I'm Having Problems With Sessions

[lonelym 0]

I haven't really read much about sessions, i usually study PHP by viewing other's codes and learning from it. Here's what keeps on popping out when I open the page.

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\Program Files\xampp\htdocs\maple-radio-live\loggingin.php:7) in C:\Program Files\xampp\htdocs\maple-radio-live\loggingin.php on line 40

and

Warning: Cannot modify header information - headers already sent by (output started at C:\Program Files\xampp\htdocs\maple-radio-live\loggingin.php:7) in C:\Program Files\xampp\htdocs\maple-radio-live\loggingin.php on line 55

Here is the sourcecode for the page:

<?PHP include("config.php"); ?><HTML><HEAD><TITLE>Logging In<TITLE></HEAD><body bgcolor="black" link="#90ee90" alink="#90ee90" vlink="#90ee90"><?PHP// retrieve the submitted values$username1 = $_POST["username"];$password1 = $_POST["password"];$rememberMe = $_POST["rememberMe"];// make sure that rememberMe has a valueif ($rememberMe == "rememberMe"){	$rememberMe = "1";}else{	$rememberMe = "0";}//Starts the fontsprint $fs;//Checks if the username field was written onif ($username1 == ""){die("You did not write anything on the username field.");}if ($password1 == ""){die("You did not write anything on the password field.");}// check it the username exist$query = "Select * from usertable where username='$username1'";$result = mysql_query($query); if ($result != true){ die ("You have written an unregistered username."); }	$row = mysql_fetch_assoc($result);	if ($row["numloginfail"] >= 5){ die("You have logged in for more than 5 incorrect times. Please try again later."); }	if ($row["password"] != $password1){ die("You have written the wrong password."); }			$datetime = date("m d, y");			$query = "UPDATE usertable SET lastlogin = '$datetime' where username='$username1'";  			$result = mysql_query($query); 			$query = "UPDATE usertable Set numloginfail = '0' where username='$username1'";  			$result = mysql_query($query); 			session_start();			session_unset();			// remove the session itself			// put the password in the session			@ session_register("pass");			$HTTP_SESSION_VARS["pass"] = $password1;			// put the username in the session			@ session_register("id");			$HTTP_SESSION_VARS["id"] = $username1;			// send the the cookie if needed			if($rememberMe=="1"){			setcookie("rememberCookieUname",$username1,(time()+604800));			setcookie("rememberCookiePassword",md5($password1),(time()+604800));			}			// go to the secured page.			header("Location: members/index.php");print $fe;?></BODY></HTML>

$fs and $fe means font start and font end. I have written its values in config.php

Thanks for the help.

[TavoxPeru 0]

You can't send any data before the Header function, unless you use output buffering, and in your code you are printing the $f and $fe variables by using the print() function, also if you use sessions you must start it before any other thing, so move your session_start() function to the very top of your page.

Also, after your Header() function remove any whitespace like linebreaks or even spaces, is a good practice to include a call to the exit() function after the header() function.

Why do you print your $f and $fe variables??? you can achieve the same result by simply adding it to your die() function calls, like:

if ($username1 == ""){die($f."You did not write anything on the username field.".$fe);}

or simply don't use them, and, yes, i know if you use it your code will be a bit bigger

Best regards,

[lonelym 0]

Why do you print your $f and $fe variables?

I print them out before and after the PHP script so that I wouldn't have to type them again and again. It works, so I don't really have any troubles with it.

Thanks for replying. I understood how to do it now.