Jump to content

Don't know how to fix these errors


blyz

Recommended Posts

i have just installed a php authentication system on my site but i am getting erros that i don't know how to solve the first one i am getting is on

my main login page  http://software-god.com/main.php

 

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/blyz07/public_html/main.php:5) in /home/blyz07/public_html/include/session.php on line 51

 

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/blyz07/public_html/main.php:5) in /home/blyz07/public_html/include/session.php on line 51

 

 

 

anybody know how to fix this?

 

 

Link to comment
https://forums.phpfreaks.com/topic/60229-dont-know-how-to-fix-these-errors/
Share on other sites

I will provide the code as i don't really know much about php i was just following a guide.

 

this is the code for main.php

<html>

<head>

<title></title>

</head>

<?

/**

* Main.php

*

* This is an example of the main page of a website. Here

* users will be able to login. However, like on most sites

* the login form doesn't just have to be on the main page,

* but re-appear on subsequent pages, depending on whether

* the user has logged in or not.

*

* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)

* Last Updated: August 26, 2004

*/

include("include/session.php");

?>

 

<html>

<title>Jpmaster77's Login Script</title>

<body>

 

<table>

<tr><td>

 

 

<?

/**

* User has already logged in, so display relevant links, including

* a link to the admin center if the user is an administrator.

*/

if($session->logged_in){

  echo "<h1>Logged In</h1>";

  echo "Welcome <b>$session->username</b>, you are logged in. <br><br>"

      ."[<a href=\"userinfo.php?user=$session->username\">My Account</a>]  "

      ."[<a href=\"useredit.php\">Edit Account</a>]  ";

  if($session->isAdmin()){

      echo "[<a href=\"admin/admin.php\">Admin Center</a>]  ";

  }

  echo "[<a href=\"process.php\">Logout</a>]";

}

else{

?>

 

<h1>Login</h1>

<?

/**

* User not logged in, display the login form.

* If user has already tried to login, but errors were

* found, display the total number of errors.

* If errors occurred, they will be displayed.

*/

if($form->num_errors > 0){

  echo "<font size=\"2\" color=\"#ff0000\">".$form->num_errors." error(s) found</font>";

}

?>

<form action="process.php" method="POST">

<table align="left" border="0" cellspacing="0" cellpadding="3">

<tr><td>Username:</td><td><input type="text" name="user" maxlength="30" value="<? echo $form->value("user"); ?>"></td><td><? echo $form->error("user"); ?></td></tr>

<tr><td>Password:</td><td><input type="password" name="pass" maxlength="30" value="<? echo $form->value("pass"); ?>"></td><td><? echo $form->error("pass"); ?></td></tr>

<tr><td colspan="2" align="left"><input type="checkbox" name="remember" <? if($form->value("remember") != ""){ echo "checked"; } ?>>

<font size="2">Remember me next time   

<input type="hidden" name="sublogin" value="1">

<input type="submit" value="Login"></td></tr>

<tr><td colspan="2" align="left"><br><font size="2">[<a href="forgotpass.php">Forgot Password?</a>]</font></td><td align="right"></td></tr>

<tr><td colspan="2" align="left"><br>Not registered? <a href="register.php">Sign-Up!</a></td></tr>

</table>

</form>

 

<?

}

 

/**

* Just a little page footer, tells how many registered members

* there are, how many users currently logged in and viewing site,

* and how many guests viewing site. Active users are displayed,

* with link to their user information.

*/

echo "</td></tr><tr><td align=\"center\"><br><br>";

echo "<b>Member Total:</b> ".$database->getNumMembers()."<br>";

echo "There are $database->num_active_users registered members and ";

echo "$database->num_active_guests guests viewing the site.<br><br>";

 

include("include/view_active.php");

 

?>

 

 

</td></tr>

</table>

 

 

</body>

</html>

 

<body bgcolor="#FFFFFF">

 

</body>

 

 

</html>

 

and this is the code for session.php

 

 

 

 

<html>

<head>

<title></title>

</head>

 

<?

/**

* Session.php

*

* The Session class is meant to simplify the task of keeping

* track of logged in users and also guests.

*

* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)

* Last Updated: August 19, 2004

*/

include("database.php");

include("mailer.php");

include("form.php");

 

class Session

{

  var $username;    //Username given on sign-up

  var $userid;      //Random value generated on current login

  var $userlevel;    //The level to which the user pertains

  var $time;        //Time user was last active (page loaded)

  var $logged_in;    //True if user is logged in, false otherwise

  var $userinfo = array();  //The array holding all user info

  var $url;          //The page url current being viewed

  var $referrer;    //Last recorded site page viewed

  /**

    * Note: referrer should really only be considered the actual

    * page referrer in process.php, any other time it may be

    * inaccurate.

    */

 

  /* Class constructor */

  function Session(){

      $this->time = time();

      $this->startSession();

  }

 

  /**

    * startSession - Performs all the actions necessary to

    * initialize this session object. Tries to determine if the

    * the user has logged in already, and sets the variables

    * accordingly. Also takes advantage of this page load to

    * update the active visitors tables.

    */

  function startSession(){

      global $database;  //The database connection

session_start();  //Tell PHP to start the session

    /* Determine if user is logged in */

      $this->logged_in = $this->checkLogin();

 

      /**

      * Set guest value to users not logged in, and update

      * active guests table accordingly.

      */

      if(!$this->logged_in){

        $this->username = $_SESSION['username'] = GUEST_NAME;

        $this->userlevel = GUEST_LEVEL;

        $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);

      }

      /* Update users last active timestamp */

      else{

        $database->addActiveUser($this->username, $this->time);

      }

     

      /* Remove inactive visitors from database */

      $database->removeInactiveUsers();

      $database->removeInactiveGuests();

     

      /* Set referrer page */

      if(isset($_SESSION['url'])){

        $this->referrer = $_SESSION['url'];

      }else{

        $this->referrer = "/";

      }

 

      /* Set current url */

      $this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];

  }

 

  /**

    * checkLogin - Checks if the user has already previously

    * logged in, and a session with the user has already been

    * established. Also checks to see if user has been remembered.

    * If so, the database is queried to make sure of the user's

    * authenticity. Returns true if the user has logged in.

    */

  function checkLogin(){

      global $database;  //The database connection

      /* Check if user has been remembered */

      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){

        $this->username = $_SESSION['username'] = $_COOKIE['cookname'];

        $this->userid  = $_SESSION['userid']  = $_COOKIE['cookid'];

      }

 

      /* Username and userid have been set and not guest */

      if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&

        $_SESSION['username'] != GUEST_NAME){

        /* Confirm that username and userid are valid */

        if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){

            /* Variables are incorrect, user not logged in */

            unset($_SESSION['username']);

            unset($_SESSION['userid']);

            return false;

        }

 

        /* User is logged in, set class variables */

        $this->userinfo  = $database->getUserInfo($_SESSION['username']);

        $this->username  = $this->userinfo['username'];

        $this->userid    = $this->userinfo['userid'];

        $this->userlevel = $this->userinfo['userlevel'];

        return true;

      }

      /* User not logged in */

      else{

        return false;

      }

  }

 

  /**

    * login - The user has submitted his username and password

    * through the login form, this function checks the authenticity

    * of that information in the database and creates the session.

    * Effectively logging in the user if all goes well.

    */

  function login($subuser, $subpass, $subremember){

      global $database, $form;  //The database and form object

 

      /* Username error checking */

      $field = "user";  //Use field name for username

      if(!$subuser || strlen($subuser = trim($subuser)) == 0){

        $form->setError($field, "* Username not entered");

      }

      else{

        /* Check if username is not alphanumeric */

        if(!eregi("^([0-9a-z])*$", $subuser)){

            $form->setError($field, "* Username not alphanumeric");

        }

      }

 

      /* Password error checking */

      $field = "pass";  //Use field name for password

      if(!$subpass){

        $form->setError($field, "* Password not entered");

      }

     

      /* Return if form errors exist */

      if($form->num_errors > 0){

        return false;

      }

 

      /* Checks that username is in database and password is correct */

      $subuser = stripslashes($subuser);

      $result = $database->confirmUserPass($subuser, md5($subpass));

 

      /* Check error codes */

      if($result == 1){

        $field = "user";

        $form->setError($field, "* Username not found");

      }

      else if($result == 2){

        $field = "pass";

        $form->setError($field, "* Invalid password");

      }

     

      /* Return if form errors exist */

      if($form->num_errors > 0){

        return false;

      }

 

      /* Username and password correct, register session variables */

      $this->userinfo  = $database->getUserInfo($subuser);

      $this->username  = $_SESSION['username'] = $this->userinfo['username'];

      $this->userid    = $_SESSION['userid']  = $this->generateRandID();

      $this->userlevel = $this->userinfo['userlevel'];

     

      /* Insert userid into database and update active users table */

      $database->updateUserField($this->username, "userid", $this->userid);

      $database->addActiveUser($this->username, $this->time);

      $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);

 

      /**

      * This is the cool part: the user has requested that we remember that

      * he's logged in, so we set two cookies. One to hold his username,

      * and one to hold his random value userid. It expires by the time

      * specified in constants.php. Now, next time he comes to our site, we will

      * log him in automatically, but only if he didn't log out before he left.

      */

      if($subremember){

        setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);

        setcookie("cookid",  $this->userid,  time()+COOKIE_EXPIRE, COOKIE_PATH);

      }

 

      /* Login completed successfully */

      return true;

  }

 

  /**

    * logout - Gets called when the user wants to be logged out of the

    * website. It deletes any cookies that were stored on the users

    * computer as a result of him wanting to be remembered, and also

    * unsets session variables and demotes his user level to guest.

    */

  function logout(){

      global $database;  //The database connection

      /**

      * Delete cookies - the time must be in the past,

      * so just negate what you added when creating the

      * cookie.

      */

      if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){

        setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);

        setcookie("cookid",  "", time()-COOKIE_EXPIRE, COOKIE_PATH);

      }

 

      /* Unset PHP session variables */

      unset($_SESSION['username']);

      unset($_SESSION['userid']);

 

      /* Reflect fact that user has logged out */

      $this->logged_in = false;

     

      /**

      * Remove from active users table and add to

      * active guests tables.

      */

      $database->removeActiveUser($this->username);

      $database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);

     

      /* Set user level to guest */

      $this->username  = GUEST_NAME;

      $this->userlevel = GUEST_LEVEL;

  }

 

  /**

    * register - Gets called when the user has just submitted the

    * registration form. Determines if there were any errors with

    * the entry fields, if so, it records the errors and returns

    * 1. If no errors were found, it registers the new user and

    * returns 0. Returns 2 if registration failed.

    */

  function register($subuser, $subpass, $subemail){

      global $database, $form, $mailer;  //The database, form and mailer object

     

      /* Username error checking */

      $field = "user";  //Use field name for username

      if(!$subuser || strlen($subuser = trim($subuser)) == 0){

        $form->setError($field, "* Username not entered");

      }

      else{

        /* Spruce up username, check length */

        $subuser = stripslashes($subuser);

        if(strlen($subuser) < 5){

            $form->setError($field, "* Username below 5 characters");

        }

        else if(strlen($subuser) > 30){

            $form->setError($field, "* Username above 30 characters");

        }

        /* Check if username is not alphanumeric */

        else if(!eregi("^([0-9a-z])+$", $subuser)){

            $form->setError($field, "* Username not alphanumeric");

        }

        /* Check if username is reserved */

        else if(strcasecmp($subuser, GUEST_NAME) == 0){

            $form->setError($field, "* Username reserved word");

        }

        /* Check if username is already in use */

        else if($database->usernameTaken($subuser)){

            $form->setError($field, "* Username already in use");

        }

        /* Check if username is banned */

        else if($database->usernameBanned($subuser)){

            $form->setError($field, "* Username banned");

        }

      }

 

      /* Password error checking */

      $field = "pass";  //Use field name for password

      if(!$subpass){

        $form->setError($field, "* Password not entered");

      }

      else{

        /* Spruce up password and check length*/

        $subpass = stripslashes($subpass);

        if(strlen($subpass) < 4){

            $form->setError($field, "* Password too short");

        }

        /* Check if password is not alphanumeric */

        else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){

            $form->setError($field, "* Password not alphanumeric");

        }

        /**

          * Note: I trimmed the password only after I checked the length

          * because if you fill the password field up with spaces

          * it looks like a lot more characters than 4, so it looks

          * kind of stupid to report "password too short".

          */

      }

     

      /* Email error checking */

      $field = "email";  //Use field name for email

      if(!$subemail || strlen($subemail = trim($subemail)) == 0){

        $form->setError($field, "* Email not entered");

      }

      else{

        /* Check if valid email address */

        $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"

                ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"

                ."\.([a-z]{2,}){1}$";

        if(!eregi($regex,$subemail)){

            $form->setError($field, "* Email invalid");

        }

        $subemail = stripslashes($subemail);

      }

 

      /* Errors exist, have user correct them */

      if($form->num_errors > 0){

        return 1;  //Errors with form

      }

      /* No errors, add the new account to the */

      else{

        if($database->addNewUser($subuser, md5($subpass), $subemail)){

            if(EMAIL_WELCOME){

              $mailer->sendWelcome($subuser,$subemail,$subpass);

            }

            return 0;  //New user added succesfully

        }else{

            return 2;  //Registration attempt failed

        }

      }

  }

 

  /**

    * editAccount - Attempts to edit the user's account information

    * including the password, which it first makes sure is correct

    * if entered, if so and the new password is in the right

    * format, the change is made. All other fields are changed

    * automatically.

    */

  function editAccount($subcurpass, $subnewpass, $subemail){

      global $database, $form;  //The database and form object

      /* New password entered */

      if($subnewpass){

        /* Current Password error checking */

        $field = "curpass";  //Use field name for current password

        if(!$subcurpass){

            $form->setError($field, "* Current Password not entered");

        }

        else{

            /* Check if password too short or is not alphanumeric */

            $subcurpass = stripslashes($subcurpass);

            if(strlen($subcurpass) < 4 ||

              !eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){

              $form->setError($field, "* Current Password incorrect");

            }

            /* Password entered is incorrect */

            if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){

              $form->setError($field, "* Current Password incorrect");

            }

        }

       

        /* New Password error checking */

        $field = "newpass";  //Use field name for new password

        /* Spruce up password and check length*/

        $subpass = stripslashes($subnewpass);

        if(strlen($subnewpass) < 4){

            $form->setError($field, "* New Password too short");

        }

        /* Check if password is not alphanumeric */

        else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){

            $form->setError($field, "* New Password not alphanumeric");

        }

      }

      /* Change password attempted */

      else if($subcurpass){

        /* New Password error reporting */

        $field = "newpass";  //Use field name for new password

        $form->setError($field, "* New Password not entered");

      }

     

      /* Email error checking */

      $field = "email";  //Use field name for email

      if($subemail && strlen($subemail = trim($subemail)) > 0){

        /* Check if valid email address */

        $regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"

                ."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"

                ."\.([a-z]{2,}){1}$";

        if(!eregi($regex,$subemail)){

            $form->setError($field, "* Email invalid");

        }

        $subemail = stripslashes($subemail);

      }

     

      /* Errors exist, have user correct them */

      if($form->num_errors > 0){

        return false;  //Errors with form

      }

     

      /* Update password since there were no errors */

      if($subcurpass && $subnewpass){

        $database->updateUserField($this->username,"password",md5($subnewpass));

      }

     

      /* Change Email */

      if($subemail){

        $database->updateUserField($this->username,"email",$subemail);

      }

     

      /* Success! */

      return true;

  }

 

  /**

    * isAdmin - Returns true if currently logged in user is

    * an administrator, false otherwise.

    */

  function isAdmin(){

      return ($this->userlevel == ADMIN_LEVEL ||

              $this->username  == ADMIN_NAME);

  }

 

  /**

    * generateRandID - Generates a string made up of randomized

    * letters (lower and upper case) and digits and returns

    * the md5 hash of it to be used as a userid.

    */

  function generateRandID(){

      return md5($this->generateRandStr(16));

  }

 

  /**

    * generateRandStr - Generates a string made up of randomized

    * letters (lower and upper case) and digits, the length

    * is a specified parameter.

    */

  function generateRandStr($length){

      $randstr = "";

      for($i=0; $i<$length; $i++){

        $randnum = mt_rand(0,61);

        if($randnum < 10){

            $randstr .= chr($randnum+48);

        }else if($randnum < 36){

            $randstr .= chr($randnum+55);

        }else{

            $randstr .= chr($randnum+61);

        }

      }

      return $randstr;

  }

};

 

 

/**

* Initialize session object - This must be initialized before

* the form object because the form uses session variables,

* which cannot be accessed unless the session has started.

*/

$session = new Session;

 

/* Initialize form object */

$form = new Form;

 

?>

 

 

 

 

 

 

 

 

 

 

 

 

 

 

<body bgcolor="#FFFFFF">

 

</body>

 

 

</html>

 

 

thankyou.

 

 

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.