(log in) PHP code

Question

I solve The problem Thank you ALL I move all php code in the first line of page(above head section ) except the case when user inter wrong email i leave it in the body ^_^

I have this log in code which checks if a user is already member or not.

<?php
$con=mysql_connect("localhost","root","") or die(mysql_error());

mysql_select_db("mydb")or die("error in selecting db");

    $email = $_POST['email'];
    $password = $_POST['password'];
    if( $email && $password)
    {
   $query = "select * from users where email = '$_POST[email]' and password = '$_POST[password]'";

  $result  = mysql_query($query, $con); 
$num_rows = mysql_num_rows($result);
  $record = mysql_fetch_array($result);

  if ($num_rows > 0) {
session_start();

$_SESSION['email'] = $_POST['email'];
$_SESSION['password'] = $_POST['password'];
header("Location: home.php");
}
else
{    
echo "<h3><br><br><font>Error in Password or email </font><br> <br> 
<font>
  if you are new plz register here </a> <br></font>";

    echo "</h3>";

}
    } else{ echo "<h3><br><br> You Enter any thing , Try again<br> <br> ;}
?>

If user are enters the correct email and password, will get this:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\wamp\www\vwl\login.php:122) in C:\wamp\www\vwl\login.php on line 170

Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\www\vwl\login.php:122) in C:\wamp\www\vwl\login.php on line 174

The code that prints welcome when he enters successfully is:

<?php
//     session_start();
//connect to db

if (isset($_COOKIE["email"]) && isset($_COOKIE["password"])) {
                                        $query = "select * from users where email = '$_COOKIE[email]' and password = '$_COOKIE[password]'";
} else {
$query = "select * from users where email='$_SESSION[email]' and password='$_SESSION[password]'";
}

$result = mysql_query($query, $con);

echo "<table border = 0>";

$record = mysql_fetch_array($result);

if ($record) {


echo "<tr><td>$record[email]</td>
<td>
</td></tr><br><br>";
} else {
header("Location: login.php");
}
echo "</table>";

?>

Check out line 122 of login.php - that's where you're first sending information — andrewsi, Apr 12 '13 at 18:51
session_start() should be as close to the top of the file as possible. If included, it should be in the first file, at the very top. If ANYTHING has been sent to the browser (echo, html, even white space) then you will get those warnings — Kai Qing, Apr 12 '13 at 18:52
Better plug your [SQL injection holes](http://bobby-tables.com) before someone destroys your server... — Marc B, Apr 12 '13 at 18:56
Your code is vulnerable to SQL injections. Instead of using deprecated mysql_* functions use mysqli_* or PDO — Voitcus, Apr 12 '13 at 18:56
ok thanks alot , the session problem fixed but still error in header i make sure of lines and nothing sent before it :( — SUN, Apr 12 '13 at 19:06
Yes it solved now , i move the php code above the head part and work but the problem is when i type wrong email he print the masssage on the top of web page — SUN, Apr 12 '13 at 19:08

score 0 · Answer 1 · answered Apr 12 '13 at 18:50

0

To use cookie-based sessions, session_start() must be called before outputing anything to the browser.

(documentation)

answered Apr 12 '13 at 18:50

Misch

10,350
4
35
49

score 0 · Answer 2 · answered Apr 12 '13 at 18:51

0

You have whitespace or something above your session_start. This causes that error. You want it to be the absolute first line after <?php

answered Apr 12 '13 at 18:51

Schleis

41,516
7
68
87

I put it at the first line in the page and work correctly – SUN Apr 12 '13 at 19:03

score 0 · Answer 3 · answered Apr 12 '13 at 18:54

0

Write the session_start on the first line after <?php and learn the basics about SQL-Injections!

answered Apr 12 '13 at 18:54

Zaziki

418
2
12

score 0 · Answer 4 · answered Apr 12 '13 at 19:01

You are likely outputting whitespace on line 122. Like others have said, you need to move session_start () up to the top of the file. Also, you really need to check for injections. You need to switch to MYSQLi as the functions that you're using are deprecated. Also, you're missing quotes on $_POST[email] and $_POST[password] inside the query. Also, you should get away from using html tables for layout. Also, checking like this:

if ($email && $password)

is probably not doing what you're wanting. You probably want:

if (!empty (@$_POST['email']) && !emtpy ($_POST['password']))

Checking it the other way, you're literally checking the value of the post variable.

Looks like you're missing the closing tag on your last

<h3>

also.

(log in) PHP code

4 Answers4