Warning and Notice Messages From login/register page

adamhewitt5 · March 17, 2017, 4:02pm

Hi all,

I have been following some tutorials and I now have a working log in and register system.

What I then tried to do was include the php files onto my index page.

When I try to do so, I get the following - I have tried googling but my lack of knowledge is holding me back from deciphering what more experienced people are saying in relation to this.

The warnings are:

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /Users/adamhewitt/Sites/demo/index.php:13) in /Users/adamhewitt/Sites/demo/register.php on line 8

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /Users/adamhewitt/Sites/demo/index.php:13) in /Users/adamhewitt/Sites/demo/register.php on line 8

Notice: Constant MYSQL_USER already defined in /Users/adamhewitt/Sites/demo/connect.php on line 13

Notice: Constant MYSQL_PASSWORD already defined in /Users/adamhewitt/Sites/demo/connect.php on line 16

Notice: Constant MYSQL_HOST already defined in /Users/adamhewitt/Sites/demo/connect.php on line 19

Notice: Constant MYSQL_DATABASE already defined in /Users/adamhewitt/Sites/demo/connect.php on line 22

I understand what they mean but I don’t know how to correct what I have done.

The system works fine with them but I am the sort of person that doesn’t like errors.

<?php 

//index.php

 ?>

 <!DOCTYPE html>
 <html>
 <head>
 	<title>Index</title>
 </head>
 <body>
 <?php require 'login.php' ?>
 <?php require 'register.php' ?>
 </body>
 </html>

<?php

//register.php

session_start();

require 'lib/password.php';

require 'connect.php';


if(isset($_POST['register'])){
    
    $username = !empty($_POST['username']) ? trim($_POST['username']) : null;
    $pass = !empty($_POST['password']) ? trim($_POST['password']) : null;
    
    
    $sql = "SELECT COUNT(username) AS num FROM users WHERE username = :username";
    $stmt = $pdo->prepare($sql);
    
    $stmt->bindValue(':username', $username);
    

    $stmt->execute();
    

    $row = $stmt->fetch(PDO::FETCH_ASSOC);
    

    if($row['num'] > 0){
        die('That username already exists!');
    }
    

    $passwordHash = password_hash($pass, PASSWORD_BCRYPT, array("cost" => 12));
    

    $sql = "INSERT INTO users (username, password) VALUES (:username, :password)";
    $stmt = $pdo->prepare($sql);
    

    $stmt->bindValue(':username', $username);
    $stmt->bindValue(':password', $passwordHash);


    $result = $stmt->execute();
    

    if($result){

        echo 'Thank you for registering with our website.';

    }
    
}

?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <title>Register</title>
    </head>
    <body>
        <h1>Register</h1>
        <form action="register.php" method="post">
            <label for="username">Username</label>
            <input type="text" id="username" name="username"><br>
            <label for="password">Password</label>
            <input type="text" id="password" name="password"><br>
            <input type="submit" name="register" value="Register"></button>
        </form>
    </body>
</html>

any help on this would be appreciated.

I am very very new to this so please try and explain things as if you are talking to an actual idiot.

Thanks

Adam

droopsnoot · March 17, 2017, 6:36pm

The ‘headers already sent’ message is because you have sent stuff to the browser before your session_start() function is called. You have that in the top of register.php, but that is included in index.php after you have output some HTML, and after you have included login.php. You don’t show the code for the latter, so I can’t tell whether that also outputs to the browser. Keep in mind that even a blank line before the opening <?php tag counts as output to the browser. But in this case it’s the html before you include the php files that does it.

Your “already defined” messages are because you are trying to define constants that have already been defined, and you can’t do that. I can’t see where that’s happening, but my guess is that both register.php and login.php include the file connect.php which is where db-related things are normally defined. Read up on require_once() instead of using require.

As for the system working despite the warnings, that’s because you don’t seem to actually use a session in the code you posted. I suspect that if you did, it would not work correctly.

adamhewitt5 · March 17, 2017, 6:53pm

Is there a simple fix for this or is it a total rewrite?

droopsnoot · March 17, 2017, 7:06pm

For the ‘headers already sent’, the fix is to start your session before you send any output to the screen.

For the ‘already defined’ messages, the simple fix is to not define things more than once. As I said above, look at using require_once() instead of require(), if the problem is that both login and register include the same database connection file.

As you’ve included code into index.php that was previously standalone code, you have to consider stuff that you might already have done in one of the other files that you included. require_once will ensure that if a file has already been included, it won’t get included again.

Some thought will be needed for the session_start() instruction. It has to go before any browser output, so it’s tempting to say to move it right to the top of index.php and drop it from the included files. But when you run either of the included files separately, you’ll need to have it if you want to actually use any session variables. You’ll need to think of a way to decide whether or not to call session_start() in those included files, based on whether they’re in standalone mode or not. You could probably check whether the form was submitted in register.php and if it was, call session_start(), if it was not, then it was probably included.

system · June 17, 2017, 2:19am

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.