Problem with Login form

cretam

Hi,
I am having a problem with my login.php which checks if the username and password is in the db(in member table) and adds the time the user logs in to a login table. (only loginName and loginTime are fields in this table).
I am not getting any error messages but it doesn't seem to be adding the entry into the login table nor taking me to the member_details page when an authorised user logs in.
Here is my code:

<?php
/* Program: Login.php
   Desc:    Login program for the Members Only section of the 
            skills db. It provides two options: (1) login using an
            existing Login Name and (2) enter a new login name. Login
            Names and passwords are stored in a MySQL database. 
 */
  session_start();                                              

  session_register('auth');                                     

  session_register('logname');

include("Connections/conn.php"); 



  switch (@$do)                                                

  {
    case "login":                                               


  $sql = "SELECT loginName FROM member                      
          WHERE loginName='$fusername'";
  $result = mysql_query($sql)
              or die("Couldn't execute query.");
  $num = mysql_num_rows($result);                           
  if ($num == 1)  // login name was found                      
  {
     $sql = "SELECT loginName FROM member                   
             WHERE loginName='$fusername'
             AND password=password('$fpassword')";
     $result2 = mysql_query($sql)
               or die("Couldn't execute query.");
     $num2 = mysql_num_rows($result2);
     if ($num2 > 0)  // password is correct                 
     {
       $auth="yes";                                         
       $logname=$fusername;                                 
       $today = date("Y-m-d h:m:s");                        
       $sql = "INSERT INTO login (loginName,loginTime)
               VALUES ('$logname','$today')";
       mysql_query($sql) or die("Can't execute query.");
       header("Location: member_details.php");                 
     }
     else    // password is not correct                     
     {
       unset($do);                                          
       $message="The Login Name, '$fusername' exists,       
                 but you have not entered the correct 
                 password! Please try again.<br>";
       include("individual.php");                           
     } 
  }                                                         
  elseif ($num == 0)  // login name not found               
  {   
     unset($do);                                            
     $message = "The Login Name you entered does not 
                 exist! Please try again.<br>";
     include("individual.php");
  }
break;  


 case "new":                                                 

      foreach($HTTP_POST_VARS as $key => $value)                

      {
        if ($key != "fax")                                      

        {
          if ($value == "")                                     

          {
            unset($do);
            $message_new = "Required information is missing. 
                Please try again.";
            include("new_member.php");
            exit();
          }
        }
        if (ereg("{Name)",$key))                                

        {
         if (!ereg("^[A-Za-z' -]{1,50}$",$key)) 
         {
           unset($do);
           $message_new = "$lastName is not a valid name. 
                            Please try again.";
           include("new_member.php");
           exit();
         }
        }
        $$key = strip_tags(trim($value));                       

      }
      if (!ereg("^([0-9]{4,5})$", $zip))            

      {
        unset($do);
        $message_new = "$zip is not a valid zip code. 
                        Please try again.";
        include("new_member.php");
        exit();
      }
      if (!ereg("^[0-9)(xX -]{7,20}$",$phone))                  

      {
        unset($do);
        $message_new = "$phone is not a valid phone number. 
                        Please try again.";
        include("new_member.php");
        exit();
      }
      if ($fax != "")                                          

      {
        if (!ereg("^[0-9)(xX -]{7,20}$",$fax)) 
        {
          unset($do);
          $message_new = "$fax is not a valid phone number. 
                           Please try again.";
          include("new_member.php");
          exit();
        }
      }
      if (!ereg("^.+@.+\\..+$",$email))                       

      {
        unset($do);
        $message_new = "$email is not a valid email address. 
                         Please try again.";
        include("new_member.php");
        exit();
      }
      /* check to see if login name already exists */

  $sql = "SELECT loginName FROM member 
            WHERE loginName='$newname'";
  $result = mysql_query($sql)
            or die("Couldn't execute query.");
  $num = mysql_numrows($result);
  if ($num > 0)                                           
  {
    unset($do);
    $message_new = "$newname already used. Select another 
                     member ID.";
    include("new_member.php");
    exit();
  }
  else                                                    
  {   
    $today = time("Y-m-d");
    $sql = "INSERT INTO member (loginName,createDate,password,
              firstName,lastName,street,city,state,zip,phone,
              fax,email) VALUES
            ('$newname','$today',password('$newpass'),
             '$firstName', '$lastName','$street','$city','$state',
             '$zip','$phone','$fax','$email')";
    mysql_query($sql); 
    $auth="yes";                                          
    $logname = $newname;                                  
    /* send email to new member */                        
    $emess1="A new Member Account has been setup for you. ";
    $emess2="Your new Member ID and password for the Skills Database are: ";
    $emess3="\n\n\t$newname\n\t$newpass\n\n";
    $emess4="We appreciate your interest in the Aboriginal NRM Skills Register ";
    $emess5="at www.aboriginalnrm.com.au\n\n";
    $emess6="If you have any questions or problems, email ";
    $emess7="new.david@saugov.sa.gov.au\r\n";
    $emess = 
       $emess1.$emess2.$emess3.$emess4.$emess5.$emess6.$emess7;
    $ehead="From: new.david@saugov.sa.gov.au\r\n";          
    $subject = "Your new Member Account from Aboriginal NRM";
    $mailsend=mail("$email","$subject","$emess","$ehead");
    header("Location: member_details.php");                   
  }
break;                                                    

default:                                                  
    include("individual.php");
  }

?>

cretam

Actually I do get an error message
Warning: Cannot send session cache limiter - headers already sent (output started at /home/.sites/88/site123/web/member_details.php:10) in /home/.sites/88/site123/web/member_details.php on line 82
My code for member_details.php is as follows

<?php
 /* Program: New_member.php
  * Desc:    Displays the new member welcome page. Greets member by
  *          name and gives user choice to enter restricted section
  *          or go back to main page.
  */
  session_start();                                               

  if (@$auth != "yes")                                           

  {
     header("Location: login.php");
     exit();
  }
 include("Connections/conn.php"); 

  $sql = "SELECT firstName,lastName FROM member                  

                 WHERE loginName='$logname'";
  $result = mysql_query($sql)
               or die("Couldn't execute query 1.");
  $row = mysql_fetch_array($result,MYSQL_ASSOC);
  extract($row);
  echo "<html>
        <head><title>New Member Welcome</title></head>
        <body>
        <h2 align='center' style='margin-top: .7in'>
        Welcome $firstName $lastName</h2>\n";
?>

bradgrafelman

So what's on line 82?

cretam

thanks for replying, this is line 82
$message_new = "$lastName is not a valid name.

cretam

fresh eyes and a good night sleep helped.
I know what the problem is now. I forgot to include
<?php
if (isset($message_new))

echo "<tr><td colspan='2'><b>$message_new</b></td></tr>";
?>
in the form.
Thanks for your help.

bradgrafelman

Don't forget to mark this thread resolved.

cretam

When i login it takes me to the members page but I get an error message
Warning: Cannot send session cache limiter - headers already sent (output started at /home/.sites/88/site123/web/member_page.php:10) in /home/.sites/88/site123/web/member_page.php on line 79

Line 79 on member_page is
session_start();

here is the code for member_page

<?php
 /* Program: member_page.php
  * Desc:    Displays the member's profile page. Greets member by
  *          name and gives user choice to enter skills, qualifications, view resume
  */
   session_start();                                               

  if (@$auth != "yes")                                           

  {
     header("Location: login.php");
     exit();
  }

 include("Connections/conn.php"); 

  $sql = "SELECT firstName,lastName FROM member                  

                 WHERE loginName='$logname'";
  $result = mysql_query($sql)
               or die("Couldn't execute query 1.");
  $row = mysql_fetch_array($result,MYSQL_ASSOC);
  extract($row);
  echo "<td class='pageName'>Welcome $firstName $lastName</td>\n";
?>

bradgrafelman

I'm confused... you said that session_start() is on line 79... so does that mean your code snippet starts at 74? Otherwise, why is session_start() on the 6th line of what we can see?

The point is, the problem starts at line 10 of the file (since something on line 10 is outputting data).

cretam

Yep the code snippet starts at line 74 - the rest is html. Should I put the session first before html? I am sorry I am really new to this session stuff - t rying to learn from tutorials.

bradgrafelman

As the error message explains, the error was caused because something in your script already outputed data. When you output data, HTTP headers are automatically sent and you can no longer modify them (e.g. add a session cookie).

So, as an answer to your question... you must use session_start() before any data is outputted.