PHP & MYSQL chapter 9 LOGOUT

Hi everyone !!

I am following Kevin Yank’s book PHP to MYSQL novice to ninja and I am currently at chapter 9. This chapter is introducing to sessions and we are establishing access control to our management system with login forms and passwords. My problems comes when l try to logout. I get this error and a blank page:

[CODE]Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/includes/magicquotes.inc.php:22) in /Applications/MAMP/htdocs/includes/access.inc.php on line 9

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /Applications/MAMP/htdocs/includes/magicquotes.inc.php:22) in /Applications/MAMP/htdocs/includes/access.inc.php on line 54

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/includes/magicquotes.inc.php:22) in /Applications/MAMP/htdocs/includes/access.inc.php on line 54

Warning: Cannot modify header information - headers already sent by (output started at /Applications/MAMP/htdocs/includes/magicquotes.inc.php:22) in /Applications/MAMP/htdocs/includes/access.inc.php on line 58 [/CODE]

I know that it may due of trying to modify header as information already being sent, but I cannot find how to solve this. Here is the code:

access.inc.php

[CODE]<?php
error_reporting(-1);
ini_set(‘display_errors’, ‘On’);

function userIsLoggedIn()
{
//if login form submitted

if (isset($_POST[‘action’]) and $_POST[‘action’] == ‘login’)
{

 //if no text in the form
 if (!isset($_POST['email']) or $_POST['email'] == '' or
 !isset($_POST['password']) or $_POST['password'] == '')
	 {
	 $GLOBALS['loginError'] = 'Please fill in both fields';
	 return FALSE;
	 }
 
 
 //scrambles the password

$password = md5($_POST[‘password’] . ‘ijdb’);

 //if already logged in
 if (databaseContainsAuthor($_POST['email'], $password))

{
session_start();
$_SESSION[‘loggedIn’] = TRUE;
$_SESSION[‘email’] = $_POST[‘email’];
$_SESSION[‘password’] = $password;
return TRUE;
}

 else

{
session_start();
unset($_SESSION[‘loggedIn’]);
unset($_SESSION[‘email’]);
unset($_SESSION[‘password’]);
$GLOBALS[‘loginError’] =
‘The specified email address or password was incorrect.’;
return FALSE;
}
}

// if logout form submitted
if (isset($_POST['action']) and $_POST['action'] == 'logout')

{

session_start();
unset($_SESSION[‘loggedIn’]);
unset($_SESSION[‘email’]);
unset($_SESSION[‘password’]);
header(‘Location:’ . $_POST[‘goto’]);
exit();
}

// sends info to database contains author's function

session_start();
if (isset($_SESSION['loggedIn']))
 {
 return databaseContainsAuthor($_SESSION['email'],
 $_SESSION['password']);
 }

}

function databaseContainsAuthor($email, $password)
{
include ‘db.inc.php’;
try
{
$sql = ‘SELECT COUNT(*) FROM author
WHERE email = :email AND password = :password’;
$s = $pdo->prepare($sql);
$s->bindValue(‘:email’, $email);
$s->bindValue(‘:password’, $password);
$s->execute();
}
catch (PDOException $e)
{
$error = ‘Error searching for author.’;
include ‘error.html.php’;
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;

}
}

function userHasRole($role)
{
include ‘db.inc.php’;

try

{
$sql = “SELECT COUNT(*) FROM author
INNER JOIN authorrole ON author.id = authorid
INNER JOIN role ON roleid = role.id
WHERE email = :email AND role.id = :roleId”;
$s = $pdo->prepare($sql);
$s->bindValue(‘:email’, $_SESSION[‘email’]);
$s->bindValue(‘:roleId’, $role);
$s->execute();
}
catch (PDOException $e)
{

 $error = 'Error searching for author roles.';

include ‘error.html.php’;
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}

?>[/CODE]

logout.inc.html.php which is included at the end of each page

[CODE]

[/CODE]

the accessdenied.html.php page

[CODE]<?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php'; ?>

Access Denied

Access Denied

<?php htmlout($error); ?>

 <a href='/admin/'>Return to JMS Home</a>
[/CODE]

I also get this peace of error on top of each page once I am logged in… I do not understant what this session_start() at line 64 is for.

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/includes/magicquotes.inc.php:22) in /Applications/MAMP/htdocs/includes/access.inc.php on line 64

.
.
.
Thank you very much for helping me !!!

access.inc.php appears to be all functions, but I don’t see anywhere where you are calling any of those functions.
Where are they called?

I’m curious as to what magicquotes.inc.php line 22 is since it looks like that is where the output sending headers is coming from.

I’m also wondering why there would be code for magicquotes. AFAIK, magicquotes hasn’t really been a thing to worry about for quite some time.

If you are following an older edition of the book, you should keep in mind that there will likely be some of it that has been superseded.

1 Like

Yes they are called in my index of each protected page:

[CODE]?php

//sets login properties
include_once $_SERVER[‘DOCUMENT_ROOT’] .
‘/includes/magicquotes.inc.php’;

require_once $_SERVER[‘DOCUMENT_ROOT’] . ‘/includes/access.inc.php’;

if (!userIsLoggedIn())
{
include ‘…/login.html.php’;
exit();
}
if (!userHasRole(‘Account Administrator’))
{
$error = ‘Only Account Administrators may access this page.’;
include ‘…/accessdenied.html.php’;
exit();
}
.
.
.
… the rest of the code
[/CODE]

and @Mittineague . Yes I am using an older edition so that may be why. Should I delete all trace of magic quote ? Even if I do so, I still get errors

Got it ! I suppressed all magic quote trace on every page and made some changes to my access.inc.php . I wrote a session_start() right at the beginning and remove each session_start() in each if statement !

Here is the code if you are curious:

[CODE]<?php

ini_set(‘display_errors’, 1);
ini_set(‘display_startup_errors’, 1);
error_reporting(E_ALL);

function userIsLoggedIn()
{

session_start();

if (isset($_POST[‘action’]) and $_POST[‘action’] == ‘login’)
{
if (!isset($_POST[‘email’]) or $_POST[‘email’] == ‘’ or
!isset($_POST[‘password’]) or $_POST[‘password’] == ‘’)
{
$GLOBALS[‘loginError’] = ‘Please fill in both fields’;
return FALSE;
}
$password = md5($_POST[‘password’] . ‘ijdb’);

if (databaseContainsAuthor($_POST[‘email’], $password))
{

$_SESSION[‘loggedIn’] = TRUE;
$_SESSION[‘email’] = $_POST[‘email’];
$_SESSION[‘password’] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION[‘loggedIn’]);
unset($_SESSION[‘email’]);
unset($_SESSION[‘password’]);
$GLOBALS[‘loginError’] =
‘The specified email address or password was incorrect.’;
return FALSE;
}
}
if (isset($_POST[‘action’]) and $_POST[‘action’] == ‘logout’)
{

unset($_SESSION[‘loggedIn’]);
unset($_SESSION[‘email’]);
unset($_SESSION[‘password’]);
header('Location: ’ . $_POST[‘goto’]);
exit();
}

if (isset($_SESSION[‘loggedIn’]))
{
return databaseContainsAuthor($_SESSION[‘email’],
$_SESSION[‘password’]);
}
}
function databaseContainsAuthor($email, $password)
{
include ‘db.inc.php’;
try
{
$sql = ‘SELECT COUNT(*) FROM author
WHERE email = :email AND password = :password’;
$s = $pdo->prepare($sql);
$s->bindValue(‘:email’, $email);
$s->bindValue(‘:password’, $password);
$s->execute();
}
catch (PDOException $e)
{
$error = ‘Error searching for author.’;
include ‘error.html.php’;
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;

}
}
function userHasRole($role)
{
include ‘db.inc.php’;
try
{
$sql = “SELECT COUNT(*) FROM author
INNER JOIN authorrole ON author.id = authorid
INNER JOIN role ON roleid = role.id
WHERE email = :email AND role.id = :roleId”;
$s = $pdo->prepare($sql);
$s->bindValue(‘:email’, $_SESSION[‘email’]);
$s->bindValue(‘:roleId’, $role);
$s->execute();
}
catch (PDOException $e)
{
$error = ‘Error searching for author roles.’;
include ‘error.html.php’;
exit();
}
$row = $s->fetch();
if ($row[0] > 0)
{
return TRUE;
}
else
{
return FALSE;
}
}
?>[/CODE]

1 Like

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.