Re: [PHP] plz check the warning message
Hi! Renze, Thanks a lot for u'r help. I am in vacation up to now. Now i am trying with u'r solution. I am getting the following error. I am sending the file also. Warning: Cannot send session cache limiter - headers already sent in c:\www\authentication.php on line 34 File:authentication.php ?phpheader ("Cache-Control: no-cache, must-revalidate");header ("Pragma: no-cache"); error_log ("emp_id: $emp_id", 0); error_log ("Lastname: $emp_pass", 0); // Connect to MySQL mysql_connect( 'localhost', 'balaji', 'pingpong' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'imac' ) or die ( 'Unable to select database.' ); // Formulate the query $sql = "SELECT * FROM employee WHERE emp_id = '$emp_id' AND emp_pass = '$emp_pass'"; // Execute the query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // A matching row was found - the user is authenticated. session_start(); session_register('$emp_id'); $row = mysql_fetch_object($result); if ($row-user_type=='S'){ include('super.php'); }else if ($row-user_type=='O'){include('ordinary.php'); } } else { file://User does not exist or not authenticated.echo 'centerh1Authorization Required./h1/center';file://header( 'WWW-Authenticate: Basic realm="Private"' );file://header( 'HTTP/1.0 401 Unauthorized' );exit; } ? Thanks and regards -Balaji - Original Message - From: Renze Munnik To: Balaji Ankem Cc: [EMAIL PROTECTED] Sent: Friday, August 10, 2001 5:41 PM Subject: Re: [PHP] plz check the warning message On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote: Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again.Okay... I've figured out two 'solutions'. But... I must say: They'renot pretty. Actually you can't prevent it. But:Option 1You can set a cookie after logging in. The authorization page shouldcheck for that cookie. It should not exist in order to login. Thelogin page (where one gives his username/password) should removethat cookie if it exists.This is, though, a _very_ ugly solution and using cookies forsecurity isn't realy the best thing to do. So actually I wouldn'tencourage you to use this.Option 2Another solution is to redirect to a different page. I created thefollowing example:=[ PHP code ]=// File: login.phpHTMLHEAD TITLELogin Test/TITLE/HEAD BODY FORM method="post" action="submit-login.php" INPUT type="text" name="firstname" INPUT type="text" name="lastname" BR INPUT type="submit" /FORM/BODY/HTML// File: submit-login.php? /* Here you should do things with the provided data... For the example I only write it to the log. */ error_log ("Firstname: $firstname", 0); error_log ("Lastname: $lastname", 0); /* Here's where you redirect */ header ("Location: logged-in.php");?// File: logged-in.php/* Whatever you want! */=[ end of code ]=After pushing the submit-button, the data will be submitted tosubmit-login.php. There you handle the login-procedure. After that,you automatically redirect to a different page (logged-in.php in myexample). That's you you show eg 'You are logged in now'. If youreload that page, nothing realy happens. If you push 'Back', you endup on login.php again.Uptil now this is the best option I've come up with.Hope it works for what you had in mind.-- * RzE:-- -- Renze Munnik-- DataLink BV E: [EMAIL PROTECTED]-- W: +31 23 5326162-- F: +31 23 5322144-- M: +31 6 21811143-- H: +31 23 5516190 Stationsplein 82-- 2011 LM HAARLEM http://www.datalink.nl-- -- PHP General Mailing List (http://www.php.net/)To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]To contact the list administrators, e-mail: [EMAIL PROTECTED] --- Information transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this
Re: [PHP] plz check the warning message
On Mon, Aug 13, 2001 at 02:01:59PM +0530, Balaji Ankem wrote: Hi! Renze, Thanks a lot for u'r help. I am in vacation up to now. Now i am trying with u'r solution. I am getting the following error. I am sending the file also. Warning: Cannot send session cache limiter - headers already sent in c:\www\authentication.php on line 34 File:authentication.php ?php header (Cache-Control: no-cache, must-revalidate); header (Pragma: no-cache); error_log (emp_id: $emp_id, 0); error_log (Lastname: $emp_pass, 0); // Connect to MySQL mysql_connect( 'localhost', 'balaji', 'pingpong' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'imac' ) or die ( 'Unable to select database.' ); // Formulate the query $sql = SELECT * FROM employee WHERE emp_id = '$emp_id' AND emp_pass = '$emp_pass'; // Execute the query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // A matching row was found - the user is authenticated. session_start(); session_register('$emp_id'); $row = mysql_fetch_object($result); if ($row-user_type=='S') { include('super.php'); } else if ($row-user_type=='O') { include('ordinary.php'); } } else { file://User does not exist or not authenticated. echo 'centerh1Authorization Required./h1/center'; file://header( 'WWW-Authenticate: Basic realm=Private' ); file://header( 'HTTP/1.0 401 Unauthorized' ); exit; } ? Well... You can't sent any headers after some output has already been sent. I didn't take a very good look at your code, but looking at the warning you get and the position of session_start() in your code, I'd say you have to move the session_start() up. You can best start your code with session_start() and then the rest of your script. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 02:44:09PM +0530, Balaji Ankem wrote: Warning: Cannot send session cache limiter - headers already sent (output started at c:\www\authentication.php:2) in c:\www\authentication.php on line 38 I don't know what's in authentication.php, but I do know that -like the warningmsg says- you try to send headers while on line 2 you've already sent some output (echo, print, whatever). You'll have to put the session_start() before your output. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
Hi, What Renze Munnik said is absolutely right. U r trying to send headers after outputing something. So u either have to write ur code before outputing anything or if u want to keep ur code like that only, but still want it to work, go to php.ini and change the settings for output_buffering. Karthik. - Original Message - From: Balaji Ankem To: Yamin Prabudy Cc: [EMAIL PROTECTED] Sent: Friday, August 10, 2001 2:44 PM Subject: [PHP] plz check the warning message This document contains frames, which cannot be edited. The original document is attached. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
Hi, munnik, thankyou for u'r help. I am getting the following warning while closing session. Warning: Trying to destroy uninitialized session in c:\www\logout.php on line 3session closed for 85744 Plz do the needful. I am sending the following files. logout.php ?phpsession_unregister(emp_id);session_destroy();echo "session closed for $emp_id";?!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN"HTMLHEADTITLEThankyou /TITLE meta http-equiv="Expires" CONTENT="0" meta http-equiv="Cache-Control" CONTENT="no-cache" meta http-equiv="Pragma" CONTENT="no-cache" /HEAD BODY background="nightsky.gif" text="white" p centerh1THANKYOU FOR USING IMAC TOOL/h1/centerbrbr center h3Do you want to login again?/h3a href="login.php"clickhere/a /center /p/BODY/HTML Authentication.php ?phpheader ("Cache-Control: no-cache, must-revalidate");header ("Pragma: no-cache"); // Connect to MySQL mysql_connect( 'localhost', 'balaji', 'pingpong' ) or die ( 'Unable to connect to server.' ); // Select database on MySQL server mysql_select_db( 'imac' ) or die ( 'Unable to select database.' ); // Formulate the query $sql = "SELECT * FROM employee WHERE emp_id = '$emp_id' AND emp_pass = '$emp_pass'"; // Execute the query and put results in $result $result = mysql_query( $sql ) or die ( 'Unable to execute query.' ); // Get number of rows in $result. $num = mysql_numrows( $result ); if ( $num != 0 ) { // A matching row was found - the user is authenticated. $auth = true; session_start(); session_register(emp_id); $row = mysql_fetch_object($result); if ($row-user_type=='S'){ include('super.php'); }else if ($row-user_type=='O'){include('ordinary.php'); } } else { file://User does not exist or not authenticated.echo 'centerh1Authorization Required./h1/center';header( 'WWW-Authenticate: Basic realm="Private"' );header( 'HTTP/1.0 401 Unauthorized' );exit; } ? Thanks in advance With warm Regards -Balaji - Original Message - From: Renze Munnik To: Balaji Ankem ; Yamin Prabudy Cc: [EMAIL PROTECTED] Sent: Friday, August 10, 2001 2:49 PM Subject: Re: [PHP] plz check the warning message On Fri, Aug 10, 2001 at 02:44:09PM +0530, Balaji Ankem wrote: Warning: Cannot send session cache limiter - headers already sent (output started at c:\www\authentication.php:2) in c:\www\authentication.php on line 38 I don't know what's in authentication.php, but I do know that -likethe warningmsg says- you try to send headers while on line 2 you'vealready sent some output (echo, print, whatever).You'll have to put the session_start() before your output.-- * RzE:-- -- Renze Munnik-- DataLink BV E: [EMAIL PROTECTED]-- W: +31 23 5326162-- F: +31 23 5322144-- M: +31 6 21811143-- H: +31 23 5516190 Stationsplein 82-- 2011 LM HAARLEM http://www.datalink.nl-- -- PHP General Mailing List (http://www.php.net/)To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]To contact the list administrators, e-mail: [EMAIL PROTECTED] --- Information transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailto:[EMAIL PROTECTED] and delete this mail from your records. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 04:08:19PM +0530, Balaji Ankem wrote: Hi, munnik, thankyou for u'r help. I am getting the following warning while closing session. Warning: Trying to destroy uninitialized session in c:\www\logout.php on line 3 session closed for 85744 Plz do the needful. I am sending the following files. logout.php ?php session_unregister(emp_id); session_destroy(); echo session closed for $emp_id; ? !DOCTYPE (...) (...) /HTML I just gave a quick look, but I think you forgot (or didn't know to) add session_start() to your code. So it will be: ?php session_start();/* -- This is it! */ session_unregister(emp_id); session_destroy(); echo session closed for $emp_id; ? !DOCTYPE (...) (...) /HTML Otherwise you don't have any session to destroy... -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
Hi, Munnik, I am starting the session if authentication is successful and i am closing the session whenever user click on logout button. Here in my case authentication is succesfull and session is started. And i checked the c:\tmp directory. session file is there. But it is not closing the session without starting a session again before closing. I did as u told it works perfect. Thanks alot. Why we have to start again another session before closing. One more doubt..after logging out (it closed the session) and i pressed the back button in browser It has given Warning.page expired. I pressed Refresh button It asked do u want to repost the values again. I pressed retry button. It posted the values again and created session again... Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again. Thanks and Regards -Balu - Original Message - From: Renze Munnik To: Balaji Ankem Cc: [EMAIL PROTECTED] Sent: Friday, August 10, 2001 4:13 PM Subject: Re: [PHP] plz check the warning message On Fri, Aug 10, 2001 at 04:08:19PM +0530, Balaji Ankem wrote: Hi, munnik, thankyou for u'r help. I am getting the following warning while closing session. Warning: Trying to destroy uninitialized session in c:\www\logout.php on line 3 session closed for 85744 Plz do the needful. I am sending the following files. logout.php ?php session_unregister(emp_id); session_destroy(); echo "session closed for $emp_id"; ? !DOCTYPE (...) (...) /HTML I just gave a quick look, but I think you forgot (or didn't know to)add session_start() to your code. So it will be:?phpsession_start(); /* -- This is it! */session_unregister(emp_id);session_destroy();echo "session closed for $emp_id";?!DOCTYPE (...)(...) /HTMLOtherwise you don't have any session to destroy...-- * RzE:-- -- Renze Munnik-- DataLink BV E: [EMAIL PROTECTED]-- W: +31 23 5326162-- F: +31 23 5322144-- M: +31 6 21811143-- H: +31 23 5516190 Stationsplein 82-- 2011 LM HAARLEM http://www.datalink.nl-- -- PHP General Mailing List (http://www.php.net/)To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]To contact the list administrators, e-mail: [EMAIL PROTECTED] --- Information transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailto:[EMAIL PROTECTED] and delete this mail from your records. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote: Hi, Munnik, I am starting the session if authentication is successful and i am closing the session whenever user click on logout button. Here in my case authentication is succesfull and session is started. And i checked the c:\tmp directory. session file is there. But it is not closing the session without starting a session again before closing. I did as u told it works perfect. Thanks alot. Why we have to start again another session before closing. Well... you don't actualy start another session before closing. The call to session_start() starts a session or resumes one: =[ PHP Manual ]= session_start() creates a session (or resumes the current one based on the session id being passed via a GET variable or a cookie). =[ end ]= One more doubt..after logging out (it closed the session) and i pressed the back button in browser It has given Warning.page expired. I pressed Refresh button It asked do u want to repost the values again. I pressed retry button. It posted the values again and created session again... Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again. I don't know (yet)... I'm gonna try to find out. I'll let you know. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote: Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again. Okay... I've figured out two 'solutions'. But... I must say: They're not pretty. Actually you can't prevent it. But: Option 1 You can set a cookie after logging in. The authorization page should check for that cookie. It should not exist in order to login. The login page (where one gives his username/password) should remove that cookie if it exists. This is, though, a _very_ ugly solution and using cookies for security isn't realy the best thing to do. So actually I wouldn't encourage you to use this. Option 2 Another solution is to redirect to a different page. I created the following example: =[ PHP code ]= // File: login.php HTML HEAD TITLELogin Test/TITLE /HEAD BODY FORM method=post action=submit-login.php INPUT type=text name=firstname INPUT type=text name=lastname BR INPUT type=submit /FORM /BODY /HTML // File: submit-login.php ? /* Here you should do things with the provided data... For the example I only write it to the log. */ error_log (Firstname: $firstname, 0); error_log (Lastname: $lastname, 0); /* Here's where you redirect */ header (Location: logged-in.php); ? // File: logged-in.php /* Whatever you want! */ =[ end of code ]= After pushing the submit-button, the data will be submitted to submit-login.php. There you handle the login-procedure. After that, you automatically redirect to a different page (logged-in.php in my example). That's you you show eg 'You are logged in now'. If you reload that page, nothing realy happens. If you push 'Back', you end up on login.php again. Uptil now this is the best option I've come up with. Hope it works for what you had in mind. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]