0

I am testing my login on a new demo website I am doing. I can actually login, and I get my username returned from the database, but I get the following error in the top:

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /Applications/MAMP/htdocs/websiteNew/testlogin.php:1) in /Applications/MAMP/htdocs/websiteNew/resources/auth/session.php on line 3

Why do I get that error? I understand that the error can be caused, if I call include files before I call the session. But I cannot see I am doing that here?

NOTE: Updated code:

header.html

   <?php
            $error='';
            if( !isset( $_SESSION ) ) session_start();

            if( !isset( $_SESSION['username'])) include('resources/auth/login.php'); 
            else exit( header('Location: testlogin.php') ); 
    ?>
  <html>
    <body>
       <!-- Navigation code -->

index.php

<?php include 'resources/includes/header.html' ?>
      // Content Code
    </body>
  </html>

login.php

<?php
    /* login.php */

    if( !isset( $_SESSION ) ) session_start();
    include 'resources/dbconnect/dbconfig.inc.php';

    $error = '';

    if( $_SERVER['REQUEST_METHOD']=='POST' && isset( $_POST['submit'] ) ) {


        if( empty( $_POST['username'] ) || empty( $_POST['password'] ) ){

            $error = 'Both fields are required.';

        } else {

            $sql='SELECT `u_id`, `username` FROM `login` WHERE `username`=? AND md5(`password` )=? limit 1 ';
            $stmt=$mysqli->prepare( $sql );
            if( !$stmt ) exit('Failed to prepare sql statement');

            $username=$_POST['username']; 
            $password=md5( $_POST['password'] ); 

            $stmt->bind_param('ss', $username, $password ); 
            $res=$stmt->execute();

            $login_user = null;
            $user_name = null;

            /* bind result to variable */
            $stmt->bind_result( $login_user, $user_name );
            while( $stmt->fetch() ){
                $_SESSION['u_id'] = $login_user;
                $_SESSION['username'] = $user_name;
            }

            $stmt->close();
            $mysqli->close();

            if( isset( $_SESSION['username'] ) ) exit( header( 'location: index.php' ) );
            else $error='Incorrect username or password.';
        }
    }
?>

session.php

<?php

        if( !isset( $_SESSION ) ) session_start();
        if( !isset( $_SESSION['username'] ) ) exit( header('Location: index.php')  
        // Above is line 3
);
    ?>

testlogin.php

<?php 
      include 'resources/auth/session.php'; // If I only add this line I do not get any error
      include 'resources/includes/header.html'; // If I add the line I get the error in my question. But I need to include my header
    ?>

                                                          <!-- *** USER LOGGED IN ***-->
    <?php
    if ( isset( $_SESSION['username'] ) )                   
    {
    ?>
            <en><?php echo $_SESSION['username'];?></en><span class="caret"></span>
            <a href="index.php">Log Out</a>

                                                            <!-- *** USER NOT LOGGED IN ***-->

    <?php
    }
    ?>
M375
  • 149
  • 9
  • do you include `testlogin.php` or requesting it directly? also are you including `header.html` in `testlogin.php` or you have provided full `testlogin.php` code? – LightNight Mar 13 '16 at 18:25
  • Hello LightNight. When I hit the login button, I am redirected to testlogin.php. The code you see, is just copied from my other page, where it is working. I tried to include 'resources/includes/header.html' ?>, and then I also get the error here, when I tried to include that – M375 Mar 13 '16 at 18:37
  • When I add my I get the same error. When I remove the The logout button disapers from testlogin.php – M375 Mar 13 '16 at 18:39

1 Answers1

1

The headers must be sent before the output of the content starts. If you have any whitespaces or something like this before you call session_start(); you will see this error message.

This happes because when PHP sees a whitespace, which is not between <?php ?>, it will send the headers and will start sending content as HTML and it is to late to send the headers.

You will have to make sure, that your first file starts directly with <?php and it is closed the first time, when all headers are sent.

If you don't know your header at the beginning (so can't send it), you have to use output buffering (http://php.net/manual/de/ref.outcontrol.php), which means that PHP stores all content until the script is terminated.

Edit:

Maybe it will help to seperate 

<?php include 'resources/auth/session.php' ?>

into some more lines and add an ;

<?php
 include 'resources/auth/session.php';
?>

Edit 2:

(Maybe the logout button is a new question and you have to flag this as accepted and open a new one.)

You have to delete the Session, for example:

Point you Logout Link to index.php?todo=logout and add to header.html:

<?php
    $error='';
    if( !isset( $_SESSION ) ) session_start();


    if( isset( $_GET['todo'] ) && $_GET['todo'] == 'logout'){

        //Session leeren
        session_unset();
        //Session zerstören
        session_destroy();
        //Session neu aufesetzen
        //  jetzt ist alles, was mit dem User zu tun hatte weg
        session_start();
        //Meldung
       echo 'You have been logged out!';
    }

    if( !isset( $_SESSION['username'])) include('resources/auth/login.php'); 
            else exit( header('Location: testlogin.php') ); 
    ?>
  <html>
    <body>
       <!-- Navigation code -->
KIMB-technologies
  • 904
  • 6
  • 14
  • Hello KIMB. I cannot find any whitespaces anywhere. – M375 Mar 13 '16 at 18:38
  • 1
    For me it looks like you have some whitepaces before – KIMB-technologies Mar 13 '16 at 18:41
  • just checked agaon, no whitespaces:-/ – M375 Mar 13 '16 at 18:43
  • Because the error is in line 1 of testlogin.php I added a new idea – KIMB-technologies Mar 13 '16 at 18:50
  • Thank you a lot for your time. I ust updated my code in my question. Some of it actually works now. But I do not quite understand why my logout button does not work. When I press logout, nothing happens. I can see the browser update very quickly. – M375 Mar 13 '16 at 19:09
  • I added a solution, but next time open a new question for a new problem. (And mark this question as accepted). – KIMB-technologies Mar 13 '16 at 19:18
  • Thank you, I will try your solution. But the problem is still not solved, that I cannot include my header.html. – M375 Mar 13 '16 at 19:19
  • Is the header.html parsed as php (Is the php code executed?)? And is the`<` the first character? – KIMB-technologies Mar 13 '16 at 19:40
  • It does not look like the php is executed. I just tried to add your todo code, but I get the error: Notice: Undefined index: todo in /Applications/MAMP/htdocs/websiteNew/resources/includes/header.html on line 9 Logout? -> It is just like this you mean right? – M375 Mar 13 '16 at 19:47
  • Maybe rename header.html to header.php. And I have changed the code for the logout (sorry, I have forgotten one check). – KIMB-technologies Mar 13 '16 at 19:59
  • Thank you a lot for your time and eford. The logout button is still not working, but I will see on it. Nothing happens except a quick refresh in the browser. But I will try to play around with it. – M375 Mar 13 '16 at 20:25
  • Maybe it is helpful to add the code at first in the header.php (see the edit) – KIMB-technologies Mar 13 '16 at 20:29