I just added a login feature to my site which uses sessions to keep the user logged in. On my localhost everything works fine, but when I upload it to my online server, I get this message when I go to my login page:
[COLOR=“Blue”]Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home7/mcquist1/public_html/coffeejoint/includes/head.html.php:10) in /home7/mcquist1/public_html/coffeejoint/includes/access.inc.php on line 42
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home7/mcquist1/public_html/coffeejoint/includes/head.html.php:10) in /home7/mcquist1/public_html/coffeejoint/includes/access.inc.php on line 42[/COLOR]
I have already tried the solution in the post “common php problems” which refers to the same problem, and the solution is to make sure there is no white space before my first <?php.
The warning states: 'headers already sent(output started …includes/head.html.php:10). Line 10 is simply the last line of my head file(included in it’s entirety below).
After mention of the previous line, the error goes on to state 'in …includes/access.inc.php on line 42. Access is just my page of php functions, line 42 goes: session_start();
Again, I have made sure there is no whitespace before <?php in any of my files. Anyone know which direction to look for a solution on this one??
Hy,
Im not sure what the cause is, if no other outputs, whitespace, header(), cookie before that line, try saving those files in other Encoding format: UTF-8, or UTF-8 without BOM.
You can use Notepad++.
no output must have been sent before a session starts.
You have the Session_start() call on line 42, after a lot of the HTML have been outputted to the browser.
Move the session_start to the very first line of your files, and the problem should be solved.
All the code from this particular file came from the Sitepoint book “Build your own database driven website- 4th ed.” Everything in this particular file is php, no html in there. I’ve posted my file from beginning to just after line 42. There are several “session_start()” 's in this file because it is all php and there are different functions and if statements within those functions that would lead to a session_start().
Just for fun, i eliminated the session_start() on line 42(highlighted in red) to see what would happen. When I first get to the login page, no errors come up. Once I log in, the errors come up, and as I navigate through the site, my login is not saved, I have to log back in. So then I tried eliminating another session_start from the section that would be executed after login(highlighted in green) and now both errors are gone, but the whole session/keep me logged in functionality is basically gone, so that doesn’t really solve anything at all. As you can probably tell, my grasp of the whole sessions concept is fairly weak, the sitepoint book does a good job of laying out instructions, but as far as providing a good conceptual understanding of what is going on, I could use some additional resources. I’m not a computer science major, all self taught…
Any additional help would be greatly appreciated!
<?php
function userIsLoggedIn()
{
if (isset($_POST['action']) and $_POST['action'] == 'login')
{
if (!isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or $_POST['password'] == '')
{
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5 ($_POST['password'] . '3456_1');
if(databaseContainsAuthor($_POST['email'], $password))
{
// session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
return TRUE;
}
else
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
$GLOBALS['loginError'] =
'The specified email address or password was incorrect.';
return FALSE;
}
}
if (isset($_POST['action']) and $_POST['action'] == 'logout')
{
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
header('Location: ' . $_POST['goto']);
exit();
}
//session_start();
if (isset($_SESSION['loggedIn']))
{
return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
}
}
The code looks o.k. As a previous poster wrote, this might be due to a BOM in your file, which will happen if you save your file as Unicode or UTF-8 in Notepad.
A tip: Use the else-clause to speed up your code to check whether the action is login or logout. Also, indent your code to make it easier to read:
function userIsLoggedIn() {
if (isset($_POST['action']) and $_POST['action'] == 'login') {
if (!isset($_POST['email']) or $_POST['email'] == '' or !isset($_POST['password']) or $_POST['password'] == '') {
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$password = md5 ($_POST['password'] . '3456_1');
if(databaseContainsAuthor($_POST['email'], $password)) {
// session_start();
$_SESSION['loggedIn'] = TRUE;
$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $password;
return TRUE;
}
else {
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
$GLOBALS['loginError'] = 'The specified email address or password was incorrect.';
return FALSE;
}
}
else if (isset($_POST['action']) and $_POST['action'] == 'logout') {
session_start();
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
unset($_SESSION['loggedIn']);
header('Location: ' . $_POST['goto']);
exit();
}
//session_start();
if (isset($_SESSION['loggedIn'])) {
return databaseContainsAuthor($_SESSION['email'], $_SESSION['password']);
}
}
Here is the first part of my index page, the controller for my site. The userIsLoggedIn() function is the first function called. I can post the rest of it, but I think this is what you need…
<?php
require_once('includes/initialize.php');
require 'includes/head.html.php';
require 'includes/header.html.php';
//**Addshop form for adding more coffeeshops**
if (isset($_GET['addshop']))
{
require_once('includes/access.inc.php');
if (!userIsLoggedIn())
{
include 'login.html.php';
exit();
}
if (!userHasRole('Account Admin'))
{
$error = 'Only Shop Editors may access this page.';
include 'accessdenied.html.php';
exit();
}
if(true)
{
include 'includes/addshop.html.php';
exit();
}
}
so the includes/head.html.php is the file you posted in the first post?
Here’s a little test for you:
Try doing an echo “Calling userIsLoggedIn()” just before you actually calls the function, then execute the website and look in the sourcecode…
How much output do you see, before the “Calling userIsLoggedIn()”?
You must not have ANY output before the session_start().
Yes, the code in my very first post was from “head.html.php”. I tried that test, went to the page with the errors, and here is the source code below. The top half of this is from “head.html.php”, and below the blue line I’ve inserted here is the output from “header.html.php”. Those are both includes at the top of my index.php file. If those includes are called at the top of my controller, i’m not quite sure how to put my call to UserIsLoggedIn() before those. The only solution I can think of would be rather than submitting the “addshop” string back to the index page as I have done(using just a link a href=“?addshop”>Add New Shop</a> use a submit button to submit it to someplace else, but where?
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN”
“http://www.w3.org/TR/xhtml/DTD/xhtml1-strict.dtd”>
<head>
<meta http-equiv=“Content-Type” content=“text/html; charset=utf-8” />
<link rel=“stylesheet” type=“text/css” href=“css/coffeemain.css”/>
<title>Josh PHP Project</title>
</head> -----------------start of “header.html.php”-----------------------
<html>
<body>
<div id=“header”>
<img src=“images/coffee_beans.jpg” id=“*******”>
<h1>CoffeeJoint</h1><h2 class=“inline”>(mcquistonator.com)</h2>
<a id=“gohome” href=“?”>HOME</a>
<div class = “transbox”>
<p id=“subtitle”>The place to go when you need a pick-me-up!</p>
</div>
</div>
</body>
</html>
calling userIsLoggedin()<br />
<b>Warning</b>: session_start() [<a href=‘function.session-start’>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home7/mcquist1/public_html/coffeejoint/index.php:1) in <b>/home7/mcquist1/public_html/coffeejoint/includes/access.inc.php</b> on line <b>43</b><br />
<br />
<b>Warning</b>: session_start() [<a href=‘function.session-start’>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home7/mcquist1/public_html/coffeejoint/index.php:1) in <b>/home7/mcquist1/public_html/coffeejoint/includes/access.inc.php</b> on line <b>43</b><br />
<html xmlns=“http://www.w3.org/1999/xhtml” xml:lang=“en” lang=“en”>
<head>
<title>Log In</title>
<meta http-equiv=“content-type”
content=“text/html; charset=utf-8”/>
</head>
<body>
<h1>Log In</h1>
<p>Please log in to view the page that you requested.</p>
<form action=“” method=“post”>
<div>
<label for=“email”>Email: <input type=“text” name=“email” id=“email”/></label>
</div>
<div>
<label for=“password”>Password: <input type=“password” name=“password” id=“password”/></label>
</div>
<div>
<input type=“hidden” name=“action” value=“login”/>
<input type=“submit” value=“Log In”/>
</div>
</form>
<p><a href=“?”>Return to CoffeeJoint Home</a></p>
</body>
</html>
<?php
session_start(); // <-------- add session_start here
require_once('includes/initialize.php');
require 'includes/head.html.php';
require 'includes/header.html.php';
//**Addshop form for adding more coffeeshops**
if (isset($_GET['addshop']))
{
require_once('includes/access.inc.php');
if (!userIsLoggedIn())
{
include 'login.html.php';
exit();
}
if (!userHasRole('Account Admin'))
{
$error = 'Only Shop Editors may access this page.';
include 'accessdenied.html.php';
exit();
}
if(true)
{
include 'includes/addshop.html.php';
exit();
}
}
Try adding session_start() at the start and removing all other occurrences across the rest of the scripts
seems like a reasonable idea, but when I tried it, it just gave me this below…
Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home7/mcquist1/public_html/coffeejoint/index.php:1) in /home7/mcquist1/public_html/coffeejoint/index.php on line 2
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home7/mcquist1/public_html/coffeejoint/index.php:1) in /home7/mcquist1/public_html/coffeejoint/index.php on line 2
It seems like there is something painfully obvious that I’m missing here… or something cleverly hidden(by me since I’m the only one who has worked on this)… I just don’t know what that could be.
My money at this point would be on a BOM at the start of the index.php file. What text editor are you using for editing the code?
When I copy and paste the code from post #13 i get a blank line copied across at the start, have you got any blank line before the <?php in index.php if so you need to remove the blank line.
There are no blank lines or spaces at the beginning of any of my files. I use notepad++. By default all my files were encoded in ANSI, I have changed everything to UTF-8.
You can’t see the BOM visually, as it’s a zero-width non-breaking whitespace. Quite possibly, during the conversion, you accidentally asked to have a BOM (Byte Order Mark) added.
