JoelRocks Posted August 16, 2007 Share Posted August 16, 2007 Hello guys, I am creating a member managment system for a project i am making, have managed to create the registration system and the database with the help of another member, however the login system with its sessions are throwing me, i thought my code was correct but evidently not. <?php $hostname= "localhost"; $user= "remotepa_framewo"; $password = ""; $username = trim($_POST["ipt_Username"]); $user_password = sha1($_POST["ipt_Password"]); if ($_POST["ipt_Username"] == "") { ?> <p> Please enter your user details. </p> <form action="login.php" method="POST" > Username <br /> <input type="text" name="ipt_Username"> <br /> Password <br /> <input type="text" name="ipt_Password"> <br /> <input type="submit" value="Login"> </form> <? } else { $conn = @mysql_connect( $hostname, $user, $password ) or die ("Could not connect to server"); $db = @mysql_select_db("remotepa_framework", $conn) or die ("Could not connect to database"); $sql = "SELECT * FROM users WHERE username=\"$username\" and password = \"$user_password\""; $result = @mysql_query( $sql, $conn) or die ("Could not execute query"); $num = mysql_numrows($result); if ($num != 0) { echo ("User Exists"); session_start(); session_register('username'); session_register('password'); $sess_id = session_id(); header("Location: index.php?PHPSESSID=$sess_id&new_login=1"); } else { echo ("User does not exist"); } } ?> I am not waisting your time with another header error, i am aware that you cannot have any HTML before using the header function, i was wondering if you could check the rest of the code, also even if the page has been re-loaded with no HTML will this still effect the header function? Thanks Joel Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/ Share on other sites More sharing options...
nathanmaxsonadil Posted August 16, 2007 Share Posted August 16, 2007 start the session at the begining of the page Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326080 Share on other sites More sharing options...
MadTechie Posted August 16, 2007 Share Posted August 16, 2007 move echo ("User Exists"); down a few lines. also some sql injection protection wouldn't be a bad idea! Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326221 Share on other sites More sharing options...
JoelRocks Posted August 17, 2007 Author Share Posted August 17, 2007 Still having problems ERROR: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/remotepa/public_html/Joel/login.php:1) in /home/remotepa/public_html/Joel/login.php on line 40 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/remotepa/public_html/Joel/login.php:1) in /home/remotepa/public_html/Joel/login.php on line 40 Warning: Cannot modify header information - headers already sent by (output started at /home/remotepa/public_html/Joel/login.php:1) in /home/remotepa/public_html/Joel/login.php on line 44 User Exists Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug CODE: <?php $hostname= "localhost"; $user= "remotepa_framewo"; $password = ""; $username = trim($_POST["ipt_Username"]); $user_password = sha1($_POST["ipt_Password"]); if ($_POST["ipt_Username"] == "") { ?> <p> Please enter your user details. </p> <form action="login.php" method="POST" > Username <br /> <input type="text" name="ipt_Username"> <br /> Password <br /> <input type="text" name="ipt_Password"> <br /> <input type="submit" value="Login"> </form> <? } else { $conn = @mysql_connect( $hostname, $user, $password ) or die ("Could not connect to server"); $db = @mysql_select_db("remotepa_framework", $conn) or die ("Could not connect to database"); $sql = "SELECT * FROM users WHERE username=\"$username\" and password = \"$user_password\""; $result = @mysql_query( $sql, $conn) or die ("Could not execute query"); $num = mysql_numrows($result); if ($num != 0) { session_start(); session_register('username'); session_register('password'); $sess_id = session_id(); header("Location: index.php?PHPSESSID=$sess_id&new_login=1"); echo ("User Exists"); } else { echo ("User does not exist"); } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326505 Share on other sites More sharing options...
MadTechie Posted August 17, 2007 Share Posted August 17, 2007 remove the whitespace from the top change <?php $hostname= "localhost"; to <?php $hostname= "localhost"; remove the tab and the return Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326568 Share on other sites More sharing options...
beboo002 Posted August 17, 2007 Share Posted August 17, 2007 use ob_start() after session_start(). hope it will be work to print user name. Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326605 Share on other sites More sharing options...
JoelRocks Posted August 17, 2007 Author Share Posted August 17, 2007 Cool this bit works, but i want the session to timeout after been logged in for 30 minutes, where do i go after here? I was following the tutorial on this site but i cannot seem to work out where to go next, anyone got any ideas? Quote Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326797 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.