PHP - Session Trouble

I am trying to create an index page which contains registration and login field
the problem that i get is on successful login a warning is displayed
session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235

This is the login part of my index.php
this tag is inside an html table below the login form
I also have a registration form and its php code above the login form


Code: [Select]
<?php
if (isset($_REQUEST['pass']))
{
    $id=$_POST['id'];
    $pass=$_POST['pass'];

    $conn =mysql_connect("localhost","root","");
    if (!$conn)
    {
   die('Could not connect: ' . mysql_error());
    }
/*
checking connection....success!
*/
    $e=mysql_select_db('test', $conn);
    if(!$e)
    {
   die(''.mysql_error());
    }
    else
    {
   echo 'database selected successfully';
    }

    if (isset($_REQUEST['id'])  || (isset($_REQUEST['pass'])))
    {
        if($_REQUEST['id'] == "" || $_REQUEST['pass']=="")
        {
       echo "login fields cannot be empty";
        }
        else
        {
            $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'");
            $count=mysql_num_rows($sql);
            if($count==1) 

    /* $count checks if username and password are in same row */
            {   
                session_start();
                $_SESSION['id']=$id;
                echo "</br>Login Successful</br>";
            }
            else
            {
           echo "</br>invalid</br>";
           echo "please try to login again</br>";

            }
        
        }   
    }
}
?>


Any help or suggestion would be appreciated

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

Just curious how other people feel about this.  I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.     Would it make more sense to...   1.  Pull all data ONCE and store it in SESSION variables to use on other pages    2.  Pull the data from the database on each new page that needs it   I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?   Side question that's kind of related:  As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?   Both are probably loaded questions but any possible insight would be appreciated.   Thanks! Greg
Edited by galvin, 04 November 2014 - 10:30 AM.

Evening!

I've been iffing and ahhing over this and well im not too sure, hence the post.

Code: [Select]
// Redirects if there is no session id selected and echos the error on the previous page
if(!isset($_GET['get']) || ($_GET['getget'])){
header("Location: #.php?error");
}
So it should simply check if get is set if it isnt then see if getget is set?

If not redirect and show the error.

Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone?

Harry.

Building a website for work. I am struggling with the login for some reason. I`m using a lot of the same code as I did for my personal site and a few other websites I`ve programmed which has always worked. But for some reason, it isn`t working now. I`ve already told it to display to me the information that`s being processed and that is all correct (it even updates the database like it`s supposed to). It just won`t show the person being logged in, which defeats the purpose of logging in, yanno?

Here are all the files in question.

login.php
<?php
include "file_calls.php";
$title = "Business Name (Beta): Log In";
include "functions.php";
session_start();
echo "$title";
echo "<p>";
echo "Log into the Business Name website. Only authorized members of the Business Name Staff can log into the website.";
echo "<p>";
include "login_form.php";
?>

login_form.php
<?php
echo "<form action='logging.php' method='post'>";
echo "E-Mail Address:";
echo "<br><input type='text' name='email' size=60 maxlength=100>";
echo "<p>";
echo "Password:";
echo "<br><input type='password' name='pass' size=60 maxlength=25>";
echo "<p>";
$buttonlabel = "Log In";
include "formbutton_format.php";
echo "</form>";
?>


logging.php
<?php
include "file_calls.php";
$title = "Business Name (Beta): Logging In";
include "functions.php";
session_start();
echo "$title";
echo "<p>";
echo "Logging into the Business Name website. Only authorized members of the Business Name Staff can log into the website.";
echo "<p>";
$email = $_POST['email'];
$pass = $_POST['pass'];
$entry_date = strftime("%B\ %e\,\ %Y %I:%M:%S %p", time());

$res = mysql_query("SELECT id, memlev, pwd1, pwd2, email, name FROM user_data WHERE email='$email'");
$by = mysql_fetch_row($res);
mysql_free_result($res);

$log = $by[4];
$pas = $by[2];
$pas2 = $by[3];

if ($email && $pass) {
if ($by[0]) {
if ($by[1] == 2) {
$passwd = crypt($_REQUEST['pass'],$by[5]);
if ($pass == $pas2) {
mysql_query("UPDATE user_data SET lastlogin='$entry_date' WHERE email='$email'");
mysql_close($con);
header("Location: index.php");
}
elseif ($passwd != $pas) {
header("Location: nolog.php?logout=1&m=4");
}
}
elseif ($by[1] == 1) {
header("Location: nolog.php?logout=1&m=2");
}
elseif ($by[1] == 0) {
header("Location: nolog.php?logout=1&m=3");
}
}
elseif (!$by[0]) {
header("Location: nolog.php?logout=1&m=1");
}
}
elseif (!$email || !$pass) {
echo "<b>Error:</b> Both username and password must be entered in order to log in.";
echo "<p>";
include "login_form.php";
}
?>[/php

index.php
[php]<?php
include "file_calls.php";
$title = "Business Name (Beta)";
include "functions.php";
session_start();
echo "$title";
echo "<p>";
echo "This website is currently under construction. Thank you for your patience.";
echo "<p>";
if ($lev > 1) {
echo "Hello, $loggeduser !";
}
elseif ($lev < 2) {
echo "Not logged in.";
}
echo "<p>";
echo "$lev";
echo "<br>$loggeduser<br>$email";
?>

auth.php

<?php
  // Defines
 
  DEFINE('SESSION_MAGIC','sadhjasklsad2342');

  // Initialization
  @session_start();
  @ob_start();
  
 
    /*
      Redirects to another page
    */
    function Redirect($to) {

   @session_write_close();
   @ob_end_clean();
   @header("Location: $to");
    } 
 
     /*
        Deletes existing session
    */
function RemoveSession() {
$_SESSION = array();
if (isset($_COOKIE[session_name()])) {
   @setcookie(session_name(), '', time()+(60*60*24*365), '/');
}
}
    
/*
  Checks if user is logged in
*/ 
function isLoggedIn() {

return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC));
}


 
    /* 
      read message count
    */
    function CountMessages($id) {
    
   if ($res=mysql_query("SELECT * FROM user_data WHERE email='$email'"))
   {
   $count=mysql_num_rows($res);
   mysql_free_result($res);    
   return($count);
   }
   return 0; 
    }
    
    /*
      Go login go!
    */
    function Login($email,$pass) {
   
    global $nmsg, $rows;
   
   $ok=false;
   if ($res=mysql_query("SELECT id, email, name, pwd1, pwd2, memlev FROM user_data WHERE email='$email' AND pwd2='$pass'"))
   {
   if ($rows=mysql_fetch_row($res)) {
    $_SESSION['sess_name'] = $rows[2];
$_SESSION['pass'] = $pass;
$_SESSION['gal'] = $rows[0];
$_SESSION['level2'] = $rows[5];
$_SESSION['email'] = $rows[1];
    $_SESSION['magic'] = SESSION_MAGIC;
    $nmsg = CountMessages($rows[0]);
    $ok=true;
   } else {
   include('login_failed.php');
   }
   mysql_free_result($res);
   }
   return($ok);
   }
   
       /*
      Terminates an existing session
    */
    function Logout() {
    @RemoveSession();
    @session_destroy();
    }

    /*
      Escape array using mysql
    */   
function Escape(&$arr)
{
 if (Count($arr)>0) {
    foreach($arr as $k => $v) {
        if (is_array($v)) {
            Escape($arr[$k]);
        }
        else {
            if (function_exists('get_magic_quotes')) {
                if(!get_magic_quotes_gpc()) {
                    $arr[$k] = stripslashes($v);
                }
            }
            $arr[$k] = mysql_real_escape_string($v);
        }
   }
      }
}

// -----------------------------------------------    
// Main
// -----------------------------------------------    

   Escape($_POST);
   Escape($_GET);
   Escape($_COOKIE);
   Escape($_REQUEST);
   Escape($_GLOBALS);
   Escape($_SERVER);
   
?>


file_calls.php
<?php
include "info_con.php";
include "auth.php";
?>


functions.php

<?php
echo "<title>$title</title>";




$lev=isset($_SESSION['level2'])?$_SESSION['level2']:0;
$logged=isset($_SESSION['gal'])?$_SESSION['gal']:0;
$loggeduser=$_SESSION['sess_name'];
$nmsg = 0;
$rows = isset($_SESSION['rows'])?$_SESSION['rows']:array();
$email = isset($_SESSION['email'])?$_SESSION['email']:'';
$pass = isset($_SESSION['pass'])?$_SESSION['pass']:'';






function rand_chars($c, $l, $u = FALSE) {
  if (!$u) for ($s = '', $i = 0, $z = strlen($c)-1; $i < $l; $x = rand(0,$z), $s .= $c{$x}, $i++);
  else for ($i = 0, $z = strlen($c)-1, $s = $c{rand(0,$z)}, $i = 1; $i != $l; $x = rand(0,$z), $s .= $c{$x}, $s = ($s{$i} == $s{$i-1} ? substr($s,0,-1) : $s), $i=strlen($s));
  return $s;
}






function ShowLoggedInBar() {
global $email,$pass,$rows,$logid;

   $nmes="";
   if($nmsg){
 $nmes="($nmsg New)";
   }
   echo "Hello, $loggeduser !";
}








/* check if we are logging out */
if (isset($_REQUEST['logout'])) {
Logout();
}

/* check if already logged in */
if (isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)) {   
   ShowLoggedInBar();
}
else {

/* not logged in, is it a form post? */
if (isset($_REQUEST['email']) && isset($_REQUEST['pass'])) {
$email = $_REQUEST['email'];
$pass = crypt($_REQUEST['pass'],$email);
Login($email,$pass);
} else {

}
}
?>


Can anyone see why it works on everything but getting the person logged in?

Hi Chaps,

I have a PHP FTP App, where users can log in using a unique code and a password.

Their unique code corresponds to an FTP folder, e.g.
Quote

\FTP_Root\Customer A & Co\


So when the user logs in, they can see their FTP directory and contents, in this case an Inbox and an Outbox.
This works as the FTP folder contains both an Inbox and an Outbox.

The problem I am having is when I try browsing within this directory (say the Inbox), ftp-chdir fails.

I have a hyperlink that sends a 'dir' parameter to the same ftp.php page, and if set, will attempt to change to the given directory.

So even though the URL Hyperlink reads:
Quote

....server.co.uk/ftp.php?dir=/FTP_Root/Customer A & Co/Inbox


When you click on this link, the page tries to load:
Quote

....server.co.uk/ftp.php?dir=/FTP_Root/Customer A


So my question is what do I need to change, the Hyperlink to read something like:
Quote

....server.co.uk/ftp.php?dir=/FTP_Root/Customer%20A%20&%20Co/Inbox



Do something to the ftp-chdir function, where I encode/decode/whatever to make sure it tries to change to the correct FTP directory?

Or exclude all ampersand entirely?

Hello everyone,

I am new to this forum and PHP world. Doing my first project, a pretty complicated one to start with. I will be needing your help a lot to accomplish it.
Here is the first one.

1. I have a certain field called 'country'
2. I have small flag icons for every country.

WHAT DO I WANT TO DO?

Example - If the country is U.S.A., the U.S. flag shows up and is a link to www.domain.com/usa
If the country is Germany, the German flags shows up and is a link to www.domain.com/germany
If the country is not set, no flag shows up. END.

How do I execute this?

This is what I am doing to get the image
<img src="images/flags/<?php echo $row_rsPilots['country']; ?>.gif" alt="" name="Flag" width="20" height="20" id="Flag" />

How do make it a link to www.domain.com/'country'

Thanks in advance

I don't get why this fails. date() is meant to be a string, so why does it not concatenate correctly?
Code: [Select]
date_default_timezone_set('UTC');
$inputTime = date('c');
$inputTime = $inputTime . ' (UTC)';
// or $inputTime = date('c') . ' (UTC)';
Thanks.

I'd like to perform 2 tasks:

First, get a list of users who have not logged in for 30 days. Then, deduct some points as a penalty. This is what I have so far:

Code: [Select]
$sec=30*86400;
$curr_time=time();
$maxtime=$curr_time-$sec;
$result = mysql_query("SELECT scm_mem_id FROM sc_member WHERE (scm_lastlogin < '$maxtime') ORDER BY scm_lastlogin") ;
while($row = mysql_fetch_row($result)) {
$member = $row[0];
//-------------------------- DEDUCT POINTS --------------------------------
$points = ?; // need to pull existing points (field: scm_points) from the above SELECT statement and deduct 10% (rounded)
$time_=time();
$sql_c = "INSERT INTO sc_coins_asset (`type_id`,`mem_id`,`from/to_mem_id`,`date_added`,`value`) VALUES(9,$member,8,'".$time_."',-".$points.")";
$db->insert_data($sql_c);
}

Don't have a huge deal of experience with this side of things, well php as a whole really but really struggle with this side, ive coded up a cron but it only works for 1 user, unsure as to why, i want it to do the action for every player that has item 17, the codes below any help would be appreciated, Thanks guys

Code: [Select]
<?php
include("server.php");
$sql = "SELECT * FROM player_inventory WHERE item_id = 17";
$que = mysql_query($sql) or die(mysql_error());
$res = mysql_fetch_array($que);
$sql2 = "SELECT * FROM players WHERE id = $res[player_id]";
$que2 = mysql_query($sql2);
while($res2=mysql_fetch_array($que2)) {
$Weight = 8 / 100 * (100 + $res2['ProductionWeight']);
$Quality = 75 / 100 * (100 + $res2['ProductionWeight']);
$StreetCred = $Weight * $Quality / 10;
$update = "UPDATE players SET StreetCred = StreetCred + $StreetCred WHERE id = $res[player_id]";
mysql_query($update) or die(mysql_error());;
$update2 = "INSERT INTO drug_inventory (player_id,quality,weight) VALUES('$res[player_id]',$Quality,$Weight)";
mysql_query($update2) or die(mysql_error());;
echo "Grow Completed.";
}
?>

Hey,

I am trying to make and then read an array of items. Can someone help please?

I have a database field that holds an unlimited number of codes, and I need to get those codes....

at the moment I have a section of php   $products= array($products);
  $array = array_values($products);
  print_r($array);

which generates

Array ( => FRE0001,FRE0009,FRE0009,FRE0024,FRE0024 )

as the output...

What I need is to know how many of each code there are and the different codes....

i.e. 1 x FRE0001, 2 x FRE0009, 2 x FRE0024

Whats the best way to output the array and then count?

I wrote a simple sales tax function but it keeps come back with a sales tax of 0 the price is coming from a database. 

Code: [Select]

function TotalSalesTax($price)
{
$salesTax = .07;
$TotalSalesTax = $price * $salesTax;
    number_format($TotalSalesTax, 2);
return $TotalSalesTax;
}


Code: [Select]
<tr> 
    <td></td> 
    <td>Sales Tax:  </td>
    <td><?php echo TotalSalesTax($price);?>  </td>
</tr>

product page that the price comes from
Code: [Select]
<?php
session_start();
if(!isset($_SESSION['quantity']))

{
  $_SESSION['quanity']=array(); //if there are no quantities selected, the array is empty
  if(is_array($_POST['quantity']))//if there are items in the cart
{
  echo $quantity;
  header("location: checkOut.php");
}
}
require_once("functions.php");
?> 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<style type="text/css">
td {
border-top-style: solid;
border-right-style: solid;
border-bottom-style: solid;
border-left-style: solid;
border-top-color: #30C;
border-right-color: #30C;
border-bottom-color: #30C;
border-left-color: #30C;
}
#productCatalog {
width:400px;   
margin-right: auto;
margin-left: auto;
}
</style>
<link href="doggyTreats.css" rel="stylesheet" type="text/css" />
</head>

<body>
<?php
logo();
navBar();
echo "<div id=\"productCatalog\">";
echo "<form action=\"checkOut.php\" method=\"post\" name=\"catalog\">";
  
DatabaseConnection();  

  $query = "SELECT * FROM treats"; 
        $result_set = mysql_query($query) or die(mysql_error());
$i = 0;

        echo "<table>";
        while ($row = mysql_fetch_array($result_set))
        {
echo"<tr><td width=\"2s00px\"><img src=\"{$row['product_pic']}\" /></td><td width=\"200px\">{$row['product_title']}.<br /><br />{$row['product_Description']}.<br /> Price:  \${$row['price']}.<br /><br />Quantity <input name=\"quantity\" type=\"text\" size=\"2\" /></td></tr>";
        }
  echo "<tr>"; 
echo "<td><input name=\"submit\" type=\"submit\" value=\"Proceed to Checkout\" />"; 
echo "</table>";    
echo "</form>";
echo "</div>";
footer();
?>
</body>
</html>

I'm trying to figure out why my entire if statement is not working properly. What is happening when I run my form is that it puts it into the first if statement regardless of what the value of $style is and I don't know why. The other parts of the for submission works BUT my if statement. And inside of firebug it is passing the RIGHT post data so it has the correct value for style each time.

<?php

// Include the database page
require ('../inc/dbconfig.php');

if (isset($_POST['submitcharacter'])) {
    $charactername = mysqli_real_escape_string($dbc, $_POST['charactername']);
    $charactershortname = mysqli_real_escape_string($dbc, $_POST['charactershortname']);
    $sortorder = mysqli_real_escape_string($dbc, $_POST['sortorder']);
    $style = mysqli_real_escape_string($dbc, $_POST['style']);
    $status = mysqli_real_escape_string($dbc, $_POST['status']);
    $alignment = mysqli_real_escape_string($dbc, $_POST['alignment']);
    $division = mysqli_real_escape_string($dbc, $_POST['division']);

    $query = "INSERT INTO `characters` (charactername, charactershortname, status_id, style_id, division_id, alignment_id, sortorder, creator_id, datecreated) VALUES ('$charactername','$charactershortname','$status','$style','$division', '$alignment', '$sortorder', 1, NOW())";
    mysqli_query($dbc, $query);
    $query_id = mysqli_insert_id($dbc); 
    $query1 = "INSERT INTO `allies` (character_id) VALUES (".$query_id.")";
    mysqli_query($dbc, $query1);  
    $query2 = "INSERT INTO `rivals` (character_id) VALUES (".$query_id.")";
    mysqli_query($dbc, $query2);  
    if ($style = 1) {
        $query3 = "INSERT INTO `singles` (character_id) VALUES (".$query_id.")";
        mysqli_query($dbc, $query3);  
     } elseif ($style = 2) {
        $query4 = "INSERT INTO `tagteams` (character_id) VALUES (".$query_id.")";
        mysqli_query($dbc, $query4);
     } elseif ($style = 3) {       
        $query5 = "INSERT INTO `managers` (character_id) VALUES (".$query_id.")";
        mysqli_query($dbc, $query5);        }       
     } elseif ($style = 4) {
        $query6 = "INSERT INTO `stables` (character_id) VALUES (".$query_id.")";
        mysqli_query($dbc, $query6);  
     } elseif ($style = 5) {
        $query7 = "INSERT INTO `referees` (character_id) VALUES (".$query_id.")";
        mysqli_query($dbc, $query7);  
     } else {
        $query8 = "INSERT INTO `staff` (character_id) VALUES (".$query_id.")";
        mysqli_query($dbc, $query8);   
     }
        
?>

Hi all,

I'm trying to clean up some code and eliminate redundancy.  I'm trying to include a variable function inside of another variable function, but for some reason am having some difficulty.

These functions dbDelete() is a function that opens a connection to MySQL.  The user only has DELETE Privileages.  I can ru dbDelete() by itself.

My problem comes when I try to include dbDelete() as part of a global session cleanup/destroy function.  That function's name is TimeOutAct().

Observe the following code:

<?php
$userID = array('scott');
function dbDelete($param){
$conDelete = mysql_connect($url,'myusername','mypassword',true);
mysql_select_db('mydatabase',$conDelete);
mysql_query($param,$conDelete);
mysql_close();
   if(isset($conDelete)){
   mysql_close($conDelete);
   }
}
function timeOutAct(){
   dbDelete("DELETE FROM acctussessi WHERE acctussessi_usid = '$userID[0]'");
   $_SESSION = array();
   setcookie(session_name(),'',time()-4200);
   session_destroy();
}
//function dbDelete() isn't called when I do this :0
timeOutAct();

//if I do the following dbDelete() is called:
dbDelete("DELETE FROM acctussessi WHERE acctussessi_usid = '$userID[0]'");
?>

Please help me.  I a bit of a newb and need the expertise here !