PDA

View Full Version : Help with sessions


owner
10-14-2007, 04:23 PM
Hello,

I am trying to build a site where a user can login and stay logged in throughout the site till he/she logs out. Everything is fine except that I am getting errors like...

Warning: Cannot modify header information - headers already sent by (output started at /home/gamers/public_html/ottcommunity/junk/secretsite/header.php:4) in /home/gamers/public_html/ottcommunity/junk/secretsite/includes/backend.php on line 24How could I fix these errors? I am mixing my html and php so that is why I am getting these errors, but I don't know how else to go about coding my site.

see in my header.php file I have this right at the top

session_start();

Then in my login file which I get this error when I want to redirect someone using this code:

$_SESSION['id'] = $rowAccount['user_id'];
$_SESSION['usergroup'] = $rowAccount['user_group'];

header('Location: home.php');
exit;


I don't know howelse to go about this...

Any help would be much appreciated

davidj
10-14-2007, 04:54 PM
its a warning

you are outputing data before sending out HTML headers

you are probably echoing data within the PHP script above the html

owner
10-14-2007, 05:06 PM
Correct, but how would I get around this?

davidj
10-14-2007, 07:04 PM
assign your messages to a var


$message = "this is a message";

then echo the $message var within the HTML

owner
10-14-2007, 07:34 PM
Ok here is what I have and it is not working at all.

<?php
include 'header.php'; //This file is show below.
include 'nav.php'; //This is a file with html code showing my navigation on the left side

$backend->//My line to connect to the db

//Catch Field Data
$username = $_POST['username'];
$password = md5($_POST['password']);
$submitted = $_POST['submitted'];

//I removed some sql queries here

if ($rowAccount){
$backend->login($rowAccount); //IN here it redirects you to another php file where it shows you some controlls. This is where I get my error.
}elseif($submitted){
$error = "You dont exist in the system, so sucks to be you, but your not getting in!";
}
?>

Below here is some html and some php returning the login screen and some other stuff

<?php

session_start();
echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">";
include ('./includes/backend.php');

$backend = new backend();
$backend->load_language('lang_global');

$title = $backend->lang['page_title']." ".$backend->lang['title_sub_page'];

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><?php echo $title; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="The link to my style sheet is here but I removed it" rel="stylesheet" type="text/css" />
</head>
<body>
<div id="body">
<div id="wrapper">
<div class="boxtop"></div>
<div id="mlogo"><a href="./" title="Unfried Chicken"></a></div>
<div class="boxbottom"></div>

Well that is all that is it to it. Any ideas on what I should do to fix?

Thank you,
-Owner

davidj
10-14-2007, 07:42 PM
where is the class code

owner
10-14-2007, 07:58 PM
where is the class code

Sorry about that. Here is the function i'm calling in my class

function login($rowAccount){

$_SESSION['id'] = $rowAccount['user_id'];
$_SESSION['usergroup'] = $rowAccount['user_group'];

header('Location: home.php');
exit;
}

-Owner

davidj
10-14-2007, 08:07 PM
I dont understand the function

you are assigning sessions then redirecting ?

wouldnt it be better to use the function to query the db aswell and then allow access if the user is found or deny if not found?

this is what functions and classes are for really. To keep all your code together

so all you would do is pass in the $_POST['username'] and $_POST['password'] as arguments when you call the function then perform the query from inside the login function

owner
10-14-2007, 10:24 PM
No, the reason I am redirecting the user is so once they login they automatically go to another page that shows all their information instead of just getting a "hey you are logged in" message on that page.

Here is my code to query the login...

if ($username && $password) {
/////////////////////////////////////////////
$query = sprintf("SELECT * FROM users where user_name='$username' and user_password = '$password'");
$result = @mysql_query($query);
$rowAccount = @mysql_fetch_array($result);
/////////////////////////////////////////////
}

owner
10-17-2007, 01:47 AM
bump please

owner
10-20-2007, 05:25 PM
bump again please?

davidj
10-20-2007, 10:17 PM
I have my own class which i use

please review it and see what you can understand of it


<?php
session_start();
include('connection/connection.php'); /// << connection include ///

class Connector{

// define vars
var $connect;
var $recordset;
var $row;
var $sql;
var $query;
var $totalRows;

//initialise constructor /////////////////
function Connector(){}
//////////////////////////////////////////

// connect to database //////////////////
function plugin($hostname, $database, $username, $password){

$this->connect = mysql_pconnect($hostname, $username, $password)
or trigger_error(mysql_error(),E_USER_ERROR);

$this->dbase = mysql_select_db($database, $this->connect);

}

//////////////////////////////////////////


//////////////////////////////////////////
// check security for each page
function security($level){

if(! $level){

return header("location:index.php");

}

}

//////////////////////////////////////////
function setQuery($sql){

$this->query = sprintf($sql);
$this->recordset = mysql_query($this->query, $this->connect) or die(mysql_error());
$this->row = mysql_fetch_array($this->recordset);
$this->totalRows = mysql_num_rows($this->recordset);

$array = array();
$array[] = $this->row; // << $array[0] = data (multi dimensional)
$array[] = $this->recordset; // << $array[1] = recordset result id
$array[] = $this->query; // << $array[2] = the actual query for debuging
$array[] = $this->totalRows; // << $array[3] = number of rows returned

return $array;

}
//////////////////////////////////////////
// login function is used in conjunction with setQuery function
function login($sql){

// call Query function above //
$result = $this->setQuery($sql);

// perform condition and action on results //
if($result[3] > 0){

// assign sessions to be used later on ///
$_SESSION['access'] = true;
$_SESSION['user_id'] = $result[0]['user_name'];
$_SESSION['user_name'] = $result[0]['user_full_name'];
$_SESSION['status'] = $result[0]['status'];

// redirect successful login
$letmein = header("location:switchboard.php");

}else{

$letmein = false;

}

return $letmein;

}

////////////////////////////////////////////
function logoff(){

session_unset();
session_destroy();

}


}
?>


this is taken from my login page...


include('class/class.php'); // << db class
$newCon = new Connector; // << Connect to db
//$newCon->security($_SESSION['access']); // << check security ($access is defined in the connection.php dir)
$newCon->plugin($hostname,$database,$username,$password); // << connect to db
/////////////////////////////////////////
$username = $_POST['username'];
$password = $_POST['password'];

$sql = "select * from user where user_name = '$username' and user_password = '$password'";

if($username && $password){
$newCon->login($sql); // << connect to db
}