Warnings on script

[stublackett]

Hi,

I've got a login script that tries :

 

session_register('username');

session_register('password');

that is then followed by a

header("location: login_success.php");

 

This is just to confirm the login and start a session, But I get the PHP Warnings :

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /export2/webroot/users/d4066435/obs/ica/checklogin.php:7) in /export2/webroot/users/d4066435/obs/ica/checklogin.php on line 58

 

Warning: Cannot modify header information - headers already sent by (output started at /export2/webroot/users/d4066435/obs/ica/checklogin.php:7) in /export2/webroot/users/d4066435/obs/ica/checklogin.php on line 60

 

Code is as follows :

 

^<?php

^{$host="localhost"; // Host name}

^{$username=""; // Mysql username}

^{$password=""; // Mysql password}

^{$db_name=""; // Database name}

^{$tbl_name=""; // Table name}

 

^{// Connect to server and select databse.}

^{mysql_connect("$host", "$username", "$password")or die("cannot connect");}

^{mysql_select_db("$db_name")or die("cannot select DB");}

 

^{// username and password sent from signup form}

^{$username=$_POST['username'];}

^{$password=$_POST['password'];}

 

^{$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";}

^{$result=mysql_query($sql);}

 

^{// Mysql_num_row is counting table row}

^{$count=mysql_num_rows($result);}

^{// If result matched $myusername and $mypassword, table row must be 1 row}

 

^{if($count==1){}

^{// Register $username, $mypassword and redirect to file "login_success.php"}

^{session_register('username');}

^{session_register('password');}

^{header("location: login_success.php");}

^}

^{else {}

^{echo "Invalid Username or Password";}

^}

^?>

 

Any ideas whats causing this?

[PFMaBiSmAd]

Based on the line numbers mentioned in the error messages, you have a bunch of HTML content before the <?php tag that is being output to the browser and prevents the headers from working.

 

Post your actual code to get the quickest solution to the problem.

[stublackett]

Yeah, Theres HTML sitting in there

 

With the HTML Included the code is as follows :

 

The filename is titled 'checklogin.php'

 

<body>

<div id="site-background">

<div id="left-side"></div>

<div id="site-logo"></div>

<div id="top-menu"></div>

<div id="home-btn"><a href="index.html"><img src="images/home_btn.jpg" alt="Home" width="94" height="59" border="0" /></a></div>

<div id="about-btn"><a href="about.html"><img src="images/about_btn.jpg" alt="About" width="94" height="59" border="0" /></a></div>

<div id="info-btn"><a href="info.html"><img src="images/info_btn.jpg" alt="Info" width="94" height="59" border="0" /></a></div>

<div id="contact-btn"><a href="contact.html"><img src="images/contact_btn.jpg" alt="Contact" width="94" height="59" border="0" /></a></div>

<div id="users-btn"><a href="users.html"><img src="images/users_btn.jpg" alt="Users" width="119" height="60" border="0" /></a></div>

<div id="navigation">

<ul class="style8">

<li><a title="Home" href="index.html">Home</a> </li>

<li><a title="The Dragons" href="thedragons.html">The Dragons</a> </li>

<li><a title="Entrepeneurs" href="entrepeneurs.html">Entrepeneurs</a> </li>

<li><a title="Ideas" href="ideas.html">Ideas</a> </li>

<li><a title="Discuss Ideas" href="ideas.html">Discuss Ideas</a> </li>

<li><a title="Upload Ideas" href="upload.html">Upload Ideas </a></li>

<li><a title="Contact" href="contact.html">Contact The Webmaster </a> </li>

</ul>

</div>

<div class="main-content" id="middle-content"><img src="images/welcome_header.jpg" alt="Welcome" width="504" height="25" /><br />

<?php

$host="localhost"; // Host name

$username=""; // Mysql username

$password=""; // Mysql password

$db_name=""; // Database name

$tbl_name=""; // Table name

 

// Connect to server and select databse.

mysql_connect("$host", "$username", "$password")or die("cannot connect");

mysql_select_db("$db_name")or die("cannot select DB");

 

// username and password sent from signup form

$username=$_POST['username'];

$password=$_POST['password'];

 

$sql="SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";

$result=mysql_query($sql);

 

// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row

 

if($count==1){

// Register $username, $mypassword and redirect to file "login_success.php"

session_register('username');

session_register('password');

header("location: login_success.php");

}

else {

echo "Invalid Username or Password";

}

?>

 

 

</div>

 

<div id="login">

<form method="post" action="checklogin.php">

    <fieldset>

      <div>

      <label for="username">User Name :</label>

      <input type="text" name="username" id="username" class="txt" />

    </div>

    <div>

      <label for="fullname">Password : </label>

      <input type="password" name="password" id="password" class="txt" />

    </div>

      </fieldset>

    <div>

      <input type="submit" name="Submit" id="Submit" value="Login" class="btn" />

    </div>

   

    </fieldset>

  </form>

 

</div>

<div id="search-field">

  <label>

  <input name="textfield" type="text" id="textfield" size="18" />

  </label>

  <span class="style7"><a href="search.html">SEARCH</a></span></div>

<div id="shadow"></div>

<div class="style7" id="footer">| Sitemap | Contact |

  © Stuart Blackett</div>

<div id="logo"><img src="images/site-dragon.gif" alt="The Dragons Den" width="245" height="148" /></div>

</div>

</body>

</html>

[kenrbnsn]

Sessions must be started before any output is sent to the browser. You are using "session_register()" which should not be used anymore. I would move the PHP code to before the HTML code and only execute it if the form was submitted:

<?php
session_start(); //start sessions
$host="localhost"; // Host name
$db_username=""; // Mysql username
$db_password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect($host, $db_username, $db_password)or die("cannot connect");
mysql_select_db($db_name)or die("cannot select DB");

$err_msg = '';
if (isset($_POST['Submit'])) {
// username and password sent from signup form
   $username=stripslashes($_POST['username']);
   $password=stripslashes($_POST['password']);

   $sql="SELECT * FROM $tbl_name WHERE username='" . mysql_real_escape_string($username) . "' and password='" . mysql_real_escape_string($password) . "'";
   $result=mysql_query($sql);

// Mysql_num_row is counting table row
   $count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

   if($count==1){
// Register $username, $mypassword and redirect to file "login_success.php"
       $_SESSION['username'] = $username;
       $_SESSION['password'] = $password;  // really not a good idea to store a plain text password in the session
       header("location: login_success.php");
       exit(); // always use the exit after a header to prevent the rest of the script from executing
   } else {
      $err_msg = "Invalid Username or Password";
   }
}
?>
<html>
<head>
</head>
<body>
<div id="site-background">
<div id="left-side"></div>
<div id="site-logo"></div>
<div id="top-menu"></div>
<div id="home-btn"><a href="index.html"><img src="images/home_btn.jpg" alt="Home" width="94" height="59" border="0" />[/url]</div>
<div id="about-btn"><a href="about.html"><img src="images/about_btn.jpg" alt="About" width="94" height="59" border="0" />[/url]</div>
<div id="info-btn"><a href="info.html"><img src="images/info_btn.jpg" alt="Info" width="94" height="59" border="0" />[/url]</div>
<div id="contact-btn"><a href="contact.html"><img src="images/contact_btn.jpg" alt="Contact" width="94" height="59" border="0" />[/url]</div>
<div id="users-btn"><a href="users.html"><img src="images/users_btn.jpg" alt="Users" width="119" height="60" border="0" />[/url]</div>
<div id="navigation">
<ul class="style8">
<li><a title="Home" href="index.html">Home[/url] </li>
<li><a title="The Dragons" href="thedragons.html">The Dragons[/url] </li>
<li><a title="Entrepeneurs" href="entrepeneurs.html">Entrepeneurs[/url] </li>
<li><a title="Ideas" href="ideas.html">Ideas[/url] </li>
<li><a title="Discuss Ideas" href="ideas.html">Discuss Ideas[/url] </li>
<li><a title="Upload Ideas" href="upload.html">Upload Ideas [/url]</li>
<li><a title="Contact" href="contact.html">Contact The Webmaster [/url] </li>
</ul>
</div>
<div class="main-content" id="middle-content"><img src="images/welcome_header.jpg" alt="Welcome" width="504" height="25" />
<?php if ($err_msg != '') echo $err_msg; ?>
</div>

<div id="login">
<form method="post" action="checklogin.php">
    <fieldset>
      <div>
      <label for="username">User Name :</label>
      <input type="text" name="username" id="username" class="txt" />
    </div>
    <div>
      <label for="fullname">Password : </label>
      <input type="password" name="password" id="password" class="txt" />
    </div>
      </fieldset>
    <div>
      <input type="submit" name="Submit" id="Submit" value="Login" class="btn" />
    </div>
   
    </fieldset>
  </form>

</div>
<div id="search-field">
  <label>
  <input name="textfield" type="text" id="textfield" size="18" />
  </label>
  <span class="style7"><a href="search.html">SEARCH[/url]</span></div>
<div id="shadow"></div>
<div class="style7" id="footer">| Sitemap | Contact |
  © Stuart Blackett</div>
<div id="logo"><img src="images/site-dragon.gif" alt="The Dragons Den" width="245" height="148" /></div>
</div>
</body>
</html>

 

Ken

 

[stublackett]

Many Thanks Ken!

 

Got that in the script, I'm looking to get the principle idea working first, Then will look at encryption once I get those principles working

 

Next problem I get is that when a correct user is coming in, I'm getting an error from the server saying "login.php" cannot be found on server!

Now looking through the full code, I cannot see anywhere that is referring to "login.php"

 

Is that down to the header ("location:login_success.php"); ?

 

Maybe missing something in there??