My first login script... doesn't work! Help!

Sharif

Here is my script which took a while (did copy and paste from some tutorials):

<?php
if (!isset($username) || !isset($password)) {
echo 'Please Login!';
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
echo 'You did not specify a username or password';
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($_POST['username']);
$pass = md5($_POST['password']);


//set the database connection variables

$dbHost = "localhost";
$dbUser = "user";
$dbPass = "pw";
$dbDatabase = "db";

//connect to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

//Begin SQL
$result=mysql_query("SELECT username, password FROM staff WHERE username='$user' AND password='$pass'", $db);

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

//start the session and register a variable

session_start();
session_register('username');

//successful login code will go here...
echo 'Login Successfull!';
}

}
else {

//if nothing is returned by the query:

echo 'Incorrect login name or password. Please try again.';
}
}
?>

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/sharif/public_html/staff/login.php:8) in /home/sharif/public_html/staff/login.php on line 56

Where did I mess up? Why do I always mess up 🙁 ?

Moonglobe

you're calling session_start() multiple times with your while loop. start the session higher up, taht might werk.

stolzyboy

you need to call session_start() as the first thing up in your code

Mark

or you could put ob_start(); at the beginning of your code and ob_end_flush(); at the end.

stolzyboy

ob_start() is only really a valid method to suppress header() problems, session_start() should always be the first thing in your code for sessions, the session_register() doesn't necessarily have to be, but it is nice to keep the session stuff together

jassh

well.. i dunno about you guys..

but imho, there's nothing wrong
about putting the session_start() in the middle..
or anywhere..
as long as you dont start it twice

look carefully at his/her code..
what he's trying to do is that..
if the session is ok.. ONLY then start the session..

i guess if you ask em to put the session start
in the beginning of the code..
then, the login would render useless..

anyway shariff dude..
here's some of my opinion..

to be safe.. u should impose the username only to use valid chars..
perhaps by using eregi function, so you dont have to use stripslash in your login..
it is advisable not to use the session_register()
instead, use the superglobal array way..
it's much cooler, and it works swell..
which is $_SESSION['register']
checkout the manual.. http://www.php.net/manual/en/ref.session.php
i alter ur code on the fly..
dunno if it works or not..
you probably have to ammend it a bit..
but hope it gave some basic idea..

<?php

//set the database connection variables

$dbHost = "localhost";
$dbUser = "user";
$dbPass = "pw";
$dbDatabase = "db";


$user = $_POST['text_login']; //from username textfield at the login form
$password = $_POST['text_password']; //from password textfield at the login form

//connect to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");
mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

//Begin SQL
$query = "SELECT password FROM staff WHERE username='$user'";
// to do the above, you got to make sure that username is unique, and no 2 username are alike
// this could be imposed during user user registration...
$result = mysql_db_query($dbDatabase, $query);
$myinfo = mysql_fetch_array($result);
$total_found = mysql_num_rows($result);




if ($total_found == "0") {
	echo "Incorrect login name or password. Please try again."; 


} else {


$my_password = $myinfo['password'];
// the password from ur db, and its md5ed
$md5_password = md5($password);


// validating for a match
if ($md5_password == $my_password) {
	session_start();
	$_SESSION['register'] = $user;
	echo "Login Successfull!";
} else {
	echo "Incorrect login name or password. Please try again.";
}

}


?>

hope that helps...
tell me how it turn out eh..

till then.. take care m8

-jassh