Jump to content

Authentication and Security!


plesh

Recommended Posts

Hello all, Im using xampp for my university project and come across some frustrating and time consuming errors!I have created 3 pageslogin.php > entering username + passwordloginAction.php > action script to transfer you to loggeon.php if you authorised, or bak to login.php if you fail authorisation.admin.php > if you are found in Users SQL table you are transferred to this page.ERRORSLOGIN.PHPI have 2 errors on the pageWarning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at H:\xampplite\htdocs\eShop\tester\test\login.php:2) in H:\xampplite\htdocs\eShop\tester\test\login.php on line 4Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at H:\xampplite\htdocs\eShop\tester\test\login.php:2) in H:\xampplite\htdocs\eShop\tester\test\login.php on line 4session_start() should be before the HTML tags which they are so im confused alreadyLOGINACTION.PHPI get this error Warning: Cannot modify header information - headers already sent by (output started at H:\xampplite\htdocs\eShop\tester\test\loginAction.php:2) in H:\xampplite\htdocs\eShop\tester\test\loginAction.php on line 25header again is before the HTML tagIm really stuck >_<, I have tried lots of different things hopefully someone will have an ideaRegards Alex

Link to comment
Share on other sites

And the code is where???I am guessing that there is a Header or something being sent to the browser and the parser is complaining that the headers have already been sent. NOTHING can be sent before the headers, not even a blank space.Post your code and let us have a look.

Link to comment
Share on other sites

And the code is where???I am guessing that there is a Header or something being sent to the browser and the parser is complaining that the headers have already been sent. NOTHING can be sent before the headers, not even a blank space.Post your code and let us have a look.
Right its now Partially working, if i try to login it says theres errors on the loginAction.php but when i press back on the browser it takes me to the admin.php page which it has never done before! I can reach this admin page by loading up login.php now, because i think theres still a cookie! :S but i cant never directly login!heres the code forLOGIN.PHP<?php//Start-so-we-can-use-session-variablessession_start();//Check-if-we-have-already-created-a-authenticated-sessionif(isset($_SESSION["authenticatedUser"])){$_SESSION["message"]="You are already logged in as".$_SESSION['authenticatedUser'];//Redirect-to-loginheader("Location:admin.php");}//No-session-established,-no-POST-variables//Display-the-login-page?><!DOCTYPE HTML PUBLIC"-//W3C//DTD HTML 4.0 Transitional//EN""http://www.w3.org/TR/html4/loose.dtd" ><html><head><title>Film Login Page</title></head> <body> <h2 align="center">Login Page (<a href="login.phps" target="_blank">source</a> + loginaction <a href="loginaction.phps" target="_blank">source</a>) </h2><p align="left"><?php//Include-the-formatted-error-messageif (isset($_SESSION['message']))echo "<h3><font color=red>".$_SESSION['message']."</font></h3>";//Generate-the-login-<form>-layout?></p><table width="55%" border="0"> <tr> <td height="77" valign="top"> <form method="post" action="loginAction.php"> <table width="401" border="0" cellpadding="1" cellspacing="0"> <!--DWLayoutTable--> <tr> <td width="191">User-name:</td> <td width="201"><input type="text" size=10 maxlength=10 name="formUsername"></td> </tr> <tr> <td>Password:</td> <td><input type="password" size=10 maxlength=10 name="formPassword"></td> <td width="3"></td> </tr> <tr> <td ><!--DWLayoutEmptyCell--> </td> <td><p> <input name="submit" type="submit" value="Log in"> </td> </tr> </table> </form></td> <td> </td> </tr></table><p> </p></body> </html>Heres the code for LOGINACTION.PHP<?phpinclude 'connections.php';//Mainsession_start();//Get-the-data-collected-from-the-user$appUsername=$_POST["formUsername"];$appPassword=$_POST["formPassword"];$query ="SELECT * FROM Users WHERE UserName = '$appUsername' AND Password = '$appPassword' ";$result =mysql_query($query) or die ("Error in query: $query. ".mysql_error());//see-if-any-rows-were-returnedif (mysql_num_rows($result) > 0){$_SESSION["authenticatedUser"] = $appUsername;//Relocate-to-the-logged-in-pageheader("Location:admin.php");}else{$_SESSION["message"] ="Could not connect to Admin as $appUsername ";header("Location:login.php");}mysql_free_result($result);mysql_close($connection);?>The error i get on the loginAction.php is as follows:Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at H:\xampplite\htdocs\eShop\tester\test_WEBCT\connections.php:7) in H:\xampplite\htdocs\eShop\tester\test_WEBCT\loginAction.php on line 4Warning: Cannot modify header information - headers already sent by (output started at H:\xampplite\htdocs\eShop\tester\test_WEBCT\connections.php:7) in H:\xampplite\htdocs\eShop\tester\test_WEBCT\loginAction.php on line 15thanks jlhaslipRegards Alex
Link to comment
Share on other sites

I think your problem is that session_start() HAS to be the very first line of code after your <?php tag. In your code you have it following comments and includes and that might be causeing your header errors trying changing that around and see what happens.

Link to comment
Share on other sites

A lot of people who ask questions here seem to have a hard time reading error messages. The answer is right in front of you.Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at H:\xampplite\htdocs\eShop\tester\test_WEBCT\connections.php:7) in H:\xampplite\htdocs\eShop\tester\test_WEBCT\loginAction.php on line 4Line 7 of the connections.php file is sending output.There is very little guesswork involved with debugging, assuming that you have error messages turned on. If you are guessing, then you aren't understanding the problem.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...