Checking for sessions

ravi951 · September 21, 2011, 9:27am

hi all,
i have written a code for checking whether there is a session or not.
if not it has to be replaced with the time() value.
but it is displaying the error as Warning: Cannot modify header information - headers already sent by (output started at C:\xampp\htdocs\shopping1\session.php:9) in C:\xampp\htdocs\shopping1\session.php on line 27

below is my code…


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()"); 
$result = mysql_query("SELECT * from login WHERE username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(isset($_SESSION['username']))
{
 echo "UserId : ".$_SESSION['username'];
 unset($_SESSION['username']);
} 
else 
{
 echo "Set the username";
 $_SESSION['username'] = time();
}
if ($rows > 0) 
{ 
session_register('username');
$_SESSION['username'] = $_POST['username'];
header("Location:products.php");
exit; 
} 
else
{ 
//unsuccessful login 
header("Location:login.php");
exit; 
} 
?>

what is the error in my code…

DarthGuido · September 21, 2011, 9:29am

You’re creating output before the header() lines. Get rid of the two echo’s in the first IF, and that error should be gone.

ravi951 · September 21, 2011, 9:35am

where should i get rid of the echo .

DarthGuido · September 21, 2011, 9:39am

I already told you.
Just look at the code you posted. There are two echoes before the script reaches the header() instructions. You can’t send headers if you already have output. So you’ll have to eliminate those echoes.

ravi951 · September 21, 2011, 9:44am

k i have got rid of the echo’s but also not executing…
below is my modified code…


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()"); 
$result = mysql_query("SELECT * from login WHERE username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(isset($_SESSION['username']))
{
 "UserId : ".$_SESSION['username'];
 unset($_SESSION['username']);
} 
else 
{
 "Set the username";
 $_SESSION['username'] = time();
}
if ($rows > 0) 
{ 
session_register('username');
$_SESSION['username'] = $_POST['username'];
header("Location:products.php");
exit; 
} 
else
{ 
//unsuccessful login 
header("Location:login3.php");
exit; 
} 
?>

DarthGuido · September 21, 2011, 9:46am

When it’s giving you an error, post it here, instead of saying “doesn’t work” or “not executing”.

And please take a look at your code, and think about things just a moment before asking here. Isn’t there anything strange now? Nothing that makes you think: that can’t work?

ravi951 · September 21, 2011, 9:49am

first i need to register for username and using that i need to check for the sessions of username right…

DarthGuido · September 21, 2011, 9:53am

First you need to study the basics of PHP.
Tell me what is wrong in this code:


if(isset($_SESSION['username']))
{
 "UserId : ".$_SESSION['username'];
 unset($_SESSION['username']);
}

ravi951 · September 21, 2011, 9:58am

we are checking whether we have set username and assigning username to userid and then destroying it.
also userid is not a variable…we need to assign as $userid.

DarthGuido · September 21, 2011, 10:02am

It’s your code. I just took a little piece of it. And no, you’re not assigning anything. This line

 "UserId : ".$_SESSION['username'];

makes no sense anymore because you deleted the word ‘echo’ that was in front of it.

ravi951 · September 21, 2011, 10:05am

userId is a not variable to store the name of the username right

Stormrider · September 21, 2011, 11:00am

No, you have put it in quotes which makes it a literal string. You need to do something with the literal string, it won’t output if you just put it there in quotes.

ravi951 · September 21, 2011, 11:42am

i am not getting you what u are telling…

ParkinT · September 21, 2011, 12:28pm

In PHP you will consistently receive errors if send any output (as with the ‘echo’ command) before executing the ‘header’ call.
As I follow the FLOW OF LOGIC in your code, there is a chance that one of the ‘echo’ commands will be executed (in that ‘if’ block) before your call to ‘header’.
Rethink the flow of your program to avoid this.
Going back to your original code:
In the places where you wish to ECHO some output, instead, assign that to a string variable.
Then, after the header, display the contents of that variable (with an ‘echo’ command).

ravi951 · September 21, 2011, 12:32pm

then first i need to execute the header call and then i must give output.
is that possible with the above code…

Paul_Wilkins · September 21, 2011, 2:33pm

Yes it is. You can assign an empty string (called $message for example) at the start, so that you can perform your header work and add messages to the $message string. After you have finished doing your header work, it is then safe to output what you have stored in $message.

ravi951 · September 21, 2011, 2:37pm

i have modified the code.tell me whether the code i have modified is correct or not,


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()"); 
$result = mysql_query("SELECT * from login where username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(isset($_SESSION['username']))
{
 $messages= "UserId : ".$_SESSION['username'];
 unset($_SESSION['username']);
} 
else 
{
  $_SESSION['username'] = time();
}
if ($rows > 0) 
{ 
session_register('username');
$_SESSION['username'] = $_POST['username'];
echo $messages;
header("Location:products.php");
exit; 
} 
else
{ 
//unsuccessful login 
header("Location:login3.php");
exit; 
} 
?>

Paul_Wilkins · September 21, 2011, 2:43pm

You need to delay all output (that’s the echo commands) until after all of your header commands.

ravi951 · September 21, 2011, 2:47pm

tell me in the above code how to check whether session exists or not. if not then using the time()
i need to assign.is that possible in above code.

dresden_phoenix · September 22, 2011, 9:47pm

You are checking your sessions, OK…

But remember also, that’ some servers output blank spaces… if there are any blank spaces before your <?php tags.

ALSO :


<?php 
session_start();
mysql_connect("localhost","root","") or die("mysql_error()");
mysql_select_db("shopping") or die("mysql_error()"); 
$result = mysql_query("SELECT * from login where username='" . $_POST['username'] . "' AND password='" . $_POST['password'] . "'"); 
$rows=mysql_num_rows($result);
if(isset($_SESSION['username']))
{
 $messages= "UserId : ".$_SESSION['username'];
 unset($_SESSION['username']);
} 
else 
{
  $_SESSION['username'] = time();
}
if ($rows > 0) 
{ 
session_register('username');
$_SESSION['username'] = $_POST['username'];
echo $messages;
header("Location:products.php");// THIS WILL NEVER WORK!!! you are outputing before the header(). 
exit; 
} 
else
{ 
//unsuccessful login 
header("Location:login3.php");
exit; 
} 
?>

You what… I would actually rethink the entire logic of this check.


if(isset($_SESSION['username']))
{
 $messages= "UserId : ".$_SESSION['username'];
 unset($_SESSION['username']);
}

if you UNSET $_SESSION[‘username’]… you are essentially unsettling the session for someone who is actually logged in. you probably realized this and followed it up with the $_SESSION[‘username’]=time(); but then that means there will be session even if no one is logged in ( I just cant wrap my head as to why you would one to do this…

Additionally … you leave yourself wide open for $message being “user:”.timestamp ( again i dont see why you would want this). Maybe there is a greater purpose for all of this, but I thought that I would point it out.