Honesty Rocks! truth rules.

Writing And Testing My Own Login Script [solved]

HOME      >>       Programming

Eggie

i have this error

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/eggie/public_html/race.php:2) in /home/eggie/public_html/race.php on line 5

in every page i have with session start...what's the problem??

<title>Race</title><?phpinclude("style.css");include("config.php");session_start();if(!session_is_registered(myusername)){echo 'Your Session has Expired!';exit;}//If you click race...if ($_GET['action']=='race'){$asa=$_POST['bike'];if(!isset($asa)){echo 'You didn\'t select any bike!';?><br>click <a href=race.php> HERE</a> to go back<?phpexit;}else{$rand=mt_rand(1,2); if ($_POST['bike']==1) $trub='Derbi Senda 50';if ($_POST['bike']==2) $trub='Honda NS 50 R';if ($_POST['bike']==3) $trub='Suzuki ZR 50';if ($_POST['bike']==4) $trub='Yamaha DT 50 MX';if ($_POST['bike']==5) $trub='Aprilia RS 50';echo'You raced against:';echo $trub;$name=$_SESSION['views'];$res = mysql_query("select * from members where username = '$name'"); $wins1 = mysql_fetch_array($res);$points=$wins1['points'];$wo=$wins1['wins'];$lo=$wins1['lose'];//If random number is equal to 1 than set win +1if($rand==1){?></br><?php$wo++;$points=$points+100;mysql_query("update members set wins=$wo where username = '$name'"); mysql_query("update members set points=$points where username = '$name'"); echo '<br>You won 100 points!'; ?></br><table border="1"><?phpecho'You have total of: ' .$points. ' points!';?></table></br><?php}//else lose +1else {echo'<br><br>You lost!';?><table border="1"><td><?phpecho'You have total of: ' .$points. ' points!';?></td></table><?php$lo++;mysql_query("update members set lose=$lo where username = '$name'"); ?></br><?php}//How many times you won overallecho 'Wins:';echo $wo;?></br><?phpecho'Losses:';echo $lo;//race form?><form name="form3" method="post" action="race.php"> <input type=submit value="Go back"> </form><?phpexit;}}if ($_GET['action']!='race'){?><html><head><script type="text/javascript"> function showpic(o) { o = parseInt(o); switch (o) { case 1: imgName='pictures/senda.jpg';break; case 2: imgName='pictures/ns.jpg';break; case 3: imgName='pictures/zr.jpg';break; case 4: imgName='pictures/dt.jpg';break; case 5: imgName='pictures/rs.jpg';break; } var DivImage = document.getElementById('DivImg'); var DisplayImg = document.getElementById('IdImg'); DisplayImg.src=imgName; DivImage.style.visibility="visible"; }</script></head><body><form name="form2" method="post" action="race.php?action=race"><table border="1"><td>Who do you wanna race?<br><font size="1">Hint:You get 100 points for racing this class</font></td></table> <select size=5 name="bike" onchange="showpic(this.options[this.selectedIndex].value)"> <option value="1">Derbi Senda 50</option> <option value="2">Honda NS 50 R</option> <option value="3">Suzuki ZR 50</option> <option value="4">Yamaha DT 50 R</option> <option value="5">Aprilia RS 50</option> </select><br> <input type=submit value=Race> <div id="DivImg" style="position:relative;top:-90px;left:150px;z-index:20;width:25px;height:25px;visibility:hidden;text-align:center;"><img id="IdImg"></div></td></tr></form></body></html><?php}?><form method=post action='login_success.php'> <input type=submit value='Go to main!'></form>


Miles

I'm not sure, but judging from your code, this could be caused by not having the session_start() function at the top of the code. Put it to the top and post here with any more issues. Or, it could be that config.php has session_start() already in it and you're having it again, which causes warnings. If all else fails, it dosen't seem much more than a warning, so you could possibly have error_reporting(0); in it, which I believe stops warnings from coming up.


Eggie

i put it up and it's ok...
now i have another problem...
this is my logout script...

<?session_start();session_destroy();?>
and this is another part in other script(login_success)...
if(!session_is_registered(myusername)){header("location:main_login.php");}
when i go to my logout script and after that i go to the "login_success.php" script it just prints out just as i didnt go to my logout script.. what could cause the problem?

EDIT:btw this is my "login_check.php" script

<?phpinclude("style.css");include("config.php");// username and password sent from signup form$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"session_register("myusername");session_register("mypassword");header("location:login_success.php");$_SESSION['views'] = $_POST['myusername'];}else {echo "Wrong Username or Password";}?>


Feelay

I think I know whats wrong.

You have registered a session in a way I've never used. But i checked the php manual, and according to that one, you must unregister registered sessions.

You can do that by typing something like this:

session_unregister("myusername");
You must include this code (and unregister mypassword), in the logout script. here is the link for the phpmanual:
session_unregister php manual

Eggie

I think I know whats wrong.
You have registered a session in a way I've never used. But i checked the php manual, and according to that one, you must unregister registered sessions.

You can do that by typing something like this:

session_unregister("myusername");
You must include this code (and unregister mypassword), in the logout script. here is the link for the phpmanual:
session_unregister php manual
how do you register sessions??can u put it here please??

EDIT:and unregister...please copy those codes here...

Feelay

if($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"session_register("myusername");session_register("mypassword");header("location:login_success.php");$_SESSION['views'] = $_POST['myusername'];}
This is your code.. Look at this:

session_register("myusername");session_register("mypassword");
This is were you have registered them. now in the logoutscript, you should unregister them.

Eggie

This is your code.. Look at this:This is were you have registered them. now in the logoutscript, you should unregister them.

this is my logout script
<?session_start();session_unregister("myusername");?>


Feelay

You said this is your logout script:

<?session_start();session_destroy();?>
And I said that you should try to change it to this ;):

<?session_start();session_unregister("mypassword");session_unregister("myusername");session_unset();session_destroy();?>

But eggie. remember. as I told You.. I have NEVER ever used session_regiter and session_unregister, so I dont know if I am using session_unregister the right way..

Maybe it is:



<?session_start();session_unregister($mypassword);session_unregister($myusername);session_unset();session_destroy();?>
I don't know. try both.. but I know that the fault is from there.

Eggie

But eggie. remember. as I told You.. I have NEVER ever used session_regiter and session_unregister

thats why i asked u to copy that code where you register and unregister in ur scripts

Feelay

I don't understand.. ;)did the code I gave you work, or didn't you try?


Eggie

i tried the code but it didnt work...now i would like your code so i can try it


toby

Move html and printing php to the end, and check everything is a valid function.


Feelay

<?phpinclude("style.css");include("config.php");// username and password sent from signup form$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"$_SESSION['login'];header("location:login_success.php");$_SESSION['views'] = $_POST['myusername'];}else {echo "Wrong Username or Password";}?>

Try this. The part I changed was this:

session_register(myusername);session_register(mypassword);

I erased them, and put $_SESSION['login'] Instead.
But now, you will have to change every place where you have:
session_register(myusername);session_register(mypassword);
into
$_SESSION['login'];
even in the login succes and so on. and in your logout.php you will have to change it to:

<?phpsession_start();session_unset();session_destroy();?>

This is the way I do it. It should work.

Edit:

Between.. You should change this in your login_succes.php.

change from:

if(!session_is_registered(myusername)){header("location:main_login.php");}

to:

if(!isset($_SESSION['login'])){header("location:main_login.php");}

If think thats what you wanted or? if the user is not logged in, he will be redirected to main_login.php. if you want the difference, just remove the "!" before "isset". And you will have to write this "if(!isset($_SESSION['login'])){..." instead of "if(!session_is_registered(myusername)){..." in every file that you want to protect.

Eggie

btw...how do you check if the session is registered??that if the session is not registered that it just print out "Session is not registered"


Feelay

very simple :P

<?phpif(isset($_SESSION['login'])){echo "Welcome;) You are logged in";}else{echo "Welcome Guest! You are not logged in";}?>

And you can ofc do it the other way too ;)

<?phpif(!isset($_SESSION['login'])){echo "Welcome Guest! You are not logged in";}else{echo "Welcome;) You are logged in!";}?>

in the last one, if you look carefullt, you will see that I inserted a "!" before i wrote "isset". "!" = not wich means:

If not isset session login, echo welcome guest. you are not loged in, else echo welcome, you are logged in.

in the first one, it would be:

if isset session login, echo welcome. you are logged in, else echo welcome guest. you are not logged in.


Eggie

i dont know why but there is nothing in my $_SESSION['login']

<?phpinclude("style.css");include("config.php");// username and password sent from signup form$myusername=$_POST['myusername'];$mypassword=$_POST['mypassword'];$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"$_SESSION['login'];$_SESSION['views'] = $_POST['myusername'];header("location:login_success.php");}else {echo "Wrong Username or Password";}?>
since this is the code...something's wrong with rows

iGuest

1:You have <title>Race</title> before your PHP session/headers, this means the headers will already be sent and you were too late to start a session. Usually caching a page before it's sent can solve this, or just move the title below the PHP code.2:Including a CSS stylesheet, I don't know what's inside here, but if it's plain text use HTML to include the stylesheet or if it's PHP, give it a PHP extension, else it'll be treated just like plain text.e.g. <link href="path/to/style.css" type="text/css" />3:session_start() must appear before any other PHP operation unless page caching is done, but you should learn to always do it first.4:session_is_registered() takes a string, you are using a constant called myusername which may or may not be what you want, e.g. you might want to do if(!session_is_registered('myusername'))5:failed to check if $_GET['action'] is set before using it, you should do:if(!empty($_GET['action']) && $_GET['action'] == 'race')6:failed to check if $_POST['bike'] exists, undefined variables can cause undesirable results, always insure they are set before using them.if(!empty($_POST['bike'])) { $asa = $_POST['bike'];}else { echo '<p>You did not select a bike!</p><p>Click <a href="race.php">HERE</a> to go back</p>'; exit;}I know there will be more problems, but I don't have time to go through the whole thing at the moment so I'll leave it as this for now.Cheers,MC


yordan

By the way, I changed the topic title, the old one ("Login") was not clear enough. The new title should be more representative of the problem statement and the solutions found. ;)


Feelay

Sorry. My fault. Try this code:

<?phpinclude("style.css");include("config.php");// username and password sent from signup form$myusername=$_POST['myusername'];$myusername=mysql_real_escape_string($myusername);//I added this to make your script a little more safe$mypassword=$_POST['mypassword'];$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";$result=mysql_query($sql);// Mysql_num_row is counting table row$count=mysql_num_rows($result);// If result matched $myusername and $mypassword, table row must be 1 rowif($count==1){// Register $myusername, $mypassword and redirect to file "login_success.php"$_SESSION['login'] =$myusername; //I added "=$myusername, so that the session can recognize you"$_SESSION['views'] = $_POST['myusername'];header("location:login_success.php");}else {echo "Wrong Username or Password";}?>

Try it. It Should Work.

//Feelay

Eggie

hey man...sorry i already solved it and it works fine...:P
sorry for not posting so you can mark it [sOLVED]
if you wanna see the game i'm making go to MY GAME
i will put it on this server when i finish it ;)
thanx for the help feelay



Pages :-

Page 1Page 2