header errors from login form

kenmarold

hi everyone- I'm having trouble with a login form that i'm trying to create, it's breaking at a specific spot and, being new to php, I'm unable to troubleshoot the problem because frankly, I just don't know what it means. Here are the errors I'm getting when I try to login:

Warning: session_register() [function.session-register]: Cannot send session cookie - headers already sent by (output started at *****.php:10) in ****.php on line 39

Warning: session_register() [function.session-register]: Cannot send session cache limiter - headers already sent (output started at ******.php:10) in **********.php on line 39

Warning: Cannot modify header information - headers already sent by (output started at ************.php:10) in *******.php on line 41

Line 41 of my php is: session_register('myusername');
Line 43 is: header('location:login_success.php');

Also, I've attached the entire 'checklogin.php code below so you can have alook and see where I'm going wrong:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>

<?php
ob_start();
$host="*******.com"; // Host name
$username="****"; // Mysql username
$password="******"; // Mysql password
$db_name="dbname"; // Database name
$tbl_name="users"; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register('myusername');
session_register('mypassword');
header('location:login_success.php');
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>
</body>
</html>

scrupul0us

you are outputting:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Untitled Document</title>
</head>

<body>

to the browser...

if the page is only doing process and wont actually display in the browser theres no reason to have a fully formatted W3C compliant page... just use the PHP code and ditch the html (you prolly dont need the output buffering either)

<?php
ob_start();
$host="" // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register('myusername');
session_register('mypassword');
header('location:login_success.php');
}
else {
echo "Wrong Username or Password";
}

ob_end_flush();
?>

...and as a friendly tip, dont post DB logins/creds on public forums 😃

djjjozsi

session_register causes an output before your header, and
this function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 6.0.0. Relying on this feature is highly discouraged.