JoelRocks Posted August 16, 2007 Share Posted August 16, 2007 Hello guys, I am creating a member managment system for a project i am making, have managed to create the registration system and the database with the help of another member, however the login system with its sessions are throwing me, i thought my code was correct but evidently not. <?php $hostname= "localhost"; $user= "remotepa_framewo"; $password = ""; $username = trim($_POST["ipt_Username"]); $user_password = sha1($_POST["ipt_Password"]); if ($_POST["ipt_Username"] == "") { ?> <p> Please enter your user details. </p> <form action="login.php" method="POST" > Username <br /> <input type="text" name="ipt_Username"> <br /> Password <br /> <input type="text" name="ipt_Password"> <br /> <input type="submit" value="Login"> </form> <? } else { $conn = @mysql_connect( $hostname, $user, $password ) or die ("Could not connect to server"); $db = @mysql_select_db("remotepa_framework", $conn) or die ("Could not connect to database"); $sql = "SELECT * FROM users WHERE username=\"$username\" and password = \"$user_password\""; $result = @mysql_query( $sql, $conn) or die ("Could not execute query"); $num = mysql_numrows($result); if ($num != 0) { echo ("User Exists"); session_start(); session_register('username'); session_register('password'); $sess_id = session_id(); header("Location: index.php?PHPSESSID=$sess_id&new_login=1"); } else { echo ("User does not exist"); } } ?> I am not waisting your time with another header error, i am aware that you cannot have any HTML before using the header function, i was wondering if you could check the rest of the code, also even if the page has been re-loaded with no HTML will this still effect the header function? Thanks Joel Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/ Share on other sites More sharing options...
nathanmaxsonadil Posted August 16, 2007 Share Posted August 16, 2007 start the session at the begining of the page Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326080 Share on other sites More sharing options...
MadTechie Posted August 16, 2007 Share Posted August 16, 2007 move echo ("User Exists"); down a few lines. also some sql injection protection wouldn't be a bad idea! Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326221 Share on other sites More sharing options...
JoelRocks Posted August 17, 2007 Author Share Posted August 17, 2007 Still having problems ERROR: Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/remotepa/public_html/Joel/login.php:1) in /home/remotepa/public_html/Joel/login.php on line 40 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/remotepa/public_html/Joel/login.php:1) in /home/remotepa/public_html/Joel/login.php on line 40 Warning: Cannot modify header information - headers already sent by (output started at /home/remotepa/public_html/Joel/login.php:1) in /home/remotepa/public_html/Joel/login.php on line 44 User Exists Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug CODE: <?php $hostname= "localhost"; $user= "remotepa_framewo"; $password = ""; $username = trim($_POST["ipt_Username"]); $user_password = sha1($_POST["ipt_Password"]); if ($_POST["ipt_Username"] == "") { ?> <p> Please enter your user details. </p> <form action="login.php" method="POST" > Username <br /> <input type="text" name="ipt_Username"> <br /> Password <br /> <input type="text" name="ipt_Password"> <br /> <input type="submit" value="Login"> </form> <? } else { $conn = @mysql_connect( $hostname, $user, $password ) or die ("Could not connect to server"); $db = @mysql_select_db("remotepa_framework", $conn) or die ("Could not connect to database"); $sql = "SELECT * FROM users WHERE username=\"$username\" and password = \"$user_password\""; $result = @mysql_query( $sql, $conn) or die ("Could not execute query"); $num = mysql_numrows($result); if ($num != 0) { session_start(); session_register('username'); session_register('password'); $sess_id = session_id(); header("Location: index.php?PHPSESSID=$sess_id&new_login=1"); echo ("User Exists"); } else { echo ("User does not exist"); } } ?> Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326505 Share on other sites More sharing options...
MadTechie Posted August 17, 2007 Share Posted August 17, 2007 remove the whitespace from the top change <?php $hostname= "localhost"; to <?php $hostname= "localhost"; remove the tab and the return Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326568 Share on other sites More sharing options...
beboo002 Posted August 17, 2007 Share Posted August 17, 2007 use ob_start() after session_start(). hope it will be work to print user name. Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326605 Share on other sites More sharing options...
JoelRocks Posted August 17, 2007 Author Share Posted August 17, 2007 Cool this bit works, but i want the session to timeout after been logged in for 30 minutes, where do i go after here? I was following the tutorial on this site but i cannot seem to work out where to go next, anyone got any ideas? Link to comment https://forums.phpfreaks.com/topic/65292-solved-secure-sessions-help/#findComment-326797 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.