|
PHP - Session Start - Headers Already Sent. What Am I Doing Wrong?
I'm trying to start a session in a simple php file.
Here's *all* the code:
Here's the URL: Similar TutorialsI am trying to create an index page which contains registration and login field the problem that i get is on successful login a warning is displayed session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\Eventz.com\index.php:116) in C:\xampp\htdocs\Eventz.com\index.php on line 235 This is the login part of my index.php this tag is inside an html table below the login form I also have a registration form and its php code above the login form Code: [Select] <?php if (isset($_REQUEST['pass'])) { $id=$_POST['id']; $pass=$_POST['pass']; $conn =mysql_connect("localhost","root",""); if (!$conn) { die('Could not connect: ' . mysql_error()); } /* checking connection....success! */ $e=mysql_select_db('test', $conn); if(!$e) { die(''.mysql_error()); } else { echo 'database selected successfully'; } if (isset($_REQUEST['id']) || (isset($_REQUEST['pass']))) { if($_REQUEST['id'] == "" || $_REQUEST['pass']=="") { echo "login fields cannot be empty"; } else { $sql=mysql_query("Select email,password from login where email='$id' AND password='$pass'"); $count=mysql_num_rows($sql); if($count==1) /* $count checks if username and password are in same row */ { session_start(); $_SESSION['id']=$id; echo "</br>Login Successful</br>"; } else { echo "</br>invalid</br>"; echo "please try to login again</br>"; } } } } ?> Any help or suggestion would be appreciated Hi Everyone I am having a few issues with my website. I have developed in on my xampp local host and it works ok but when I upload the files and try to renew a membership using stripe I get the following messages. Warning: session_start(): Cannot start session when headers already sent in /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/inc/settings.php on line 2 Warning: Cannot modify header information - headers already sent by (output started at /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/procedures/payments/charge.php:1) in /customers/a/d/f/mywebsite.co.uk/httpd.www/mywebsite/procedures/payments/charge.php on line 141 I have some includes that appear on every page. This is the bootstrap.php file. This file holds the settings.php which connects to my database and other function files. In this settings page I call the session_start() php function and then connect to my database. I call the bootstrap.php file on every page to there for call the session_start() on every page. I am using sessions alot so is this the right thing to do? I have attached the renew_membership payment page which holds the form. The user fills out the payment page and the form data gets sent to a script called charge.php which uses the stripe objects to make the payment. I then want to do a redirect to the paymentSuccess.php page to output to the user that the payment was made successfully. This is where the issues arrise. I have split the charge file into 3 screen shots so it is more readable. Hope someone can help me. Thanks a lot David
Edited April 26 by Irish_Dave I am having trouble resolving an error. Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/s519970/public_html/header.php:27) in /home/s519970/public_html/admin/login.php on line 2 What I can gather is I can't use "header (Location: 'admin.php')" after i've used session_start(). I have tried to replace the header (Location: 'admin.php') with this: echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; I've been trying to read up on solutions but haven't been able to get it sorted. If anyone can offer some advice that would be greatly appreciated as im new to php. Code: [Select] <?php session_start(); if(isset($_SESSION['user'])) echo "<script>document.location.href='admin.php'</script>"; echo "<script>'Content-type: application/octet-stream'</script>"; ?> <div id="loginform"> <form action="dologin.php" method="post"> <table> <tr> <td><span>Username:</span></td> <td><input type="text" name="username" /></td> </tr> <tr> <td><span>Password:</span></td> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" align="right"><input type="submit" name="login" value="Login" /></td> </tr> </table> </form> </div> I have tried using require_once('yourpage.php'); before my <head></head> tags in the header document where I've specified the html information but this doesn't seem to work. I've been advised to use ob_start("ob_gzhandler"); but I am not sure how to implement this. Any advice is greatly appreciated! in this page http://maximaart.com/newscp/ i have this problem Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/maximasy/public_html/newscp/index.php:1) in /home/maximasy/public_html/newscp/index.php on line 2 my source code is <?php session_start(); include_once("config.php"); include_once("functions.php"); $errorMessage = ''; if (isset($_POST['txtUserId']) && isset($_POST['txtPassword'])) { if ($_POST['txtUserId'] === "$user" && $_POST['txtPassword'] === "$pass") { // the user id and password match, $_SESSION['basic_is_logged_in'] = true; require("main.php"); exit;?> Simple question. How do I redirect the header location on a session page. I thought I could go a different direction, but now I'm back to this one. I tried just adding header("Location: newpage.php") at the end of a query insert, but it gave me the warning that it can't modify the head. But I need the page to redirect after the query is done. Thoughts? I am confused why I am getting the following error and was wondering if I could get a 2nd pair of eyes.. error: [29-Jul-2010 20:58:01] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent in /home/curren11/public_html/mysite***.com/file_monitor.php on line 2 [29-Jul-2010 20:58:01] PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/curren11/public_html/mysite***.com/file_monitor.php:2) in /home/curren11/public_html/mysite***.com/file_monitor.php on line 2 Here is the code: <?php session_start(); $root_path = realpath(getcwd()); $error_monitor_file = $root_path.'/file_modify.txt'; $hour = date("H"); $today = date("m-d-Y"); $myFile2 = "file_monitor.php.log"; $fh3 = fopen($myFile2, 'a'); $log_msg = "Last ran on: ".$today." at: ".$hour." \n"; fwrite($fh3, $log_msg); function scan_dir($path) { $out = array(); $files = opendir($path); while ($f = readdir($files)) { $extension = substr($f,-3); if ($f=='.' or $f=='..' or $extension=='jpg' or $extension=='JPG' or $extension=='png' or $extension=='gif' or $f=='file_monitor.php' or $f=='file_modify.txt' or $f=='file_monitor.php.log' or $f =='error_log' ) { continue; } if (is_dir($path.'/'.$f)) { $out = array_merge($out, scan_dir($path.'/'.$f)); } //if (((!is_dir($path.'/'.$f)) && ($f!='.' or $f!='..' or $extension!='jpg' or $extension!='JPG' or $extension!='png' or $extension!='gif')) else // { $out[] = $path. '/'. $f; //} } $_SESSION['all_files'] = $out; return $out; } $a = scan_dir(getcwd()); $count_array = count($_SESSION['all_files']); $loop_count=0; while($loop_count < $count_array) { // file in directory when was it last changed ? $filechange1 = date("m-d-Y-H", filemtime($_SESSION['all_files'][$loop_count])); // was it chnaged today and have I sent out an alert yet? if($filechange1 == $today."-".$hour) { $fh2 = fopen($error_monitor_file, 'a'); fwrite($fh2, "\n alert, file: ".$_SESSION['all_files'][$loop_count]." was changed today within the last hour ! \n"); fclose($fh2); } $loop_count ++; // log file? was it changed this past hour? if (file_exists($error_monitor_file)) { $filechange_log = date("m-d-Y-H", filemtime($error_monitor_file)); if ( ($loop_count == $count_array ) && ($filechange_log == $today."-".$hour ) ) { email(); } } } // function for email... function email() { require_once ('class.phpmailer.php'); $mail = new PHPMailer(); $mail->IsSMTP(); // send via SMTP $mail->Host = "localhost"; // SMTP servers $mail->SMTPAuth = true; // turn on SMTP authentication $mail->Username = "**c66@***ar.com"; // SMTP username $mail->Password = "*****"; // SMTP password $mail->From = "***@***.com"; $mail->FromName = "Colonial Cottage File Changed"; $mail->AddAddress("email@*****.com"); $mail->WordWrap = 50; // set word wrap //$mail->AddAttachment("/var/tmp/file.tar.gz"); // attachment //$mail->AddAttachment("/tmp/image.jpg", "new.jpg"); $mail->IsHTML(true); // send as HTML $mail->Subject ="Unauthorized file changed today!"; $mail->Body = "" ; $mail->AltBody = "This is the text-only body"; if(!$mail->Send()) { exit(); } } if ((file_exists($error_monitor_file)) && $hour == "00") { unlink($error_monitor_file); } fclose($fh3); exit(); ?> Hi all, I wrote a download script for some protected files a little while back. And on the whole, its works pretty well but occasionally, zip files will not completely download and will end up corrupted. It happens more with bigger files but that i'm guessing is due to the fact it takes longer to download them? I've searched intensively on Google for the past few days and implemented a few new ideas, which hasn't made a difference. Its annoying, in the fact you can try the same file a few times over and it'll download 8 out of 10 times no problem. I even added in the apachesentenv after a recommendation, as the rest of my site is gzip php'd. But that hasn't worked either. Part of the code as follows: apache_setenv('no-gzip', '1'); // if file exists and user access granted: // define the path to your download folder plus assign the file name $path .= $filename; // check that file exists and is readable if (file_exists($path) && is_readable($path)) { // get the file size and send the http headers $size = filesize($path); // required for IE, otherwise Content-disposition is ignored if(ini_get('zlib.output_compression')) ini_set('zlib.output_compression', 'Off'); //content type switch(strtolower(substr(strrchr($filename,'.'),1))) { case "pdf": $mime="application/pdf"; break; case "mp3": $mime="audio/x-mp3"; break; case "zip": $mime="application/zip"; break; case "rar": $mime="application/zip"; break; case "tar": $mime="application/zip"; break; case "sit": $mime="application/zip"; break; case "doc": $mime="application/msword"; break; case "xls": $mime="application/vnd.ms-excel"; break; case "ppt": $mime="application/vnd.ms-powerpoint"; break; case "gif": $mime="image/gif"; break; case "png": $mime="image/png"; break; case "jpeg":$mime="image/jpg"; break; case "jpg": $mime="image/jpg"; break; default: $mime="application/force-download"; } header("Cache-Control: public"); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Description: File Transfer"); header("Content-Type: " .$mime); header("Content-Disposition: attachment; filename=\"{$filename}\""); header('Content-Transfer-Encoding: binary'); header('Content-Length: ' . filesize($path)); readfile("$path"); if($logging == 1){ $status = "Granted"; include('logit.php'); } exit; } Live http Headers in Firefox displays the following upon clicking a download: http://www.website.com/filedownload.php?file=12 GET /filedownload.php?file=12 HTTP/1.1 Host: www.website.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 ( .NET CLR 3.5.30729) Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-gb,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.website.com/downloads.php Cookie: __utma=100661891.2064943237.1286446219.1290502952.1290505322.70; __utmz=100661891.1290502952.69.8.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=lighthouse%20cjpro; __utmc=100661891; __utmb=100661891.43.10.1290505322; PHPSESSID=8aadcc17930b9e146f103f180f30f470 HTTP/1.1 200 OK Date: Tue, 23 Nov 2010 11:22:13 GMT Server: Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635 PHP/5.2.12 X-Powered-By: PHP/5.2.12 Expires: 0 Cache-Control: must-revalidate, post-check=0, pre-check=0 Pragma: public Content-Description: File Transfer Content-Disposition: attachment; filename="Version_5_Software.zip" Content-Transfer-Encoding: binary Content-Length: 62654423 Keep-Alive: timeout=2, max=100 Connection: Keep-Alive Content-Type: application/zip ---------------------------------------------------------- Are my headers wrong? or in the incorrect order? If not, any ideas? I'm a bit stumped! Thanks for taking the time to read my query. I have issues with a user being logged in and staying logged in, When logging in I create these $_SESSION variables
Array
(
[usr_login] => username
[usr_fname] => first
[usr_lname] => last
[usr_email] => email
[ses_usrid] => 1
[loggdin] => Yes
[loginremember] =>
)
And after login it looks great till I refresh the page or go anywhere else on the site. All variables above are gone. Consequently, this works with no issues on the prod server, just not on my machine. Code I've been playing with since it started, specifically the setting of the cookie. (this code runs before anything else)
// =================================================================
// Sesssion start
// =================================================================
session_set_cookie_params(
0,
"/; SameSite=Strict",
".killgorack.com",
true,
true
);
session_start();
// =================================================================
// Security stuff
// =================================================================
header("strict-transport-security: max-age=31536000");
header('X-Frame-Options: sameorigin');
header("X-XSS-Protection: 1; mode=block");
header('X-Content-Type-Options: nosniff');
header("Content-Security-Policy: default-src BLA BLA BLA ");
header("Feature-Policy: vibrate 'none'");
header("Referrer-Policy: no-referrer");
header("Access-Control-Allow-Origin: https://www.MYWEBSITE.com/");
header("Expect-CT: max-age=86400, enforce");
header_remove("X-Powered-By");
// =================================================================
Any ideas? Edited May 19, 2019 by KillGorackHi all, I have a session problem on my development site. Whenever I go to my login screen at www.mydomain.com/my/path/index.php, i get the following error messages: Quote Warning: session_start() [function.session-start]: open(/tmp/sess_f89c3850adf5a752b13f5c6b9022d8c4, O_RDWR) failed: Permission denied (13) in /home/account/public_html/shop_lite/admin/index.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/account/public_html/shop_lite/admin/index.php:2) in /home/account/public_html/shop_lite/admin/index.php on line 2 However, when I go to mydomain.com/my/path/index.php, the error messages aren't there. I am very confused. We don't have an SSL (which google suggested it could be) or any whitespace between the opening php tag. I have chmoded the /tmp directory to 777 but to no avail. Any ideas? My opening code is below: Code: [Select] <?php session_start(); require_once("includes/db_connector.php"); include("includes/cms_class.php"); include("includes/login_class.php"); loginForwarder(); $issue = checkLoginIssue(); if (isset($_POST["login"])) { loginUser($_POST["email"], $_POST["password"]); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/my_template.dwt.php" codeOutsideHTMLIsLocked="false" --> Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/hedgehog/public_html/class/class.phpmailer.php:3005) in /home/hedgehog/public_html/admin/class/authenticate.class.php on line 15 I own a website, www.gpstudios.com Some time ago I started recieiving this error after posting comments on the playgame page/news page. Try posting comments yourself on this game: http://www.gpstudios.com/playgame.php?gameid=324 I have attached a picture of the error. Unfortunately, I have no idea when this bug appeared. It must have happened a while ago, but I never noticed. Anyone know how or why I am getting this bug? Because I'm unsure as to where/when the error occurred, I cannot supply the code. Sorry for the lack of details, but I'm hoping someone will understand this error a little better than me :S Thanks, -Tom I keep having the same problem when i run my script on the server. the error is Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/alliapop/public_html/ekloges2010/ekloges2010/eisagogi.php:1) in /home/alliapop/public_html/ekloges2010/ekloges2010/includes/session.php on line 1I know i have to put session start at he very first line and i did but the problem keeps showing up. What else should i check? hey guys, Im trying to register a session from a login im making and for some reason its not working. here is my code: <?php session_start(); if(isset($_POST['username'])){ $username = $_POST['username']; //name of the text field for usernames $password = $_POST['password']; //likewise here just for the password //connect to the db $user = 'root'; $pswd = ''; $db = 'chat'; $conn = mysql_connect('localhost', $user, $pswd); mysql_select_db($db, $conn); //run the query to search for the username and password the match $query = "SELECT * FROM users WHERE username = '$username' AND password ='$password'"; $result = mysql_query($query) or die("Unable to verify user because : " . mysql_error()); //this is where the actual verification happens if(mysql_num_rows($result) == 1){ //the username and password match //so e set the session to true $_SESSION['username'] = $username; $_SESSION['uID'] = $result['user_id']; //$_SESSION['email'] = $result['email']; //and then move them to the index page or the page to which they need to go header('Location: index.php'); }else{ $err = 'Incorrect username / password.' ; } //then just above your login form or where ever you want the error to be displayed you just put in echo $err; } else ?> Im trying to make it so it also gets the user_id of the user logging in and creates a session for it. It works for the username part, and Im able to echo the username im logged in with, but for some reason it does want to work for the user_id part. This is what doesnt register $_SESSION['uID'] = $result['user_id']; Thanks for the upcoming help. I have several pages on my site using the exact same code at the very top, which works fine except for one page: <?php include_once("../members/dbinfo.php"); The top of dbinfo looks like this: <?php session_start(); And then the connection strings for the database However it is giving me this error on this one page: Quote Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\Inetpub\WebSites\premierathome_com\products\FrenchTalkingDictionary.php:1) in C:\Inetpub\WebSites\premierathome_com\members\dbinfo.php on line 1 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\Inetpub\WebSites\premierathome_com\products\FrenchTalkingDictionary.php:1) in C:\Inetpub\WebSites\premierathome_com\members\dbinfo.php on line 1 Now the session does actually start and doesn't prevent anything from working, I just get those messages. I'm at a loss as to why a different page with the exact same code, save for searching the database for a different product version would have this problem. I have had this code in place as well which works fine on other pages but doesn't help my problem at all: if(!isset($_SESSION['OK'])){ session_start(); } OK being a variable I set up during log in. I'm at a loss, is anyone able to help me out with this? hi everyone. i'm wondering what the best way is to create a session variable and pass it to an iframe. i need to do something along these lines, but it doesn't seem to pass the ID. Any hints on how i should accomplish this? Code: [Select] session_start(); $_SESSION['ID']=$_GET['ID']; // id from previous page $ID=session_id(); <iframe src="iframepage.php?ID=<?php echo $ID; ?>" style="width:680px; height:200px;" noresize="noresize" frameborder="0" border="0" scrolling="Yes" allowtransparency="true" /> </iframe> I'm making a simple login system with MySQL and PHP (very simple, I'm just starting with PHP). The MySQL portion is done, but I need to ensure only people who are logged in can see certain content. To check if people are logged in, my website checks that they have the $_SESSION['user'] variable set. If it is set, then it lets them continue through the website, if not, it tells them to login. Is that enough security, or can people simply inject a session cookie into their browser to spoof that they are logged in? My idea was to generate a session key cookie when they login (just a random string of letters and numbers) and store that in the database, then on every page, check to make sure their session key is the same thing that's in the database. Is this necessary? It seems expensive. I am querying... $sql = "SELECT `messages_inbox`.`message_id`, `users`.`firstname`, `users`.`lastname`, `users`.`username` AS `from`, '${user_info['username']}' AS `to`, `subject`, LENGTH(`files`) AS `len`, 'inbox' AS `box`, DATE_FORMAT(`messages_inbox`.`time` ,'%T %D-%M-%Y') AS `time` "; $sql .= "FROM `messages_inbox` INNER JOIN `users` ON `messages_inbox`.`from_id` = `users`.`id` WHERE `to_id` = ${user_info['uid']} AND `messages_inbox`.`deleted` = 0 ORDER BY `messages_inbox`.`message_id` DESC"; and I am trying to output $displayName = ucwords("${message['firstname']} ${message['lastname']}"); by using $messages = pm_fetch_all($_GET['box']); I know my fetch works but for some reason firstname and lastname are only returning the logged in users first name and last name, not the person who sent the message. Evening! I've been iffing and ahhing over this and well im not too sure, hence the post. Code: [Select] // Redirects if there is no session id selected and echos the error on the previous page if(!isset($_GET['get']) || ($_GET['getget'])){ header("Location: #.php?error"); } So it should simply check if get is set if it isnt then see if getget is set? If not redirect and show the error. Now ive tried it and even when get/getget is set it still redirects, probably something silly. Care to share anyone? Harry. Just curious how other people feel about this. I am working on an application where a lot of info is pulled from MySQL and needed on multiple pages.
Would it make more sense to...
1. Pull all data ONCE and store it in SESSION variables to use on other pages
2. Pull the data from the database on each new page that needs it
I assume the preferred method is #1, but maybe there is some downside to using SESSION variables "too much"?
Side question that's kind of related: As far as URLs, is it preferable to have data stored in them (i.e. domain.com/somepage.php?somedata=something&otherdata=thisdata) or use SESSION variables to store that data so the URLs can stay general/clean (i.e. domain.com/somepage.php)?
Both are probably loaded questions but any possible insight would be appreciated.
Thanks!
Greg
Edited by galvin, 04 November 2014 - 10:30 AM. |
|||||||