I'm trying to password protect my webpage with php using a separate access.php that goes as follows:
<?php
session_start();
//access.php
//put sha1() encrypted password here - example is 'hello'
$password = 'thepassword';
session_start();
if (!isset($_SESSION['loggedIn'])) {
$_SESSION['loggedIn'] = false;
}
if (isset($_POST['password'])) {
if ($_POST['password'] == $password) {
$_SESSION['loggedIn'] = true;
} else {
die ('Incorrect password');
}
}
if (!$_SESSION['loggedIn']): ?>
<html><head><title>Login</title></head>
<body>
<p>You need to login</p>
<form method="post">
Password: <input type="password" name="password"> <br />
<input type="submit" name="submit" value="Login">
</form>
</body>
</html>
<?php
exit();
endif;
?>
And then doing a
<?php require('access.php'); ?>
In the header of my webpage I'm trying to protect but I keep getting this error message:
Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /directory/example.com/index.php:60) in /directory/example.com/access.php on line 2
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /directory/example.com/index.php:60) in /directory/example.com/access.php on line 2'
Line 60 is where I require access.php
I've seen other posts with this same error but I simply don't know what I'm doing wrong here since other solutions haven't quite worked. Thanks in advance for the help!
