session_start error in PHP

Question

The following error keeps appearing, I am unsure what the problem is, It says the output has already been sent:

Warning: Cannot modify header information - headers already sent by (output started at /home/unix/student12/w1376540/public_html/messages/title_bar.php:7) in /home/unix/student12/w1376540/public_html/messages/login.php on line 24

Here is the following code: login.php:

<?php include 'connect.php'; ?>
<?php include 'functions.php'; ?>
<?php include 'title_bar.php'; ?>
<html>
<head>
<title>Login - Private Message System</title>
</head>
<body>
<div>
<h3> Login- Private message system </h3>
<form method='post'>
<?php
if(isset($_POST['login'])){
    $username = $_POST['username'];
    $password = md5($_POST['password']);    
    if(empty($username) or empty($password)){
    $message= "Fields empty";   
} else{
    $check_login = mysql_query("SELECT id FROM `users` WHERE `username`='$username' AND `password`='$password'");
    if(mysql_num_rows($check_login)==1){
        $run_login = mysql_fetch_array($check_login);
        $user_id = $run_login['id'];
        $_SESSION['user_id'] = $user_id;
        header('location: index.php');
    } else{
        $message = "Username or password incorrect";
    }
    }
    echo "<p>$message</p>";
}
?>
Username :<br/>
<input type ='text' name='username'/>
<br/><br/>
Password : <br/>
<input type='password' name='password'/>
<br/><br/>
<input type='submit' name="login" value='Log in'/>
</form>
</div>
</body>
</html>

title_bar.php:

<?php
if(loggedin()){
    ?>
<a href='index.php'>home</a>
<a href='messages.php'>messages</a>
<a href='logout.php'>logout</a>
    <?php   
}else{
?>
<a href='index.php'>home</a>
<a href='login.php'>Log in</a>
<a href='register.php'>Register</a>
<?php       
}
?>

You have a lot of problems in this code. The indentation need improving, as the structure is rather misleading; passwords are hashed using MD5, which is regarded as broken for this purpose; you have a SQL injection vulnerability; you're using a deprecated MySQL library. — halfer, Apr 09 '15 at 15:35
I know there are vulnerabilities in the code, that is not my main concern at the moment. I will sort that out as i go on, I just need help in regards to the problem at hand. @halfer — Tom, Apr 09 '15 at 15:44
"I will sort that out as I go on" typically turns into "I never got a chance to sort that out" which turns into "why is all my data gone and why am I serving malware to my users?" — ceejayoz, Apr 09 '15 at 15:54
Hopefully you will sort it out - we see serious code and security issues dismissed as low priority frequently here, and I dare say a few of us would wager projects go live with them despite helpful warnings. `:-)` Meantime, the duplicate question will answer your enquiry - the whole `if(isset($_POST['login']))` block needs to be moved to before the ``, then move the `echo` back to the appropriate place. You can't send HTTP headers after sending data to the browser. — halfer, Apr 09 '15 at 15:58
(By the way, you have two closed questions, one on the way to closure, and a few downvotes. It's worth reading the Help Centre prior to asking a new question, since too many close/downvotes may prevent you from asking new questions. It may be helpful to review the close reasons you are getting (duplicate, too broad) and bear that in mind when asking the next one.) — halfer, Apr 09 '15 at 16:04

session_start error in PHP

0 Answers0