Sessions and header problem

NT_cookies · November 30, 2010, 6:10pm

I’m new to php and have been trying to teach myself for the last few months. I had a site completely finished through a test url and everything including php pages that talked to my mysql database worked perfectly. Yesterday I put the site on it’s intended url and now my back end admin pages are not working. I imported the original database and changed all the needed names for my connection page. What appears to be the problem is that session_start is conflicting with header commands. These are the errors that I get.

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/64/7074664/html/pages/logver.php:1) in /home/content/64/7074664/html/pages/logver.php on line 28

Warning: Cannot modify header information - headers already sent by (output started at /home/content/64/7074664/html/pages/logver.php:1) in /home/content/64/7074664/html/pages/logver.php on line 30

and this is my code for logver.php:

&lt;?php
	include "connect.php";
	echo "&lt;div class='thanks'&gt;";
	$user = $_POST['myusername'];
	$pass = $_POST['mypassword'];
	
	if($user&&$pass)
	{
	mysql_connect($hostname, $username,$password )or die("can't connect");
	mysql_select_db($dbname) or die("Couldn't find DB");
	
	$sql = "SELECT * FROM users WHERE `username`='".$user."'";
	$result = mysql_query($sql);
	$numrows = mysql_num_rows($result);
	
	if ($numrows!=0){
		while($row = mysql_fetch_assoc($result))
		{
			$dbuser = $row['username'];
			$dbpass = $row['password'];
			}
			if($user==$dbuser&&$pass==$dbpass){
				session_start();
				session_register('varUser');
				header ("Location: admin_page.php");
				}else{
					include "login.php";
					echo "That password is incorrect";
					}
		}else{
			include "login.php";
		die ("That user doesn't exist");
		}
	}
	else{
		include "login.php";
		die ("Please enter username and password");
	}
	echo "&lt;/div&gt;";
?&gt;

I do have a small css style that proceeds this, but when I tried to take it out it actually led to more confusion (which I may have to fix on another page later), so it’s left in for now.

As I understand my session_start may need to be at the top of the page? I’ve tried this but it hasn’t helped me any. Besides I don’t see how I can start the session before I’ve entered the username and password?

Why might this work perfectly on my test site and not on the actual site?

Any help here would be much appreciated.
Thanks

SpacePhoenix · November 30, 2010, 6:26pm

What version of php are you using? session_register() was depreciated as of version 5.3.x

session_start needs to be in the first line after the <?php as it stands the line

echo "<div class='thanks'>";

is output which is causing the headers to be sent

NT_cookies · November 30, 2010, 7:06pm

That’s a good question. I have session_register in logver.php and

if(session_is_registered('varUser'))

in admin_page.php. So those would definitely be causing problems.

So first off, should I start_session() before I even include connect.php?

How do I update session_register(‘varUser’) ? I’ve seen some talk about using $_SESSION but how do I apply that to my code?

And last should my code on admin_page.php:

if(session_is_registered('varUser'))

be changed to this

if(isset($_SESSION['varUser']))

thanks for your help. I’m starting to understand some basic things about php, but I’m still very much perplexed by it.

NT_cookies · November 30, 2010, 8:05pm

Sorry I didn’t answer your question. Truth is, I don’t know exactly which version of php I’m working with. The database I’m working with is 5.0 but I don’t think that helps. I would assume that my original files were an older version, and this newer one is the up to date version, how would I designate though?

AnthonySterling · November 30, 2010, 8:32pm

You maybe able to glean something form this quick example.


<?php
if('POST' === $_SERVER['REQUEST_METHOD']){
  #connect to server
  $con = mysql_connect('host', 'user', 'pass');
  #select database
  mysql_select_db('schema', $con);
  #if the user supplied a username and password
  if(!empty($_POST['username']) && !empty($_POST['password'])){
    #find matching user
    $res = mysql_query(sprintf(
      "SELECT * FROM user WHERE username = '%s' AND password ='%s' LIMIT 1",
      mysql_real_escape_string($_POST['username']),
      mysql_real_escape_string($_POST['password'])
    ));
    #if we found a user
    if(1 === mysql_num_rows($res)){
      session_start();
      #save the user info in the session
      $_SESSION['user'] = mysql_fetch_assoc($res);
      #send to admin section
      header('Location: admin_page.php');
      exit;
    }
  }
}
#send back to login form
header('Location: login.php');
exit;

I tried to comment where appropriate.

NT_cookies · December 1, 2010, 12:44am

Awesome!

It works perfectly! Thanks for all of your help.

leelong · December 1, 2010, 8:08pm

if u have written thousands lines of code and came out with header already sent problem, reading through and debugging isn’t quite an option, u can try a quick fix with output buffering, ob_start() at the beginning of ur script.

Blue1 · December 1, 2010, 8:27pm

If you wrote thousands of lines of code which you have troubles debugging and you have such a bug, I’d say that having the “headers already sent” message the least of your problems.