Login page, session issues

[Jerm993]

I am in the process of building a web application that requires php, when I don’t have much knowledge of php myself(I like a good challenge). I have followed a premium tutorial on how to build a log-in system found on nettuts. However, upon trying to log in as a user this error message pops up in my error log on my server.
“
[19-Aug-2011 19:30:06] PHP Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at /home/y059riaj/public_html/facetweeter.com/header.php:10) in /home/y059riaj/public_html/facetweeter.com/header.php on line 15

[19-Aug-2011 19:30:06] PHP Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at /home/y059riaj/public_html/facetweeter.com/header.php:10) in /home/y059riaj/public_html/facetweeter.com/header.php on line 15
“
I honestly have no idea what it means. here is the login code, code from line 15, and the blocked page.

login

require ('./functions.php');

// Has the user submitted the form

if($_POST){

// Protect the submitted data

$username = protect($_POST);

$password = protect($_POST);



// Check if the username or password boxes were not filled in

if(!$username || !$password){

//if not display an error message

echo "You need to fill in a Username and a Password!";

}else{

// if they were continue checking



// select all rows from the table where the username matches the one entered by the user

$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."'");

$num = mysql_num_rows($res);



// check if there was not a username match

if($num == 0){

//if not display an error message

echo "The Username you supplied does not exist!";

}else{

// if there was a match continue checking



// select all rows where the username and password match the ones submitted by the user

$res = mysql_query("SELECT * FROM `users` WHERE `username` = '".$username."' AND `password` = '".$password."'");

$num = mysql_num_rows($res);



// check if there was not a match

if($num == 0){

// if not display error message

echo "The Password you supplied does not match the one for that username!";

}else{

// if there was continue checking



// split all fields fom the correct row into an associative array

$row = mysql_fetch_assoc($res);



// check to see if the user has not activated their account yet

if($row != 1){

//if not display error message

echo "You have not yet Activated your account!";

}else{

// if they have log them in



// set the login session storing there id - we use this to see if they are logged in or not

$_SESSION = $row;



// update the online field to 50 seconds into the future

$time = date('U')+50;

mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION."'");



//redirect them to the usersonline page

echo '';

}

}

}

}

}



?>

line 15 -header.php

//allow sessions to be passed so we can see if the user is logged in

session_start();



//connect to the database so we can check, edit, or insert data to our users table

$con = mysql_connect('localhost', 'user', 'pass') or die(mysql_error('Could not connect.'));

$db = mysql_select_db('y059riaj_ft', $con) or die(mysql_error('Could not connect to db.'));



//include login.php

//require ("./login.php");



?> 

Main_page.php

	


//if the login session does not exist therefore meaning the user is not logged in

if(!$_SESSION){

//display and error message

echo '';

}else{

//otherwise continue the page



//this is out update script which should be used in each page to update the users online time

$time = date('U')+50;

$update = mysql_query("UPDATE `users` SET `online` = '".$time."' WHERE `id` = '".$_SESSION."'");

?>

Most of the code is identical to the code found in the tutorial, although some of it is spread out. For instance, the login can be found at the top of almost all pages, I set the login action to login.php; however, the form is in the header.php file. Thanks for the help this PHP noobie needs it!

– Jeremy Carlsten

[djpic]

This error means you have already outputted echo or printed data out the the browser. The session_start() must precede ANY output to the browser.

P.S.
Google is your friend. If you would have googled “Cannot send session cookie – headers already sent by” you would have found the answer right away.

[djpic]

Also, I normally use:

header('Location: http://websitehere.com/logout.php');

When I am trying to redirect someone in PHP say for a bad login.

[Historical Forums User]

Try putting

at the top of your page before any other PHP – it will clear any headers already sent so you’ll be able to redirect.

[Author]

Posts