Jump to content
xisto Community
Dynasty

Login Script Help

Recommended Posts

My friend helped me create a login script. But there is a error that shows up on the page. I am able to connect to the database and login in and everything but theres an error on the page.

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/dynasty/public_html/New Folder/db_connect.php:9) in /home/dynasty/public_html/New Folder/check_login.php on line 13

Can someone tell me whats wrong. Im new to php and mysql. So please be gentle :unsure:

Share this post


Link to post
Share on other sites

I'm not sure that I can do much without knowing what is in

/home/dynasty/public_html/New Folder/db_connect.php:9) and/home/dynasty/public_html/New Folder/check_login.php on line 13


Share this post


Link to post
Share on other sites
session_start();
That is line 13.

<?php/* check login script, included in db_connect.php. */session_start();if (!isset($_SESSION['username']) || !isset($_SESSION['password'])) {	$logged_in = 0;	return;} else {	// remember, $_SESSION['password'] will be encrypted.	if(!get_magic_quotes_gpc()) {  $_SESSION['username'] = addslashes($_SESSION['username']);	}	// addslashes to session username before using in a query.	$pass = $db_object->query("SELECT password FROM users WHERE username = '".$_SESSION['username']."'");	if(DB::isError($pass) || $pass->numRows() != 1) {  $logged_in = 0;  unset($_SESSION['username']);  unset($_SESSION['password']);  // kill incorrect session variables.	}	$db_pass = $pass->fetchRow();	// now we have encrypted pass from DB in 	//$db_pass['password'], stripslashes() just incase:	$db_pass['password'] = stripslashes($db_pass['password']);	$_SESSION['password'] = stripslashes($_SESSION['password']);	//compare:	if($_SESSION['password'] == $db_pass['password']) {   // valid password for username  $logged_in = 1; // they have correct info    	// in session variables.	} else {  $logged_in = 0;  unset($_SESSION['username']);  unset($_SESSION['password']);  // kill incorrect session variables.	}}// clean upunset($db_pass['password']);$_SESSION['username'] = stripslashes($_SESSION['username']);?>
That is the whole script if you need it.

Share this post


Link to post
Share on other sites

I had a similar problem, and I read somewhere that the PHP.ini file should be edited, so:I changed this line:session.auto_start= 0 ; initialize session on request startupTo this:session.auto_start= 1 ; initialize session on request startupIf anyone has a better solution for this, I would really like to hear it please, because you can't edit the PHP.ini file on a remote server, only locally.I have no idea what it does, but I will look it up on http://php.net/ later...

Share this post


Link to post
Share on other sites

I am guessing you have some white-space (or anything) that is being output to the browser (meaning it is not inside of any PHP tags) in your /home/dynasty/public_html/New Folder/db_connect.php file at line 9.In order to use sessions, you must start your session before outputting *anything* to the browser.. Even white-space will cause this error for you, if the white-space is output before the call to session_start()..

Share this post


Link to post
Share on other sites

Sorry, but you are wrong! The session_start() line has to be started BEFORE ANY DATA IS OUTPUTTED to the browser! So, you can have white spaces, comments or php code before the session_start() function, but you cannot have a, let's say, <body> tag before it, or use the echo() command before the session is started!

This code:

<?php$thisvariable="nothing";session_start();echo("<meta http-equiv=\"Cache-Control\" content=\"private\">");?>

..is valid!

But, this code:
<?php$thisvariable="nothing";echo("<meta http-equiv=\"Cache-Control\" content=\"private\">");session_start();?>

... is invalid! The echo() command outputs data to the browser before the session is started!

Share this post


Link to post
Share on other sites

Sorry, but you are wrong! The session_start() line has to be started BEFORE ANY DATA IS OUTPUTTED to the browser! So, you can have white spaces, comments or php code before the session_start() function, but you cannot have a, let's say, <body> tag before it, or use the echo() command before the session is started!

157694[/snapback]


I am not wrong, nor is the PHP online documentation.. You can go and argue this fact with the PHP developers if you want to..

 

Read:

session_start

 

Quoting the page:

Note: If you are using cookie-based sessions, you must call session_start() before anything is outputted to the browser.

 


In most cases PHP will use cookie-based sessions (to store session id) unless the users browser doesn't accept cookies, then it will use the querystring method..

 

 

You see, when outputting *anything* to the browser (including white-space) the PHP processor first must prepare and send the MIME Type Headers for the requested page. If *any* output is sent to the client *before* session_start() then PHP has to send the Headers first. If the headers are sent before calling session_start() then PHP will not be able to append the SessionID to the page headers, and thus you will receive an error..

 

I didn't make this up, it IS the way PHP works!

Share this post


Link to post
Share on other sites

You didn't quite understand that PHP documentation page...

I think I see what is the problem here... When OUTPUTTING something to the browser, that means that data is SENT to the user's browser! Registering a variable, or using a function that isn't die(), echo(), print() etc. is not outputting!

echo("Hello world!"); <---- This is outputting data to the browser
$hello="Hello world"; <---- This is NOT outputting data to the browser (the user's browser is not aware of the existence of this variable)

The PHP manual page that you included in your post has lots of comments on the bottom, and here's a piece of code from one of them:

<?$id = 473483478383834;session_id($id);session_start();?>

He/she registered a variable and used a function before the session_start() command! This is perfectly valid!

Did you actually try to run the example scripts that I wrote in the previous post? Try it! (But close the browser after testing each script, because session_destroy() isn't called in them)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.