php session handling

phpnewguy

I have a simple login page which passess username and password to a php script. I am using php 5.0.4, mysql 4.1.12, apache 2.0.54. I get these warning messages when the form variables get passed to my php script

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /opt/lampp/htdocs/xampp/phplogin3.php:38) in /opt/lampp/htdocs/xampp/phplogin3.php on line 48

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /opt/lampp/htdocs/xampp/phplogin3.php:38) in /opt/lampp/htdocs/xampp/phplogin3.php on line 48
Success!

The variables i passed are passing fine, I echo'd them to check.

My php script I am using is here;

<?PHP
//check that the user is calling the page from the login form and not accessing it directly
//and redirect back to the login form if necessary
if (!isset($username) || !isset($password)) {
header( "Location: http://localhost/xampp/userlogin.php" );
}
//check that the form fields are not empty, and redirect back to the login page if they are
elseif (empty($username) || empty($password)) {
header( "Location: http://localhost/xampp/userlogin.php" );
}
else{

//convert the field values to simple variables

//add slashes to the username and md5() the password
$user = addslashes($POST['username']);
$pass = md5($POST['password']);

//set the database connection variables

$dbHost = "localhost";
$dbUser = "root";
$dbPass = "";
$dbDatabase = "esa";

//connet to the database

$db = mysql_connect("$dbHost", "$dbUser", "$dbPass") or die ("Error connecting to database.");

mysql_select_db("$dbDatabase", $db) or die ("Couldn't select the database.");

$result=mysql_query("SELECT * FROM user where username='$user' ", $db);

//AND password='$pass'

echo $user;
echo $pass;
//check that at least one row was returned

$rowCheck = mysql_num_rows($result);
if($rowCheck > 0){
while($row = mysql_fetch_array($result)){

//start the session and register a variable

session_start();
session_register('username');

//successful login code will go here...
echo 'Success!';

//we will redirect the user to another page where we will make sure they're logged in
//header( "Location: checkLogin.php" );

}

}
else {

//if nothing is returned by the query, unsuccessful login code goes here...

echo 'Incorrect login name or password. Please try again.';
}
}
?>

My Php Session Variable settings are here;

session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 1 1

What do i need to change or do here in order to get rid of those warnings? What really is happening when I get those warnings? Thanks in advance for any insight anyone can give me. It is appreciated.

thorpe

session_start() needs to be called at the top of your script, before any headers are sent to the client.

The variables i passed are passing fine, I echo'd them to check.

in fact it might be just these echo() statements that are causing your problems.

phpnewguy

I moved the session_start() to be the first thing in the script and it worked great with no warning messages. Thank you very much for your reply and the time you gave, it is greatly appreciated. I wish you success in all avenues of your life.