PHP - Simple Session Help

I am trying to create an index page which contains registration and login field
the problem that i get is on successful login a warning is displayed
session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235

This is the login part of my index.php
this tag is inside an html table below the login form
I also have a registration form and its php code above the login form


Code: [Select]
<?php
if (isset($_REQUEST['pass']))
{
    $id=$_POST['id'];
    $pass=$_POST['pass'];

    $conn =mysql_connect("localhost","root","");
    if (!$conn)
    {
   die('Could not connect: ' . mysql_error());
    }
/*
checking connection....success!
*/
    $e=mysql_select_db('test', $conn);
    if(!$e)
    {
   die(''.mysql_error());
    }
    else
    {
   echo 'database selected successfully';
    }

    if (isset($_REQUEST['id'])  || (isset($_REQUEST['pass'])))
    {
        if($_REQUEST['id'] == "" || $_REQUEST['pass']=="")
        {
       echo "login fields cannot be empty";
        }
        else
        {
            $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'");
            $count=mysql_num_rows($sql);
            if($count==1) 

    /* $count checks if username and password are in same row */
            {   
                session_start();
                $_SESSION['id']=$id;
                echo "</br>Login Successful</br>";
            }
            else
            {
           echo "</br>invalid</br>";
           echo "please try to login again</br>";

            }
        
        }   
    }
}
?>


Any help or suggestion would be appreciated

hi everyone.

i'm wondering what the best way is to create a session variable and pass it to an iframe.
i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this?

Code: [Select]
session_start();
  $_SESSION['ID']=$_GET['ID']; // id from previous page
$ID=session_id();

 <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe>

I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content.

To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in?

My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive.

Evening!

I've been iffing and ahhing over this and well im not too sure, hence the post.

Code: [Select]
// Redirects if there is no session id selected and echos the error on the previous page
if(!isset($_GET['get']) || ($_GET['getget'])){
header("Location: #.php?error");
}
So it should simply check if get is set if it isnt then see if getget is set?

If not redirect and show the error.

Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone?

Harry.

Just curious how other people feel about this.  I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.     Would it make more sense to...   1.  Pull all data ONCE and store it in SESSION variables to use on other pages    2.  Pull the data from the database on each new page that needs it   I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?   Side question that's kind of related:  As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?   Both are probably loaded questions but any possible insight would be appreciated.   Thanks! Greg
Edited by galvin, 04 November 2014 - 10:30 AM.

Hi everyone,

I'm trying to select either a class or an id using PHP Simple HTML DOM Parser with absolutely no luck.  My example is very simple and seems to comply to the examples given in the manual(http://simplehtmldom.sourceforge.net/manual.htm) but it just wont work, it's driving me up the wall.

Here is my example: http://schulnetz.nibis.de/db/schulen/schule.php?schulnr=94468&lschb=

I think the HTML is invalid: i cannot parse it.

Well i need more examples - probly i have overseen something!

If anybody has a working example of Simple-html-dom-parser...i would be happy.
The examples on the developersite are not very helpful.

your dilbertone

Hello, im very green to php and I am having trouble creating a simple log in script. Not sure why this is not working, maybe a mysql_query mistake? I am not receiving any errors but nothing gets updated in the members table and my error message to the user displays.  any help is appreciated! here is my php:


<?php
session_start();

$errorMsg = '';
$email = '';
$pass = '';

if (isset($_POST['email'])) {
   $email = ($_POST['email']);
   $pass = ($_POST['password']);
   
   $email = stripslashes($email);
    $pass = stripslashes($pass);
   $email = strip_tags($email);
   $pass = strip_tags($pass);
   
if ((!$email) || (!$pass)) {
   $errorMsg = '<font color="#FF0000">Please fill in both fields</font>';
}else {
   include 'scripts/connect_db.php';
   $email = mysql_real_escape_string ($email);
   $pass = md5($pass);
   
   $sql = mysql_query("SELECT * FROM members WHERE email='$email' AND password='$pass'");
   
   $log_check = mysql_num_rows($sql);
   
if ($log_check > 0) {
    while($row = mysql_fetch_array($sql)) {
      
      $id = $row["id"];
      $_SESSION['id'];
      $email = $row["email"];
      $_SESSION['email'];
      $username = $row["username"];
      $_session['username'];
      
      mysql_query("UPDATE members SET last_logged=now() WHERE id='$id' LIMIT 1");
      
   }//Close while loop
   echo "You are logged in";
             exit();
}
else {
   $errorMsg = '<font color="#FF0000">Incorrect login data, please try again</font>';
}


     }
}
?>



and the form:

<?php echo $errorMsg; ?>
<form action="log_in.php" method="post">
Email:<br />
<input name="email" type="text" /><br /><br />
Password:<br />
<input name="password" type="password" /><br /><br />
<input name="myBtn" type="submit" value="Log In" />
</form>

Hi can someone pls help, im tryin a tutorial but keep getting errors, this is the first one i get after registering.

You Are Registered And Can Now Login
Warning: Cannot modify header information - headers already sent by (output started at /home/aretheyh/public_html/nealeweb.com/regcheck.php:43) in /home/aretheyh/public_html/nealeweb.com/regcheck.php on line 46

Code: [Select]
<?php

session_start();
if(!session_is_registered(myusername)){
header("location:./default.php");
}

?>

My session works fine but I am just wondering how I can echo the current sessions username?

Thanks

Hello

I keep having this issue with sessions.

I have an login feature on my website that uses sessions.

When i do like this:

1. Login
2. close browser
3. open browser again
4. try to log in

It fails, actually nothing happens, so I manually need to go to logout.php to reset and then I can log in again.

Why is this happening and how do i solve it?

Hi People, I am on a deadline and finding that my code does not work in php5 and I have to change it to work. Just wonder if anyone can spot the obvious within my code. This all worked in php4 but now I have to rewrite it. Basically its a little order system.



<?
include("inc/connect.php");

// Continue start session.
// We need to first check to see if an item with the SID and cat and product_code exists in the database, 
// if it does then we need to update that item, if not then we need to add the item

// clean out any malicious data
 foreach ($_REQUEST as $k => $v) {
 $_REQUEST[$k] = (get_magic_quotes_gpc() ? strip_tags($v) : strip_tags(addslashes($v)));
 }

session_start();
{

$sql = "SELECT * FROM orders WHERE sid = '$PHPSESSID' AND product_id = '$product_id' "; 
$sql_result = mysql_query($sql); 

if (mysql_num_rows($sql_result) ==0)
{
        # setup SQL statement
        $SQL = " INSERT INTO orders (sid,product_id,product_title,qty,standard_price,deluxe_price) VALUES ('$PHPSESSID','$product_id','$product_title','$qty','$standard_price','$deluxe_price')";

        #execute SQL statement
        $result = mysql_db_query( azflowers,"$SQL",$connection );

        # check for error
        if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n");    }
}
else
{
      # setup SQL statement
        $SQL = " UPDATE orders SET qty = qty +1 WHERE sid = '$PHPSESSID' AND product_id = '$product_id' ";

        #execute SQL statement
        $result = mysql_db_query( azflowers,"$SQL",$connection );

        # check for error
        if (!$result) { echo("ERROR: " . mysql_error() . "\n$SQL\n");    }
}

header("Location: http://www.site.com/site/cart.php?sid=$PHPSESSID");
exit;
}
?>

This is weird.  I thought session_destroy erased your session id:

echo "session is ".session_id();
session_destroy();
echo "<br>session now is ".session_id();

When I run it i get:
Code: [Select]
session is mkqb0m49ktbtt1g34r6e67g012
session now is
But when I reload the page I get the same thing!
Code: [Select]
session is mkqb0m49ktbtt1g34r6e67g012
session now is
If session_id was destroyed (it echoed blank to prove this) why does it get repopultaed with the same session id when I reload the browser?

Why is my SESSION not getting set in the code below?!

Code: [Select]
<?php
// Initialize a session.
session_start();

// Initialize Logged-In Status.
$_SESSION['loggedIn'] = FALSE;

// Display Logged-In Status.
echo '<p>$_SESSION[\'loggedIn\'] = ' . $_SESSION['loggedIn'] . '</p>';

exit();

When I run this I get...

$_SESSION['loggedIn'] =


Debbie

Hello,

I am interested in how the php can recognise a certain session when everytime i start session new id is created. For example i made this small script:


session_start();


if( isset( $_SESSION['test'] ) )
{
echo "test is set";
}
else
{
$_SESSION['test'] = 'test';
echo "test is not set";
}



My browser is closed. All files from /tmp folder where php default sessions files are stored in wamp are deleted.
So i start the browser and it of course echoes "test is not set", then i check the folder and new session file is created. I then refresh the page and it normally echoes "test is set" but no new session files are created in /tmp folder.

So now i close the browser and start it again. New file is created in /tmp although i used same browser. Now this new file has a different name than one previously created. So this time again it says "test it not set" and when i refresh the page it says "test is set"
so my question is what logic is used by php to determine from which session file in /tmp folder to load session on page refresh when it creates a new id every time session is started ( browser opened ) even though the browser and ip are same.


Thanks