[PHP] Help with login....

Ok, im trying to make a control panel for administrators, moderators, and users, all having different privaleges, but when i try to start the sessions using <?php session_start();?> (yes its at the very top of the page), i get an error saying "Cannot send sessions cache limiter - headers already sent". I have the form to login and actual php scripting for it on different pages. I thought maybe that was it, but I tryed it together and that didnt seem to do it. I also thought it may of been i was using frames to go from page to page, but i tryed to change that and it didnt work. Any ideas? if you think u can help u can also add me to msn. renegade_angel08@hotmail.com Thank you.

Show us the actual error?
You could be trying to alter the header on a different line.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\AppServ\www\newweb\tools\userlogin.php:1) in C:\AppServ\www\newweb\tools\userlogin.php on line 1

You must start the session or send headers at the very beginning of your php file - before ANY output is sent to the browser. For example, a single white line or space before the <?php tag is enough to cause this error.

Quote:

---

Originally Posted by Meth0d

You must start the session or send headers at the very beginning of your php file - before ANY output is sent to the browser. For example, a single white line or space before the <?php tag is enough to cause this error.

---

Omg, sad -,-' i Had the same Error im such a Dumb boy:P

Oops again error -,-'
I had my login script from another site. :p and made it for mssql. :P

Here the errors.

Code:

---

http://hylper1.no-ip.org/nlgunz/wut/php/checklogin.php

---

Code:

---

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\nlgunz\wut\php\checklogin.php:1) in C:\xampp\htdocs\nlgunz\wut\php\checklogin.php on line 46

Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\nlgunz\wut\php\checklogin.php:1) in C:\xampp\htdocs\nlgunz\wut\php\checklogin.php on line 48

---

Here is my checklogin.php

PHP Code:

---

<style type="text/css">
body{
    background-color: #211F1F;
    color:white;
}
#reftable{
    border:2px solid black;
    background-color: #400000;
}
A:link{
    color: silver;
}
A:hover{
    color:red;
}
A:Visited{
    color:silver;
}
A:active{
    color:red;
}
</style>
<?php

/**
 * @author hylperzone
 * @copyright 2009
 */
 require_once('config.php');
ob_start();

$tbl_name="login"; // Table name
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = antisql($myusername);
$mypassword = antisql($mypassword);
$sql="SELECT * FROM $tbl_name WHERE UserID='$myusername' and password='$mypassword'";
$result=mssql_query($sql);
// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:../index.php?page=Loginsucces");
}
else {
echo "<table align='center' id='reftable'><tr><td><p align='center'>Login:</p</td></tr<tr><td><font color='red'>Verkeerde Gebruikersnaam / Wachtwoord!</font></td></tr><tr><td><p align='center>'><a href='../index.php?page=Login'>Klik hier om opnieuw in te loggen.</a></p></td></tr></table>";
}
ob_end_flush();
?>

---

Method is 1 of the best PHP coders is know so he should know how to fix it:P

http://hylper1.no-ip.org/nlgunz/wut/...php?page=Login //Thats my Login page on my site.

PHP Code:

---

<?php
ob_start();
?>
<style type="text/css">
body{
    background-color: #211F1F;
    color:white;
}
#reftable{
    border:2px solid black;
    background-color: #400000;
}
A:link{
    color: silver;
}
A:hover{
    color:red;
}
A:Visited{
    color:silver;
}
A:active{
    color:red;
}
</style>
<?php
 require_once('config.php');

$tbl_name="login"; // Table name
// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
// To protect MySQL injection (more detail about MySQL injection)
$myusername = antisql($myusername);
$mypassword = antisql($mypassword);
$sql="SELECT * FROM $tbl_name WHERE UserID='$myusername' and password='$mypassword'";
$result=mssql_query($sql);
// Mysql_num_row is counting table row
$count=mssql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
session_register("mypassword");
header("location:../index.php?page=Loginsucces");
}
else {
echo "<table align='center' id='reftable'><tr><td><p align='center'>Login:</p</td></tr<tr><td><font color='red'>Verkeerde Gebruikersnaam / Wachtwoord!</font></td></tr><tr><td><p align='center>'><a href='../index.php?page=Login'>Klik hier om opnieuw in te loggen.</a></p></td></tr></table>";
}
ob_end_flush();
?>

---

woot, lol.
I see i did much e/z things wrong my mistake but hell thanx all. Fine i have a new error -,-'

Code:

---

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\nlgunz\wut\index.php:3) in C:\xampp\htdocs\nlgunz\wut\php\login_success.php on line 2

---

PHP Code:

---

<?
session_start();

if(!session_is_registered(myusername)){
header("location:index.php?page=Login");
}
/**
 * @author hylperzone
 * @copyright 2009
 */
?>
<td rowspan="4" background="images/wut_12.png" width="446" height="354" id="nieuws">
Login Succesvol!
</td>

---

I never worked with session shit. So i dunno how to use i just copied the script from anoter site and edited to my database & site,

i think those are basic problems if there is a simple site for learning sessions in PHP just put the link here:)
Already Thnx.
The only people who helped me where Dutch ^^

http://www.tizag.com/phpT/phpsessions.php for plenty of info regarding working with sessions. Google is your friend!

Also - it would be smart to always kill script execution when you're redirecting users. Otherwise it is possible to exploit it, as it is possible to passively ignore header redirects.

So, instead of

Code:

---

if(!session_is_registered(myusername)){
header("location:index.php?page=Login");
}

---

I'd use

Code:

---

if(!session_is_registered('myusername')){ // you forgot to use 's here btw
header("location:index.php?page=Login");
exit;
}

---

to avoid a security hole. Of course it's not that important at the moment because you aren't processing anything sensitive on the logged in page.

Just a tip ;)

Thanx, Meth0d just a Question, if my site is done can i send you my site and source, would you see if the site is exploitable or not cause i don't want to have my server down by hackers:)
Thanks in advance.

Alright, well, here are my codes

Userlogin.php:

Code:

---

<?php session_start();?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Conquer Online Private Server</title>
<link rel="stylesheet" type="text/css" href="../css/usercpdesign.css" />
<style type="text/css">
.style1 {
        text-align: center;
}
.style3 {
        width: 915px;
}
.style4 {
        width: 843px;
        height: 19px;
        color: #FFFFFF;
        text-align: center;
}
</style>
</head>

<body>

<div class="style4">
        <h2 class="style3">User Login</h2>
</div>
                        <form method="POST" action="../logged_in.php">
                                <p align="center">Username:<br>
                                <input type="text" name="name" size="20"><br>
                                Password:<br>
                                <input type="password" name="pass" size="20"><br>
                                <br>
                                <input type="submit" value="Login" name="B1"><br>
                                <font size="2"><a target="frame" href="../register.htm">Register</a> /
                                </font><font size="2">
                                <a target="frame" href="usercp/retrievepassword.php">Lost Password</a></font></p>
                        </form>

</body>

</html>

---

Then my logged_in.php

Code:

---

<?php
include("tools/config.php");

$name = $_POST[name];
$pass = $_POST[pass];
$_SESSION = $_POST[name];

$con = mysql_connect("$dbhost","$dbuser","$dbpass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("$db", $con);

if(mysql_num_rows(mysql_query("SELECT AccountID AND WebPassword FROM accounts WHERE AccountID = '$name' AND WebPassword='$pass'"))){
echo include("tools.htm");
}
else {
echo "Wrong username or password filled in!";
}
mysql_close($con);
?>

---

I realize i havent done anything with the session, but even when i do i get the same thing, which is this error.

Code:

---

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\AppServ\www\newweb\tools\userlogin.php:1) in C:\AppServ\www\newweb\tools\userlogin.php on line 1

---

Alright, well the problem is solved now. I found out that my edit i was using (Microsoft's SharePoint) was putting invisible spaces in my documents, so i had to create the php script with notepad.

you dont need set a var for a connection, if you have just one connection, like here, php take that like default one.

Code:

---

$con = mysql_connect("$dbhost","$dbuser","$dbpass");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("$db", $con);

if(mysql_num_rows(mysql_query("SELECT AccountID AND WebPassword FROM accounts WHERE AccountID = '$name' AND WebPassword='$pass'"))){
echo include("tools.htm");
}
else {
echo "Wrong username or password filled in!";
}
mysql_close($con);

---

more clean code:

Code:

---

mysql_connect("$dbhost","$dbuser","$dbpass")  or die('Could not connect: ' . mysql_error());
mysql_select_db("$db");
$query="SELECT AccountID AND WebPassword FROM accounts WHERE AccountID = '".$name."' AND WebPassword='".$pass."';
$result=mysql_query($query);
if(mysql_num_rows($result)==1)
{ echo include("tools.htm"); }
else
{ echo "Wrong username or password filled in!"; }

mysql_close();

---

dont forget, crean your $var's for injection.

alright, thanks a lot

Quote:

---

Originally Posted by Phiber

more clean code:

---

More clean code? I agree his indentation isn't great, but yours isn't much better - it's all about code readability, and the original code was more readable imo. Anyway, everyone has his own coding style, so it doesn't really matter.