SitePoint Sponsor

User Tag List

Results 1 to 9 of 9
  1. #1
    SitePoint Zealot
    Join Date
    Nov 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Login Problems - Headers Already Sent

    I have a little script want to include it on the bottom of my page. Check this at http://www.thebigtymer.com/

    It includes a file that checks login details from a form and sets sessions. However, I get the following error on every page, along with the form if they're not logged in:

    Warning: Cannot send session cookie - headers already sent by (output started at /home/bigtymer/public_html/visuals.php:3) in /home/bigtymer/public_html/siteadmin/login/checklogin.php on line 26

    Warning: Cannot send session cache limiter - headers already sent (output started at /home/bigtymer/public_html/visuals.php:3) in /home/bigtymer/public_html/siteadmin/login/checklogin.php on line 26

    When I log in, I get the following, plus a message that I'm logged in:

    Warning: Cannot send session cookie - headers already sent by (output started at /home/bigtymer/public_html/visuals.php:3) in /home/bigtymer/public_html/siteadmin/login/checklogin.php on line 33

    Warning: Cannot send session cache limiter - headers already sent (output started at /home/bigtymer/public_html/visuals.php:3) in /home/bigtymer/public_html/siteadmin/login/checklogin.php on line 33

    Also, the session variables don't hold when I go to another page (this script is included in a footer on every page).

    I tried the ob_start() and ob_end_flush(), but they don't help. Any suggestions?

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    If the script sets and unsets session variables it needs to be called before any other output of your pages, since they are headers (come before page content).

    Call the checklogin script as the first line of your pages that check if a user is logged in. You can still put your form that displays a login box if not logged in at the footer, but the part that checks and sets session variables needs to be first.

  3. #3
    SitePoint Zealot
    Join Date
    Nov 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, it's more complicated than that, actually:

    -footer.php
    I include a "login.php" that shows the session info if they're logged in.

    -login.php
    I include a "secure.php" that contains some config variables.

    -secure.php
    I include a "checklogin.php" that does the session registering and maintenance.

    -checklogin.php
    This actually sets the sessions.

    So, it's probably not as easy as doing what you said. I dunno.

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    It's as easy as what I said for me :/ I include an authcontrol.php as the first line of my pages. Authcontrol checks if session variables are set, if so, it checks them against the DB to make sure username/pass are valid, and sets a bunch of variables the rest of the pages that call authcontrol.php can use.

    If it's a password restricted area, I output a login form and exit; to kill the protected page that called the authcontrol.php from displaying.

    I could include a login page if not logged in on other sits just by checking if the variables that are set for logged in users are set or not.

  5. #5
    SitePoint Zealot
    Join Date
    Nov 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here's the basic thing. I don't want to password-protect the entire page if someone's not logged in. If they're not logged in, the form is shown in the include area. Otherwise, it says "welcome" with session info included in that include. Something like http://www.965thebuzz.com/, essentially.

    So here's the footer.php:

    PHP Code:
    include("login.php"); 
    Here's what's in login.php:
    PHP Code:
     $cfgProgDir 'siteadmin/login/';
     include(
    $cfgProgDir "secure.php");
    if (isset(
    $login)) {
     echo 
    "Logged IN, $login!";

    And here's secure.php:
    PHP Code:
    <?php
    $passwordEncryptedWithMD5 
    true;   // Set this to true if the passwords are encrypted
    /****** Database ******/
    /* this data is necessary if a database is used */
    $cfgServerHost 'localhost';             // MySQL hostname
    $cfgServerPort '';                      // MySQL port - leave blank for default port
    $cfgServerUser 'xxxxxxx';                  // MySQL user
    $cfgServerPassword 'xxxxxxxx';                  // MySQL password
    $cfgDbDatabase xxxxxxxxx';        // MySQL database name containing phpSecurePages table
    $cfgDbTableUsers = '
    login_info';         // MySQL table name containing phpSecurePages user fields
    $cfgDbLoginfield = '
    user';                // MySQL field name containing login word
    $cfgDbPasswordfield = '
    password';         // MySQL field name containing password
    $cfgDbUserLevelfield = '
    userlevel';       // MySQL field name containing user level
      // Choose a number which represents the category of this users authorization level.
      // Leave empty if authorization levels are not used.
      // See readme.txt for more info.
    $cfgDbUserIDfield = '
    userid';        // MySQL field name containing user identification
      // enter a distinct ID if you want to be able to identify the current user
      // Leave empty if no ID is necessary.
      // See readme.txt for more info.
    /**************************************************************/
    /*             End of phpSecurePages Configuration            */
    /**************************************************************/

    // https support
    if (getenv("HTTPS") == '
    on') {
     $cfgUrl = '
    https://';
    } else {
     
    $cfgUrl 'http://';
    }
    // getting other login variables
    $cfgHtmlDir $cfgProgDir;
    if (
    $message$messageOld $message;
    $message false;
    // Create a constant that can be checked inside the files to be included.
    // This gives an indication if secure.php has been loaded correctly.
    define("LOADED_PROPERLY"true);
    // choose between login or logout
    if ($logout && !($_GET["logout"] || $_POST["logout"])) {
     
    session_start();
      unset(
    $_SESSION['login']);
      unset(
    $_SESSION['password']);
     
    session_destroy();
     
    $sessionPath session_get_cookie_params(); 
     
    setcookie(session_name(), ""0$sessionPath["path"], $sessionPath["domain"]);
     
    } else {
    // loading functions and libraries
    function in_array_php3($needle$haystack) {
     
    // check if the value of $needle exist in array $haystack
     
    if ($needle && $haystack) {
       return(
    in_array($needle$haystack));
      }
     else return(
    false);
    }
    // Check if secure.php has been loaded correctly
    if ( !defined("LOADED_PROPERLY") || $_GET['cfgProgDir'] || $_POST['cfgProgDir']) {
     echo 
    "Parsing of phpSecurePages has been halted!";
     exit();
    }
    // make post variables global
    $entered_login $_POST['entered_login'];
    $entered_password $_POST['entered_password'];
    // check if login is necesary
    if (!$entered_login && !$entered_password) {
     
    // use data from session
      
    session_start();
       
    $login $_SESSION['login'];
       
    $password $_SESSION['password'];
    }
    else {
     
    // use entered data
      
    session_start();
      
    // encrypt entered login & password
      
    $login $entered_login;
      if (
    $passwordEncryptedWithMD5 && function_exists(md5)) {
       
    $password md5($entered_password);
      } else {
       
    $password $entered_password;
      }
       
    $_SESSION['login'] = $login;
       
    $_SESSION['password'] = $password;
    }
    if (!
    $login) {
     
    // no login available
     
    $message "";
     include(
    $cfgProgDir "interface.php");
     exit;
    }
    if (!
    $password) {
     
    // no password available
     
    $message "";
     include(
    $cfgProgDir "interface.php");
     exit;
    }
     
    // contact database
     
    if ( empty($cfgServerPort) ) {
      
    mysql_connect($cfgServerHost$cfgServerUser$cfgServerPassword);
     } else {
      
    mysql_connect($cfgServerHost ":" $cfgServerPort$cfgServerUser$cfgServerPassword);
     }
     
    $userQuery mysql($cfgDbDatabase"SELECT * FROM $cfgDbTableUsers WHERE $cfgDbLoginfield = '$login'");
     
    // check user and password
     
    if (mysql_num_rows($userQuery) != 0) {
      
    // user exist --> continue
      
    $userArray mysql_fetch_array($userQuery);
      
      if (
    $login != $userArray[$cfgDbLoginfield]) {
       
    // Case sensative user not present in database
    //   include($cfgProgDir . "logout.php");
       
    include($cfgProgDir "interface.php");
       exit;
     } }
     else {
      
    // user not present in database
      
    $message "The user does not exist. Please try again.";
      include(
    $cfgProgDir "interface.php");
      exit;
     }
     if (
    stripslashes($userArray["$cfgDbPasswordfield"]) != $password) {
      
    // password is wrong
      
    $message "The password is empty or invalid. Please try again.";
      
    $password "";
      include(
    $cfgProgDir "interface.php");
      exit;
     }
     if ( isset(
    $userArray["$cfgDbUserLevelfield"]) && !empty($cfgDbUserLevelfield) ) {
      
    $userLevel stripslashes($userArray["$cfgDbUserLevelfield"]);
     }
     if ( ( 
    $requiredUserLevel && !empty($requiredUserLevel[0]) ) || $minUserLevel ) {
      
    // check for required user level and minimum user level
      
    if ( !isset($userArray["$cfgDbUserLevelfield"]) ) {
       
    // check if column (as entered in the configuration file) exist in database
       
    include($cfgProgDir "interface.php");
       exit;
      }
      if ( empty(
    $cfgDbUserLevelfield) || ( !in_array_php3($userLevel$requiredUserLevel) && ( !isset($minUserLevel) || empty($minUserLevel) || $userLevel $minUserLevel ) ) ) {
       
    // this user does not have the required user level
       
    $message "You do not have proper authorization for this page. Please try again.";
       include(
    $cfgProgDir "interface.php");
       exit;
     } }
     if ( isset(
    $userArray["$cfgDbUserIDfield"]) && !empty($cfgDbUserIDfield) ) {
      
    $ID stripslashes($userArray["$cfgDbUserIDfield"]);
    }
    if (
    $messageOld$message $messageOld;
    }
    echo 
    $_GET["logout"];
    ?>

  6. #6
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Call login.php at the top of the page, line 1, for any pages that can be logged in to. Use if isset($login) in your pages wherever it's gonna display messages for logged in users or the opposite for login boxes. Won't that work?

  7. #7
    SitePoint Zealot
    Join Date
    Nov 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No. I get those same errors I described up above, and then just the login form. The rest is blank. Not what I want.

  8. #8
    SitePoint Zealot
    Join Date
    Nov 2002
    Posts
    142
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, I got this back on. It was a matter of adding session_start() to the header file, and getting rid of all whitespace.

    However, if I run this file, and it detects that someone hasn't logged in, it prints the login form. Then, it detects the exit; and stops parsing everything right where I include it. If I include it at the top of a script, not a lot gets parsed, obviously.

    How can I set it so that when someone hasn't logged in, it prints the login form and continues parsing the rest of the page, i.e. footers and such? In other words, how to skip exit; in those cases in the "secure.php" script up above?

  9. #9
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,578
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I'm not really sure what interface.php is but otherwise..just don't exit; - delete the line. It's only purpose is to stop the script if they're not logged in which isn't what you want.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •