Re: [PHP] plz check the warning message
Hi! Renze,
Thanks a lot for u'r help. I am in vacation up to
now.
Now i am trying with u'r solution. I am getting the following
error.
I am sending the file also.
Warning: Cannot send session cache limiter - headers already sent in
c:\www\authentication.php on line 34
File:authentication.php
?phpheader ("Cache-Control: no-cache,
must-revalidate");header ("Pragma: no-cache");
error_log ("emp_id: $emp_id", 0); error_log
("Lastname: $emp_pass", 0);
// Connect to MySQL
mysql_connect( 'localhost', 'balaji',
'pingpong' ) or die ( 'Unable to
connect to server.' );
// Select database on MySQL
server
mysql_select_db( 'imac'
) or die ( 'Unable to select
database.' );
// Formulate the query
$sql = "SELECT * FROM employee
WHERE
emp_id = '$emp_id' AND emp_pass = '$emp_pass'";
// Execute the query and put results in
$result
$result = mysql_query( $sql
) or die ( 'Unable to execute
query.' );
// Get number of rows in
$result.
$num = mysql_numrows( $result
);
if ( $num != 0 )
{ // A matching row was found -
the user is authenticated.
session_start();
session_register('$emp_id');
$row =
mysql_fetch_object($result);
if
($row-user_type=='S'){
include('super.php');
}else if
($row-user_type=='O'){include('ordinary.php');
} }
else { file://User does not exist or not
authenticated.echo 'centerh1Authorization
Required./h1/center';file://header( 'WWW-Authenticate: Basic
realm="Private"' );file://header( 'HTTP/1.0 401 Unauthorized'
);exit; }
?
Thanks and regards
-Balaji
- Original Message -
From:
Renze Munnik
To: Balaji
Ankem
Cc: [EMAIL PROTECTED]
Sent: Friday, August 10, 2001 5:41
PM
Subject: Re: [PHP] plz check the warning
message
On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem
wrote: Is there anyway to restrict the reposting?? Means after
pressing logout button we shouldn't allow the user to go back or
reposting the data again and getting session again.Okay...
I've figured out two 'solutions'. But... I must say: They'renot pretty.
Actually you can't prevent it. But:Option 1You can set
a cookie after logging in. The authorization page shouldcheck for that
cookie. It should not exist in order to login. Thelogin page (where one
gives his username/password) should removethat cookie if it
exists.This is, though, a _very_ ugly solution and using cookies
forsecurity isn't realy the best thing to do. So actually I
wouldn'tencourage you to use this.Option 2Another
solution is to redirect to a different page. I created thefollowing
example:=[ PHP code ]=// File:
login.phpHTMLHEAD TITLELogin
Test/TITLE/HEAD
BODY FORM method="post"
action="submit-login.php" INPUT type="text"
name="firstname" INPUT type="text"
name="lastname" BR INPUT
type="submit"
/FORM/BODY/HTML// File:
submit-login.php? /* Here you should do things with the
provided data... For the example I only write it
to the log. */ error_log ("Firstname: $firstname", 0);
error_log ("Lastname: $lastname", 0); /* Here's where you
redirect */ header ("Location: logged-in.php");?//
File: logged-in.php/* Whatever you want! */=[ end of code
]=After pushing the submit-button, the data will be submitted
tosubmit-login.php. There you handle the login-procedure. After
that,you automatically redirect to a different page (logged-in.php in
myexample). That's you you show eg 'You are logged in now'. If
youreload that page, nothing realy happens. If you push 'Back', you
endup on login.php again.Uptil now this is the best option I've
come up with.Hope it works for what you had in mind.--
* RzE:-- -- Renze
Munnik-- DataLink BV E: [EMAIL PROTECTED]-- W: +31 23
5326162-- F: +31 23 5322144-- M: +31 6 21811143-- H: +31 23
5516190 Stationsplein 82-- 2011 LM HAARLEM
http://www.datalink.nl--
-- PHP General Mailing List (http://www.php.net/)To unsubscribe,
e-mail: [EMAIL PROTECTED]For
additional commands, e-mail: [EMAIL PROTECTED]To
contact the list administrators, e-mail: [EMAIL PROTECTED]
---
Information transmitted by this E-MAIL is proprietary to Wipro Limited and
is intended for use only by the individual or entity to which it is
addressed, and may contain information that is privileged, confidential or
exempt from disclosure under applicable law. If you are not the intended
recipient or it appears that this mail has been forwarded to you without
proper authority, you are notified that any use or dissemination of this
Re: [PHP] plz check the warning message
On Mon, Aug 13, 2001 at 02:01:59PM +0530, Balaji Ankem wrote:
Hi! Renze,
Thanks a lot for u'r help. I am in vacation up to now.
Now i am trying with u'r solution. I am getting the following error.
I am sending the file also.
Warning: Cannot send session cache limiter - headers already sent in
c:\www\authentication.php on line 34
File:authentication.php
?php
header (Cache-Control: no-cache, must-revalidate);
header (Pragma: no-cache);
error_log (emp_id: $emp_id, 0);
error_log (Lastname: $emp_pass, 0);
// Connect to MySQL
mysql_connect( 'localhost', 'balaji', 'pingpong' )
or die ( 'Unable to connect to server.' );
// Select database on MySQL server
mysql_select_db( 'imac' )
or die ( 'Unable to select database.' );
// Formulate the query
$sql = SELECT * FROM employee WHERE
emp_id = '$emp_id' AND emp_pass = '$emp_pass';
// Execute the query and put results in $result
$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );
// Get number of rows in $result.
$num = mysql_numrows( $result );
if ( $num != 0 ) {
// A matching row was found - the user is authenticated.
session_start();
session_register('$emp_id');
$row = mysql_fetch_object($result);
if ($row-user_type=='S')
{
include('super.php');
}
else if ($row-user_type=='O')
{
include('ordinary.php');
}
}
else
{
file://User does not exist or not authenticated.
echo 'centerh1Authorization Required./h1/center';
file://header( 'WWW-Authenticate: Basic realm=Private' );
file://header( 'HTTP/1.0 401 Unauthorized' );
exit;
}
?
Well... You can't sent any headers after some output has already
been sent. I didn't take a very good look at your code, but looking
at the warning you get and the position of session_start() in your
code, I'd say you have to move the session_start() up. You can best
start your code with session_start() and then the rest of your
script.
--
* RzE:
--
-- Renze Munnik
-- DataLink BV
--
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- H: +31 23 5516190
--
-- Stationsplein 82
-- 2011 LM HAARLEM
--
-- http://www.datalink.nl
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 02:44:09PM +0530, Balaji Ankem wrote: Warning: Cannot send session cache limiter - headers already sent (output started at c:\www\authentication.php:2) in c:\www\authentication.php on line 38 I don't know what's in authentication.php, but I do know that -like the warningmsg says- you try to send headers while on line 2 you've already sent some output (echo, print, whatever). You'll have to put the session_start() before your output. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
Hi, What Renze Munnik said is absolutely right. U r trying to send headers after outputing something. So u either have to write ur code before outputing anything or if u want to keep ur code like that only, but still want it to work, go to php.ini and change the settings for output_buffering. Karthik. - Original Message - From: Balaji Ankem To: Yamin Prabudy Cc: [EMAIL PROTECTED] Sent: Friday, August 10, 2001 2:44 PM Subject: [PHP] plz check the warning message This document contains frames, which cannot be edited. The original document is attached. -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
Hi, munnik,
thankyou for u'r help.
I am getting the following warning while closing session.
Warning: Trying to destroy uninitialized session in
c:\www\logout.php on line 3session closed for 85744
Plz do the needful. I am sending the following files.
logout.php
?phpsession_unregister(emp_id);session_destroy();echo
"session closed for $emp_id";?!DOCTYPE HTML PUBLIC "-//W3C//DTD
HTML 3.2 Final//EN"HTMLHEADTITLEThankyou
/TITLE
meta http-equiv="Expires" CONTENT="0"
meta http-equiv="Cache-Control" CONTENT="no-cache" meta
http-equiv="Pragma" CONTENT="no-cache"
/HEAD
BODY background="nightsky.gif"
text="white"
p
centerh1THANKYOU FOR USING IMAC
TOOL/h1/centerbrbr center
h3Do you want to login again?/h3a
href="login.php"clickhere/a /center
/p/BODY/HTML
Authentication.php
?phpheader ("Cache-Control: no-cache,
must-revalidate");header ("Pragma: no-cache");
// Connect to MySQL
mysql_connect( 'localhost', 'balaji',
'pingpong' ) or die ( 'Unable to
connect to server.' );
// Select database on MySQL
server
mysql_select_db( 'imac'
) or die ( 'Unable to select
database.' );
// Formulate the query
$sql = "SELECT * FROM employee
WHERE
emp_id = '$emp_id' AND emp_pass = '$emp_pass'";
// Execute the query and put results in
$result
$result = mysql_query( $sql
) or die ( 'Unable to execute
query.' );
// Get number of rows in
$result.
$num = mysql_numrows( $result
);
if ( $num != 0 ) {
// A matching row
was found - the user is authenticated.
$auth =
true;
session_start();
session_register(emp_id);
$row =
mysql_fetch_object($result);
if
($row-user_type=='S'){
include('super.php');
}else if
($row-user_type=='O'){include('ordinary.php');
} }
else { file://User does not exist or not
authenticated.echo 'centerh1Authorization
Required./h1/center';header(
'WWW-Authenticate: Basic realm="Private"' );header(
'HTTP/1.0 401 Unauthorized'
);exit; }
?
Thanks in advance
With warm Regards
-Balaji
- Original Message -
From:
Renze Munnik
To: Balaji
Ankem ; Yamin
Prabudy
Cc: [EMAIL PROTECTED]
Sent: Friday, August 10, 2001 2:49
PM
Subject: Re: [PHP] plz check the warning
message
On Fri, Aug 10, 2001 at 02:44:09PM +0530, Balaji Ankem
wrote: Warning: Cannot send session cache limiter - headers
already sent (output started at c:\www\authentication.php:2) in
c:\www\authentication.php on line 38 I don't know what's
in authentication.php, but I do know that -likethe warningmsg says- you
try to send headers while on line 2 you'vealready sent some output (echo,
print, whatever).You'll have to put the session_start() before your
output.-- * RzE:-- --
Renze Munnik-- DataLink BV E: [EMAIL PROTECTED]-- W: +31 23
5326162-- F: +31 23 5322144-- M: +31 6 21811143-- H: +31 23
5516190 Stationsplein 82-- 2011 LM HAARLEM
http://www.datalink.nl--
-- PHP General Mailing List (http://www.php.net/)To unsubscribe,
e-mail: [EMAIL PROTECTED]For
additional commands, e-mail: [EMAIL PROTECTED]To
contact the list administrators, e-mail: [EMAIL PROTECTED]
---
Information transmitted by this E-MAIL is proprietary to Wipro Limited and
is intended for use only by the individual or entity to which it is
addressed, and may contain information that is privileged, confidential or
exempt from disclosure under applicable law. If you are not the intended
recipient or it appears that this mail has been forwarded to you without
proper authority, you are notified that any use or dissemination of this
information in any manner is strictly prohibited. In such cases, please
notify us immediately at mailto:[EMAIL PROTECTED] and delete this mail
from your records.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 04:08:19PM +0530, Balaji Ankem wrote: Hi, munnik, thankyou for u'r help. I am getting the following warning while closing session. Warning: Trying to destroy uninitialized session in c:\www\logout.php on line 3 session closed for 85744 Plz do the needful. I am sending the following files. logout.php ?php session_unregister(emp_id); session_destroy(); echo session closed for $emp_id; ? !DOCTYPE (...) (...) /HTML I just gave a quick look, but I think you forgot (or didn't know to) add session_start() to your code. So it will be: ?php session_start();/* -- This is it! */ session_unregister(emp_id); session_destroy(); echo session closed for $emp_id; ? !DOCTYPE (...) (...) /HTML Otherwise you don't have any session to destroy... -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
Hi, Munnik, I am starting the session if authentication is successful and i am closing the session whenever user click on logout button. Here in my case authentication is succesfull and session is started. And i checked the c:\tmp directory. session file is there. But it is not closing the session without starting a session again before closing. I did as u told it works perfect. Thanks alot. Why we have to start again another session before closing. One more doubt..after logging out (it closed the session) and i pressed the back button in browser It has given Warning.page expired. I pressed Refresh button It asked do u want to repost the values again. I pressed retry button. It posted the values again and created session again... Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again. Thanks and Regards -Balu - Original Message - From: Renze Munnik To: Balaji Ankem Cc: [EMAIL PROTECTED] Sent: Friday, August 10, 2001 4:13 PM Subject: Re: [PHP] plz check the warning message On Fri, Aug 10, 2001 at 04:08:19PM +0530, Balaji Ankem wrote: Hi, munnik, thankyou for u'r help. I am getting the following warning while closing session. Warning: Trying to destroy uninitialized session in c:\www\logout.php on line 3 session closed for 85744 Plz do the needful. I am sending the following files. logout.php ?php session_unregister(emp_id); session_destroy(); echo "session closed for $emp_id"; ? !DOCTYPE (...) (...) /HTML I just gave a quick look, but I think you forgot (or didn't know to)add session_start() to your code. So it will be:?phpsession_start(); /* -- This is it! */session_unregister(emp_id);session_destroy();echo "session closed for $emp_id";?!DOCTYPE (...)(...) /HTMLOtherwise you don't have any session to destroy...-- * RzE:-- -- Renze Munnik-- DataLink BV E: [EMAIL PROTECTED]-- W: +31 23 5326162-- F: +31 23 5322144-- M: +31 6 21811143-- H: +31 23 5516190 Stationsplein 82-- 2011 LM HAARLEM http://www.datalink.nl-- -- PHP General Mailing List (http://www.php.net/)To unsubscribe, e-mail: [EMAIL PROTECTED]For additional commands, e-mail: [EMAIL PROTECTED]To contact the list administrators, e-mail: [EMAIL PROTECTED] --- Information transmitted by this E-MAIL is proprietary to Wipro Limited and is intended for use only by the individual or entity to which it is addressed, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you are not the intended recipient or it appears that this mail has been forwarded to you without proper authority, you are notified that any use or dissemination of this information in any manner is strictly prohibited. In such cases, please notify us immediately at mailto:[EMAIL PROTECTED] and delete this mail from your records. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote: Hi, Munnik, I am starting the session if authentication is successful and i am closing the session whenever user click on logout button. Here in my case authentication is succesfull and session is started. And i checked the c:\tmp directory. session file is there. But it is not closing the session without starting a session again before closing. I did as u told it works perfect. Thanks alot. Why we have to start again another session before closing. Well... you don't actualy start another session before closing. The call to session_start() starts a session or resumes one: =[ PHP Manual ]= session_start() creates a session (or resumes the current one based on the session id being passed via a GET variable or a cookie). =[ end ]= One more doubt..after logging out (it closed the session) and i pressed the back button in browser It has given Warning.page expired. I pressed Refresh button It asked do u want to repost the values again. I pressed retry button. It posted the values again and created session again... Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again. I don't know (yet)... I'm gonna try to find out. I'll let you know. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] plz check the warning message
On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote: Is there anyway to restrict the reposting?? Means after pressing logout button we shouldn't allow the user to go back or reposting the data again and getting session again. Okay... I've figured out two 'solutions'. But... I must say: They're not pretty. Actually you can't prevent it. But: Option 1 You can set a cookie after logging in. The authorization page should check for that cookie. It should not exist in order to login. The login page (where one gives his username/password) should remove that cookie if it exists. This is, though, a _very_ ugly solution and using cookies for security isn't realy the best thing to do. So actually I wouldn't encourage you to use this. Option 2 Another solution is to redirect to a different page. I created the following example: =[ PHP code ]= // File: login.php HTML HEAD TITLELogin Test/TITLE /HEAD BODY FORM method=post action=submit-login.php INPUT type=text name=firstname INPUT type=text name=lastname BR INPUT type=submit /FORM /BODY /HTML // File: submit-login.php ? /* Here you should do things with the provided data... For the example I only write it to the log. */ error_log (Firstname: $firstname, 0); error_log (Lastname: $lastname, 0); /* Here's where you redirect */ header (Location: logged-in.php); ? // File: logged-in.php /* Whatever you want! */ =[ end of code ]= After pushing the submit-button, the data will be submitted to submit-login.php. There you handle the login-procedure. After that, you automatically redirect to a different page (logged-in.php in my example). That's you you show eg 'You are logged in now'. If you reload that page, nothing realy happens. If you push 'Back', you end up on login.php again. Uptil now this is the best option I've come up with. Hope it works for what you had in mind. -- * RzE: -- -- Renze Munnik -- DataLink BV -- -- E: [EMAIL PROTECTED] -- W: +31 23 5326162 -- F: +31 23 5322144 -- M: +31 6 21811143 -- H: +31 23 5516190 -- -- Stationsplein 82 -- 2011 LM HAARLEM -- -- http://www.datalink.nl -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
