I'm getting a session bug in php

Question

I'm trying to create a PHP Login System but I got this error while writing it :

session_start(): Cannot send session cache limiter - headers already sent

I created three pages, the index.php which contains the form, the logyourself.php which contains the check PHP code and home.php which contains the page when the user gets redirected to on successful login.

logyourself.php:

session_start();

$host     = ""; // Host name
$username = ""; // Mysql username
$password = ""; // Mysql password
$db_name  = ""; // Database name
$tbl_name = ""; // Table name

// Connect to server and select databse.
@mysql_connect("$host", "$username", "$password") or die("cannot connect");
@mysql_select_db("$db_name") or die("cannot select DB");
@mysql_query("set names 'utf8';");

// Define $myusername and $mypassword
$username = $_POST['username'];
$password = $_POST['password'];

// To protect MySQL injection (more detail about MySQL injection)
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);

$sql    = "SELECT * FROM $tbl_name WHERE username='$username' and password='$password'";
$result = mysql_query($sql);

// Mysql_num_row is counting table row
$count = mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if ($count == 1) {
    // Register $myusername, $mypassword and redirect to file "admin.php"

    $_SESSION['username'] = "username";
    $_SESSION['password'] = "password";
    header("location:home.php");
} else {
    echo "wrong Password or username";
    echo "<br>";
    echo "<a href=index.php>";
    echo "Back To Login";
    echo "</a>";
}

home.php:

session_start();
if (!isset($_SESSION['username'])) {
    header("location:index.php");
}
$username = $_SESSION['username'];
echo "Hi $username
        <br>
        <a href=\"logout.php\">Logout</a>
    ";

Why am I getting this error?

**Please**, don't use `mysql_*` functions for new code. They are no longer maintained and the community has begun the [deprecation process](http://news.php.net/php.internals/53799), and `mysql_*` functions have been officially removed in PHP 7. Instead you should learn about [prepared statements](https://en.wikipedia.org/wiki/Prepared_statement) and use either `PDO` or `mysqli_*`. If you can't decide, [this article will help to choose your best option](http://php.net/manual/en/mysqlinfo.api.choosing.php). — GrumpyCrouton, Aug 18 '17 at 12:51
Are you surpressing (`@` symbol) your `mysql_*` functions because it keeps warning you they are deprecated? Probably a good reason to just stop using it, don't you think? — GrumpyCrouton, Aug 18 '17 at 12:53
[Little Bobby](http://bobby-tables.com/) says **[you are at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even **[escaping the string](https://stackoverflow.com/q/5741187)** is not safe! I recommend `PDO`, which I [wrote a function for](http://paragoncds.com/grumpy/pdoquery/#function) to make it extremely **easy**, very **clean**, and way more **secure** than using non-parameterized queries. — GrumpyCrouton, Aug 18 '17 at 12:53
**Never store plain text passwords!** Please use **PHP's [built-in functions](http://jayblanchard.net/proper_password_hashing_with_PHP.html)** (`password_hash()` and `password_verify()`)to handle password security. If you're using a PHP version less than 5.5 you can use the `password_hash()` [compatibility pack](https://github.com/ircmaxell/password_compat). **It is not necessary** to [escape passwords](http://stackoverflow.com/q/36628418/1011527) or use any other cleansing mechanism on them before hashing. Doing so _changes_ the password and causes unnecessary additional coding. — GrumpyCrouton, Aug 18 '17 at 12:53
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /srv/disk9/2268831/www/starmanager.co.nf/home.php:2) in /srv/disk9/2268831/www/starmanager.co.nf/home.php on line 3 — islem, Aug 18 '17 at 13:09

I'm getting a session bug in php

0 Answers0