|
damian - 2008-08-24 22:49:43
When i try to connect to a db to check the user and password i send a hedares, then, when the class try to regenerate the session id, show "headers allready sent", i cantt find a solution...
Vagharshak Tozalakyan - 2008-08-25 15:21:19 - In reply to message 1 from damian
Hello,
I don't know how your script is oranized that's why I can't say anything exactly. Anyway, as an option you may call session_regenerate_id() separetely and turn off $regenerate_id in
your SecureSession object.
damian - 2008-08-25 18:29:29 - In reply to message 2 from Vagharshak Tozalakyan
my code:
<?php
session_start();
require_once '../libs/securesession.class.php';
require_once '../libs/db.php';
$error = '';
if (isset($_POST['uname']))
{
$uname = trim($_POST['uname']);
$passwd = trim($_POST['passwd']);
$match=0;
$cons=mysql_query("SELECT * FROM admin");
while ($row=mysql_fetch_array($cons)){
if ( $row[user]==$uname && $row[password]==$passwd ) {$match=1;}
}
if ($match==1)
{
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'SALT_';
$ss->regenerate_id = false;
$ss->Open();
$_SESSION['logged_in'] = true;
$_SESSION['usuario'] = $uname;
$error ="<script language='JavaScript' type='text/JavaScript'> location.href=\"search_prod.php\" </script>";
}
else
{
$error = 'User name and password not match';
}
}
?>
as you see, i turn off the regenerate_id, but i think is not a correct way, can you show how i make to call to method separatelly?.
tank you very much.
Vagharshak Tozalakyan - 2008-08-26 19:39:06 - In reply to message 3 from damian
I'm sorry for the delay in response. When you are sending the output? Did you send any output in "db.php"? Or maybe there are just extra spaces, e.g. after closing "?>" tag?
damian - 2008-08-27 00:07:04 - In reply to message 4 from Vagharshak Tozalakyan
My code db.php
<?php
$bd_host="127.0.0.1";
$bd_base ="mybase";
$pass ="toor";
$us ="root";
$con = mysql_connect($bd_host,$us,$pass);
mysql_select_db($bd_base,$con);?>
i can't find a error,but considerate i'm novice ind is probable my mystake.However i apreciatte if you can help me. TNKS a lot
Vagharshak Tozalakyan - 2008-08-27 08:27:12 - In reply to message 5 from damian
If you got a "headers already sent" error with the code you posted here, then I think you may need to remove all spaces before <?php and after ?> in your PHP files.
Henrik Hansen - 2008-09-22 08:17:41 - In reply to message 1 from damian
I had the same problem in my code to begin with. I had the same error, but only in some php files on my site. Very wierd.
I require() the auth.php in the very top of every one of my php files, but still I got an error, that headers was already sent. I searched for spaces and breaks, but nothing, everything seemed fine.
Then, by looking at the error text in the resulting HTML, I could see, that the error text appeared after the meta tags in the html code. Hmm. How the *** does this happen, when I require() the auth.php in the top? I still don't know, but I had an include() or require() some lines below in the php code and that is obviously too much to handle for php. It is probably also bad programming, but schhht! :) So I moved all my require's and include's to the top of my php files and the error disappeared.
Vagharshak Tozalakyan - 2008-09-22 16:33:09 - In reply to message 7 from Henrik Hansen
"Headers already sent" error appears when any kind of output was sent before starting a session. It could be headers, markup, spaces, line breaks or just invisible symbols (e.g. in the top of Unicode files). I can suggest to use a hex editor for scanning the output. Also, you may use telnet to see the complete HTTP request.
|