php

doctorbill
doctorbill used Ask the Experts™
on
When I use the attached "login.php" file I get the following error message:
-------------------------------------
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /web1/user36636/website/site/admin/users.php:2) in /web1/user36636/website/site/admin/login.php on line 15

Warning: Cannot modify header information - headers already sent by (output started at /web1/user36636/website/site/admin/users.php:2) in /web1/user36636/website/site/admin/login.php on line 18
------------------------------------
This page works perfectly on my local system (localhost) but gives this error when the site has been uploaded to a webhosting server

Any ideas?
login.php
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
The error is that 'user.php' has already sent output.  You'll have to look at that file to see why.
Most Valuable Expert 2011
Top Expert 2016
Commented:
The problem occurs because it is a law of HTTP that all headers must come first and be complete before any browser output at all, even including invisible white space. The PHP session sets a cookie.  Cookies are headers, and hence the problem when your script makes a conditional call to session_start().  The right approach is to put the session_start() at the top of the script before anything else,

I notice this on line 3:
if (!ereg("^[A-Za-z0-9]"...

Open in new window

Please see the large red warning box here:
http://us.php.net/manual/en/function.ereg.php

You might want to consider following a design pattern like the one shown in this article.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

If you want to paste the users.php script here we might be able to find out why it issued some browser output.  But I think I would just move the session_start() command up to the top of the script and leave it there.

HTH, ~Ray

Author

Commented:
I am not at my computer at the moment but I can give you an idea of the workflow:

The user clicks on a page called admin_links.php
this has a php include at the top of the page to check.php
The check.php page checks to see if username and password sessions are set
If not set, there is a redirection to the login page (attached) where username and password are entered
Once the username and password are entered in the login page, the login page redirects to the admin_links.php page again

questions:
1. could it be that the initial reference to the admin_links.php page has caused headers to already be submitted for this page and a later reference to the same page causes the problem
2. why does the page work perfectly on my local system, ?
3. I have already tried putting session_start(); at the top of the page- no difference
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Dave BaldwinFixer of Problems
Most Valuable Expert 2014

Commented:
Show us the code, then we can tell you.  And we don't know the differences between your 'local system' and your hosted system.  Are they running the same versions of PHP and MySQL?  Are they running the same operating system?
Most Valuable Expert 2011
Top Expert 2016
Commented:
3. I have already tried putting session_start(); at the top of the page- no difference
That is technically impossible unless your hosting company is seriously incompetent and has somehow generated output that did not come from your script!  There should not be much chance of that.

Suggest you abandon the current design and start over with something more like the pattern shown in the article.  It works (and all web sites that use PHP authentication use it).
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Best of luck with the project, ~Ray

Author

Commented:
Ray - I take your point.
Is there a download of all the php pages so that I can start working with them?

Author

Commented:
Where can I edit the look of the login page

Author

Commented:
Ray
Disregard my last two comments. I have had a chance to study and implement the files on my test server and all work
I just need to use the access control on a real live page on my ISP site
Commented:
Ray
This has to be one of the most concise, clear and functional set of web pages and tutorial I have seen - works perfectly !!!!
Thanks so much for this

One question:
1. I would like to have a separate login for an administrator. The idea is that when general users have created a username  and pasword, and have logged in,   they will have access to certain pages but NOT special admin pages. These admin pages will require a login even if general users are already logged.
I presume I will need a separate config.php file and session name. I would like to keep the same database. Could you please tell me which files / scripts I would need to edit

Author

Commented:
This has to be one of the most concise, clear and functional set of web pages and tutorial I have seen - works perfectly !!!!
Thanks so much for this

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial