user to the id variable, instead of assigning the id variable to id.

affiliate-profile.php?id=$id

[ianhaney]

Sorry my fault, I spotted that shortly after and is perfect now