Session Error

The-Welsh-One

Hello All

I have been creating this website for a while and i am getting this error on my login page

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at C:\xampp\htdocs\GroupV5\rb.php:39) in C:\xampp\htdocs\GroupV5\rb.php on line 40

What i don't understand is i do not get this error when using my laptop, but i do get this error when using my PC, the code has been changed at all it

The code is


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Greenwich University Library</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="default.css" rel="stylesheet" type="text/css" />
</head>
<body onLoad="document.MyForm.username.focus()">
<body>
<div id="title"> <font color color="#666666"><H1>Greenwich University Library</H1></font></div>




<div id="spacer">

</div>


<div id="header">

<div id="blue">		
</div>
</div>



<div id="page">

<div id ="login">
<?php
session_start(); // This starts the session which is like a cookie, but it isn't saved on your hdd and is much more secure.
mysql_connect("localhost","root",""); // Connect to the MySQL server
mysql_select_db("library"); // Select your Database
if(isset($_SESSION['loggedin']))
{
    die(header("Location: account.php"));
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['username']))
{
   $name = mysql_real_escape_string($_POST['username']); // The function mysql_real_escape_string() stops hackers!
      $mysql = mysql_query("SELECT * FROM customer WHERE Student_ID = '{$name}'"); // This code uses MySQL to get all of the users in the database with that username and password.
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password was probably incorrect!");
   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
   die(header("Location: account.php")); // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
echo "<p style='text-align: center;'>
<font size='5'>
<form type='login.php' method='POST' form NAME='MyForm'  >
USERNAME: <br>
<input type='text' name='username'><br>
<input type='submit' name='submit' value='Login'>
</form> </font> 
</p>"; // That set up the form to enter your password and username to login.
?>	
	</div>	
	</div>

&nbsp &nbsp <a href="index.html" title="Back">Back</a> 
</body>
</html>

sandthipe

move the php code to be above the html headers. especially the "die(header..." parts

JVassie

Indeed, you should always aim to have session_start() as the second line of the file (after the opening php tag).

A pointer though; I would take all of the database connection information and store it in a seperate php file (eg db.php), that way you don't need to have the same piece of code written at the top of every page, you can just call it quite simply in each page with no worries about changing every page if your password is changed for example.

Always helps to reuse your code when you can 🙂

<?php
session_start(); // This starts the session which is like a cookie, but it isn't saved on your hdd and is much more secure.
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>Greenwich University Library</title>
<meta name="keywords" content="" />
<meta name="description" content="" />
<link href="default.css" rel="stylesheet" type="text/css" />
</head>
<body onLoad="document.MyForm.username.focus()">
<body>
<div id="title"> <font color color="#666666"><H1>Greenwich University Library</H1></font></div>




<div id="spacer">

</div>


<div id="header">

<div id="blue">        
</div>
</div>



<div id="page">

<div id ="login">
<?php
mysql_connect("localhost","root",""); // Connect to the MySQL server
mysql_select_db("library"); // Select your Database
if(isset($_SESSION['loggedin']))
{
    die(header("Location: account.php"));
} // That bit of code checks if you are logged in or not, and if you are, you can't log in again!
if(isset($_POST['username']))
{
   $name = mysql_real_escape_string($_POST['username']); // The function mysql_real_escape_string() stops hackers!
      $mysql = mysql_query("SELECT * FROM customer WHERE Student_ID = '{$name}'"); // This code uses MySQL to get all of the users in the database with that username and password.
   if(mysql_num_rows($mysql) < 1)
   {
     die("Password was probably incorrect!");
   } // That snippet checked to see if the number of rows the MySQL query was less than 1, so if it couldn't find a row, the password is incorrect or the user doesn't exist!
   $_SESSION['loggedin'] = "YES"; // Set it so the user is logged in!
   $_SESSION['name'] = $name; // Make it so the username can be called by $_SESSION['name']
   die(header("Location: account.php")); // Kill the script here so it doesn't show the login form after you are logged in!
} // That bit of code logs you in! The "$_POST['submit']" bit is the submission of the form down below VV
echo "<p style='text-align: center;'>
<font size='5'>
<form type='login.php' method='POST' form NAME='MyForm'  >
USERNAME: <br>
<input type='text' name='username'><br>
<input type='submit' name='submit' value='Login'>
</form> </font>
</p>"; // That set up the form to enter your password and username to login.
?>    

    </div>    

    </div>

&nbsp &nbsp <a href="index.html" title="Back">Back</a>
</body>
</html>