[Jk92]

Hi. I have just created a PHP file in dreamweaver, which connects to my SQL database.

The problem I am having is when I log in, and the following errors appear:

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at /home/jk92/public_html/checklogin.php:6) in /home/jk92/public_html/checklogin.php on line 36

Warning: Cannot modify header information - headers already sent by (output started at /home/jk92/public_html/checklogin.php:6) in /home/jk92/public_html/checklogin.php on line 38

The HTML/PHP code that I am using is as follows:

HTML Code:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="style.css" rel="stylesheet" type="text/css" /><?php
$host="localhost"; // Host name
$username="jk92_Admin"; // Mysql username
$password="*****"; // Mysql password
$db_name="jk92_DB"; // Database name
$tbl_name="members1"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from form
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername"); 
session_register("mypassword");
header("location:login_success.php");
}
else {
echo "Wrong Username or Password";
}
?>
</head>

<body>
</body>
</html>

Sorry if this has been answered before. I have looked for a solution in the forums but could not fully understand how to fix this.

P.S - This is my first time using PHP.

Thanks.

[danvds3]

I've had a shot at it, fixing some bits here and there. Let's hope it works

PHP Code:

<?php

if ($_SESSION["myusername"] == null) {

    $_SESSION["myusername"] = false; }



$host="localhost"; // Host name

$username="jk92_Admin"; // Mysql username

$password="*****"; // Mysql password

$db_name="jk92_DB"; // Database name

$tbl_name="members1"; // Table name



// Connect to server and select databse.

mysql_connect($host, $username, $password)or die("Cannot Connect for Reason:".mysql_error());

mysql_select_db("$db_name")or die("Cannot Select DB for Reason:".mysql_error());



// username and password sent from form

$myusername=$_POST['myusername'];

$mypassword=$_POST['mypassword'];



// To protect MySQL injection

$myusername = stripslashes($myusername);

$mypassword = stripslashes($mypassword);

$myusername = mysql_real_escape_string($myusername);

$mypassword = mysql_real_escape_string($mypassword);



// Ending the quotes and using periods (.) lol- adds stuff to the variable, so "bob"."cheese" == "bobcheese"

$sql="SELECT * FROM `".$tbl_name."` WHERE username='".$myusername."' and password='".$mypassword."'";

$result=mysql_query($sql);



// Mysql_num_row is counting table row

$count=mysql_num_rows($result);

// If result matched $myusername and $mypassword, table row must be 1 row



if($count==1){

// Register $myusername, $mypassword and redirect to file "login_success.php"

session_start();

$_SESSION["myusername"] = $myusername;

$_SESSION["mypassword"] = $mypassword; // While this is still unsafe, it's just a little login script test isn't it? We'll talk about security later =P

header("location:login_success.php");

}

else {

header('refresh: 5; url=./login_fail.php');

die("Wrong Username or Password. Redirecting..."); // To prevent evil people manipulating the page, kill the script using die.

}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Untitled Document</title>

<link href="style.css" rel="stylesheet" type="text/css" />



</head>



<body>

</body>

</html>

-_- I had to register on here to post, Humph! hehe jokin,

Dan.

[job0107]

If I might make a suggestion:
I don't think you need any HTML in this page because you are redirecting them no matter what.

PHP Code:

<?php
session_start();
// Sanitize $_POST['myusername'] and $_POST['mypassword'] before loading into session variables to protect from MySQL injection
$_SESSION["myusername"]=!empty($_POST['myusername'])?mysql_real_escape_string(stripslashes($_POST['myusername'])):"";
$_SESSION["mypassword"]=!empty($_POST['mypassword'])?mysql_real_escape_string(stripslashes($_POST['mypassword'])):"";

// Load database variables, connect to server and select a database
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name
mysql_connect($host, $username, $password)or die("Cannot Connect for Reason:".mysql_error());
mysql_select_db("$db_name")or die("Cannot Select DB for Reason:".mysql_error());

// Run query
$result=mysql_query("SELECT username FROM $tbl_name WHERE username='".$_SESSION["myusername"]."' AND password='".$_SESSION["mypassword"]."'");

// Check for return of single record and direct to login_success.php
if(mysql_num_rows($result)==1){header("location:login_success.php");}
else{
// On login falier, unset session variables if not needed and redirect
unset($_SESSION["myusername"]); // Optional if return value not needed or wanted
unset($_SESSION["mypassword"]); // Optional if return value not needed or wanted
header('refresh: 5; url=./login_fail.php');
die("Wrong Username or Password. Redirecting..."); // To prevent evil people manipulating the page, kill the script using die.
}
?>

This should speed up your code some.

[Jk92]

Hey guys.

Thanks for the quick replies.

The code works a treat .

Really appreciate the help.

Thanks again .

- Jordan