This error appears, along with the php content i have included.
It's not affecting my code, but it's making my pages look VERY ugly.
Can anyone please explain what's wrong? And possibly a solution.
I've looked at "/include/session.php on line 46" and i can't see any errors there.
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /www/zxq.net/w/a/r/warmondsniffers/htdocs/loginpage.php:15) in /www/zxq.net/w/a/r/warmondsniffers/htdocs/include/session.php on line 46
Thanks in advance
Full Version: Can Anyone Explain This Error To Me?
loginpage.php
session.php
protected.php
CODE
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>WarmondSniffers Members Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="css.css" />
</head>
<body>
<div id="container">
<table class="main_table" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="12"><img src="images/image_01.gif" width="4" height="27" alt=""></td>
<td background="images/image_05.gif" width="8"><img src="images/spacer.gif" width="8" height="1"></td>
<td class="nav_left" onMouseOver="this.className='nav_over_left'" onMouseOut="this.className='nav_left'"><a href="index.php"><img src="images/home.gif" width="73" height="27" border="0"></a></td>
<td class="nav_this"><a href="page.php"><img src="images/about.gif" width="73" height="27" border="0" class="nav"></a></td>
<td class="nav" onMouseOver="this.className='nav_over'" onMouseOut="this.className='nav'"><img src="images/design.gif" width="73" height="27" border="0" class="nav_this"></td>
<td class="nav" onMouseOver="this.className='nav_over'" onMouseOut="this.className='nav'"><img src="images/links.gif" width="73" height="27"></td>
<td width="100%" align="center" background="images/image_05.gif" class="small_text"> </td>
<td width="4"><img src="images/image_06.gif" width="4" height="27" alt=""></td>
</tr><tr>
<td colspan="1" height="15" width="4"><img src="images/image_09.gif"></td>
<td colspan="6" height="15" width="100%" background="images/image_11.gif"></td>
<td colspan="1" height="15" width="4"><img src="images/image_10.gif"></td>
</tr><tr>
<td colspan="1" height="109" width="4"><img src="images/image_12.gif"></td>
<td colspan="6" height="109" width="100%" background="images/image_13.gif" align="center">
<table border="0" cellpadding="0" cellspacing="0" width="98%">
<td width="2"><img src="images/image_19.gif"></td>
<td width="40%" background="images/image_20.gif" valign="middle" align="center"><img src="images/header.gif"></td>
<td width="2" background="images/image_20.gif"><img src="images/h-div.gif"></td>
<td width="60%" align="center" valign="top" background="images/image_20.gif" class="login_box">
<?php include "random_quote.php"; ?></td>
<td width="3"><img src="images/image_21.gif"></td>
</table></td>
<td colspan="1" height="109" width="4"><img src="images/image_14.gif"></td>
</tr><tr>
<td colspan="1" height="1" width="4"><img src="images/image_15.gif"></td>
<td colspan="6" height="1" width="100%" bgcolor="#495271"></td>
<td colspan="1" height="1" width="4"><img src="images/image_16.gif"></td>
</tr><tr>
<td colspan="1" height="1" width="4" background="images/image_17.gif"></td>
<td colspan="6" height="1" width="100%" bgcolor="#686D8B">
<img src="images/spacer.gif" height="2"><br>
<table border="0" cellpadding="0" cellspacing="0" width="98%" align="center">
<tr>
<td><img src="images/image_22.gif"></td>
<td class="box_head">Login Please </td>
<td><img src="images/image_24.gif"></td>
</tr><tr>
<td colspan="3" class="box"><? include "protected.php" ?></td>
</tr>
</table>
<img src="images/spacer.gif" height="2"><br>
</td>
<td colspan="1" height="1" width="4" background="images/image_18.gif"></td>
</tr><tr>
<td colspan="1"><img src="images/image_25.gif"></td>
<td colspan="6" align="center" background="images/image_27.gif" class="small_text">Copyright © warmondsniffers.nl <strong>||</strong> Site Design by: <a href="http://www.zymic.com">Zymic.com </a> </td>
<td colspan="1"><img src="images/image_26.gif"></td>
</tr>
</table>
</div>
</body>
</html>
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>WarmondSniffers Members Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel="stylesheet" type="text/css" href="css.css" />
</head>
<body>
<div id="container">
<table class="main_table" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="12"><img src="images/image_01.gif" width="4" height="27" alt=""></td>
<td background="images/image_05.gif" width="8"><img src="images/spacer.gif" width="8" height="1"></td>
<td class="nav_left" onMouseOver="this.className='nav_over_left'" onMouseOut="this.className='nav_left'"><a href="index.php"><img src="images/home.gif" width="73" height="27" border="0"></a></td>
<td class="nav_this"><a href="page.php"><img src="images/about.gif" width="73" height="27" border="0" class="nav"></a></td>
<td class="nav" onMouseOver="this.className='nav_over'" onMouseOut="this.className='nav'"><img src="images/design.gif" width="73" height="27" border="0" class="nav_this"></td>
<td class="nav" onMouseOver="this.className='nav_over'" onMouseOut="this.className='nav'"><img src="images/links.gif" width="73" height="27"></td>
<td width="100%" align="center" background="images/image_05.gif" class="small_text"> </td>
<td width="4"><img src="images/image_06.gif" width="4" height="27" alt=""></td>
</tr><tr>
<td colspan="1" height="15" width="4"><img src="images/image_09.gif"></td>
<td colspan="6" height="15" width="100%" background="images/image_11.gif"></td>
<td colspan="1" height="15" width="4"><img src="images/image_10.gif"></td>
</tr><tr>
<td colspan="1" height="109" width="4"><img src="images/image_12.gif"></td>
<td colspan="6" height="109" width="100%" background="images/image_13.gif" align="center">
<table border="0" cellpadding="0" cellspacing="0" width="98%">
<td width="2"><img src="images/image_19.gif"></td>
<td width="40%" background="images/image_20.gif" valign="middle" align="center"><img src="images/header.gif"></td>
<td width="2" background="images/image_20.gif"><img src="images/h-div.gif"></td>
<td width="60%" align="center" valign="top" background="images/image_20.gif" class="login_box">
<?php include "random_quote.php"; ?></td>
<td width="3"><img src="images/image_21.gif"></td>
</table></td>
<td colspan="1" height="109" width="4"><img src="images/image_14.gif"></td>
</tr><tr>
<td colspan="1" height="1" width="4"><img src="images/image_15.gif"></td>
<td colspan="6" height="1" width="100%" bgcolor="#495271"></td>
<td colspan="1" height="1" width="4"><img src="images/image_16.gif"></td>
</tr><tr>
<td colspan="1" height="1" width="4" background="images/image_17.gif"></td>
<td colspan="6" height="1" width="100%" bgcolor="#686D8B">
<img src="images/spacer.gif" height="2"><br>
<table border="0" cellpadding="0" cellspacing="0" width="98%" align="center">
<tr>
<td><img src="images/image_22.gif"></td>
<td class="box_head">Login Please </td>
<td><img src="images/image_24.gif"></td>
</tr><tr>
<td colspan="3" class="box"><? include "protected.php" ?></td>
</tr>
</table>
<img src="images/spacer.gif" height="2"><br>
</td>
<td colspan="1" height="1" width="4" background="images/image_18.gif"></td>
</tr><tr>
<td colspan="1"><img src="images/image_25.gif"></td>
<td colspan="6" align="center" background="images/image_27.gif" class="small_text">Copyright © warmondsniffers.nl <strong>||</strong> Site Design by: <a href="http://www.zymic.com">Zymic.com </a> </td>
<td colspan="1"><img src="images/image_26.gif"></td>
</tr>
</table>
</div>
</body>
</html>
session.php
CODE
<?
/**
* Session.php
*
* The Session class is meant to simplify the task of keeping
* track of logged in users and also guests.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
include("database.php");
include("mailer.php");
include("form.php");
class Session
{
var $username; //Username given on sign-up
var $userid; //Random value generated on current login
var $userlevel; //The level to which the user pertains
var $time; //Time user was last active (page loaded)
var $logged_in; //True if user is logged in, false otherwise
var $userinfo = array(); //The array holding all user info
var $url; //The page url current being viewed
var $referrer; //Last recorded site page viewed
/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/
/* Class constructor */
function Session(){
$this->time = time();
$this->startSession();
}
/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database; //The database connection
session_start(); //Tell PHP to start the session
/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();
/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
$this->username = $_SESSION['username'] = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}
/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();
/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}
/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}
/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userlevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* login - The user has submitted his username and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form; //The database and form object
/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Check if username is not alphanumeric */
if(!eregi("^([0-9a-z])*$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));
/* Check error codes */
if($result == 1){
$field = "user";
$form->setError($field, "* Username not found");
}
else if($result == 2){
$field = "pass";
$form->setError($field, "* Invalid password");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
$this->userlevel = $this->userinfo['userlevel'];
/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}
/* Login completed successfully */
return true;
}
/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}
/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['userid']);
/* Reflect fact that user has logged out */
$this->logged_in = false;
/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
/* Set user level to guest */
$this->username = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
}
/**
* register - Gets called when the user has just submitted the
* registration form. Determines if there were any errors with
* the entry fields, if so, it records the errors and returns
* 1. If no errors were found, it registers the new user and
* returns 0. Returns 2 if registration failed.
*/
function register($subuser, $subpass, $subemail){
global $database, $form, $mailer; //The database, form and mailer object
/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Spruce up username, check length */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5){
$form->setError($field, "* Username below 5 characters");
}
else if(strlen($subuser) > 30){
$form->setError($field, "* Username above 30 characters");
}
/* Check if username is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
/* Check if username is reserved */
else if(strcasecmp($subuser, GUEST_NAME) == 0){
$form->setError($field, "* Username reserved word");
}
/* Check if username is already in use */
else if($database->usernameTaken($subuser)){
$form->setError($field, "* Username already in use");
}
/* Check if username is banned */
else if($database->usernameBanned($subuser)){
$form->setError($field, "* Username banned");
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
else{
/* Spruce up password and check length*/
$subpass = stripslashes($subpass);
if(strlen($subpass) < 4){
$form->setError($field, "* Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
$form->setError($field, "* Password not alphanumeric");
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report "password too short".
*/
}
/* Email error checking */
$field = "email"; //Use field name for email
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
$form->setError($field, "* Email not entered");
}
else{
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}
/* No errors, add the new account to the */
else{
if($database->addNewUser($subuser, md5($subpass), $subemail)){
if(EMAIL_WELCOME){
$mailer->sendWelcome($subuser,$subemail,$subpass);
}
return 0; //New user added succesfully
}else{
return 2; //Registration attempt failed
}
}
}
/**
* editAccount - Attempts to edit the user's account information
* including the password, which it first makes sure is correct
* if entered, if so and the new password is in the right
* format, the change is made. All other fields are changed
* automatically.
*/
function editAccount($subcurpass, $subnewpass, $subemail){
global $database, $form; //The database and form object
/* New password entered */
if($subnewpass){
/* Current Password error checking */
$field = "curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, "* Current Password not entered");
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 4 ||
!eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
$form->setError($field, "* Current Password incorrect");
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, "* Current Password incorrect");
}
}
/* New Password error checking */
$field = "newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 4){
$form->setError($field, "* New Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
$form->setError($field, "* New Password not alphanumeric");
}
}
/* Change password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "newpass"; //Use field name for new password
$form->setError($field, "* New Password not entered");
}
/* Email error checking */
$field = "email"; //Use field name for email
if($subemail && strlen($subemail = trim($subemail)) > 0){
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return false; //Errors with form
}
/* Update password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"password",md5($subnewpass));
}
/* Change Email */
if($subemail){
$database->updateUserField($this->username,"email",$subemail);
}
/* Success! */
return true;
}
/**
* isAdmin - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAdmin(){
return ($this->userlevel == ADMIN_LEVEL ||
$this->username == ADMIN_NAME);
}
/**
* generateRandID - Generates a string made up of randomized
* letters (lower and upper case) and digits and returns
* the md5 hash of it to be used as a userid.
*/
function generateRandID(){
return md5($this->generateRandStr(16));
}
/**
* generateRandStr - Generates a string made up of randomized
* letters (lower and upper case) and digits, the length
* is a specified parameter.
*/
function generateRandStr($length){
$randstr = "";
for($i=0; $i<$length; $i++){
$randnum = mt_rand(0,61);
if($randnum < 10){
$randstr .= chr($randnum+48);
}else if($randnum < 36){
$randstr .= chr($randnum+55);
}else{
$randstr .= chr($randnum+61);
}
}
return $randstr;
}
};
/**
* Initialize session object - This must be initialized before
* the form object because the form uses session variables,
* which cannot be accessed unless the session has started.
*/
$session = new Session;
/* Initialize form object */
$form = new Form;
?>
/**
* Session.php
*
* The Session class is meant to simplify the task of keeping
* track of logged in users and also guests.
*
* Written by: Jpmaster77 a.k.a. The Grandmaster of C++ (GMC)
* Last Updated: August 19, 2004
*/
include("database.php");
include("mailer.php");
include("form.php");
class Session
{
var $username; //Username given on sign-up
var $userid; //Random value generated on current login
var $userlevel; //The level to which the user pertains
var $time; //Time user was last active (page loaded)
var $logged_in; //True if user is logged in, false otherwise
var $userinfo = array(); //The array holding all user info
var $url; //The page url current being viewed
var $referrer; //Last recorded site page viewed
/**
* Note: referrer should really only be considered the actual
* page referrer in process.php, any other time it may be
* inaccurate.
*/
/* Class constructor */
function Session(){
$this->time = time();
$this->startSession();
}
/**
* startSession - Performs all the actions necessary to
* initialize this session object. Tries to determine if the
* the user has logged in already, and sets the variables
* accordingly. Also takes advantage of this page load to
* update the active visitors tables.
*/
function startSession(){
global $database; //The database connection
session_start(); //Tell PHP to start the session
/* Determine if user is logged in */
$this->logged_in = $this->checkLogin();
/**
* Set guest value to users not logged in, and update
* active guests table accordingly.
*/
if(!$this->logged_in){
$this->username = $_SESSION['username'] = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
}
/* Update users last active timestamp */
else{
$database->addActiveUser($this->username, $this->time);
}
/* Remove inactive visitors from database */
$database->removeInactiveUsers();
$database->removeInactiveGuests();
/* Set referrer page */
if(isset($_SESSION['url'])){
$this->referrer = $_SESSION['url'];
}else{
$this->referrer = "/";
}
/* Set current url */
$this->url = $_SESSION['url'] = $_SERVER['PHP_SELF'];
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
global $database; //The database connection
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
$this->username = $_SESSION['username'] = $_COOKIE['cookname'];
$this->userid = $_SESSION['userid'] = $_COOKIE['cookid'];
}
/* Username and userid have been set and not guest */
if(isset($_SESSION['username']) && isset($_SESSION['userid']) &&
$_SESSION['username'] != GUEST_NAME){
/* Confirm that username and userid are valid */
if($database->confirmUserID($_SESSION['username'], $_SESSION['userid']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['username']);
unset($_SESSION['userid']);
return false;
}
/* User is logged in, set class variables */
$this->userinfo = $database->getUserInfo($_SESSION['username']);
$this->username = $this->userinfo['username'];
$this->userid = $this->userinfo['userid'];
$this->userlevel = $this->userinfo['userlevel'];
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* login - The user has submitted his username and password
* through the login form, this function checks the authenticity
* of that information in the database and creates the session.
* Effectively logging in the user if all goes well.
*/
function login($subuser, $subpass, $subremember){
global $database, $form; //The database and form object
/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Check if username is not alphanumeric */
if(!eregi("^([0-9a-z])*$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Checks that username is in database and password is correct */
$subuser = stripslashes($subuser);
$result = $database->confirmUserPass($subuser, md5($subpass));
/* Check error codes */
if($result == 1){
$field = "user";
$form->setError($field, "* Username not found");
}
else if($result == 2){
$field = "pass";
$form->setError($field, "* Invalid password");
}
/* Return if form errors exist */
if($form->num_errors > 0){
return false;
}
/* Username and password correct, register session variables */
$this->userinfo = $database->getUserInfo($subuser);
$this->username = $_SESSION['username'] = $this->userinfo['username'];
$this->userid = $_SESSION['userid'] = $this->generateRandID();
$this->userlevel = $this->userinfo['userlevel'];
/* Insert userid into database and update active users table */
$database->updateUserField($this->username, "userid", $this->userid);
$database->addActiveUser($this->username, $this->time);
$database->removeActiveGuest($_SERVER['REMOTE_ADDR']);
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his random value userid. It expires by the time
* specified in constants.php. Now, next time he comes to our site, we will
* log him in automatically, but only if he didn't log out before he left.
*/
if($subremember){
setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", $this->userid, time()+COOKIE_EXPIRE, COOKIE_PATH);
}
/* Login completed successfully */
return true;
}
/**
* logout - Gets called when the user wants to be logged out of the
* website. It deletes any cookies that were stored on the users
* computer as a result of him wanting to be remembered, and also
* unsets session variables and demotes his user level to guest.
*/
function logout(){
global $database; //The database connection
/**
* Delete cookies - the time must be in the past,
* so just negate what you added when creating the
* cookie.
*/
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookid'])){
setcookie("cookname", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
setcookie("cookid", "", time()-COOKIE_EXPIRE, COOKIE_PATH);
}
/* Unset PHP session variables */
unset($_SESSION['username']);
unset($_SESSION['userid']);
/* Reflect fact that user has logged out */
$this->logged_in = false;
/**
* Remove from active users table and add to
* active guests tables.
*/
$database->removeActiveUser($this->username);
$database->addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
/* Set user level to guest */
$this->username = GUEST_NAME;
$this->userlevel = GUEST_LEVEL;
}
/**
* register - Gets called when the user has just submitted the
* registration form. Determines if there were any errors with
* the entry fields, if so, it records the errors and returns
* 1. If no errors were found, it registers the new user and
* returns 0. Returns 2 if registration failed.
*/
function register($subuser, $subpass, $subemail){
global $database, $form, $mailer; //The database, form and mailer object
/* Username error checking */
$field = "user"; //Use field name for username
if(!$subuser || strlen($subuser = trim($subuser)) == 0){
$form->setError($field, "* Username not entered");
}
else{
/* Spruce up username, check length */
$subuser = stripslashes($subuser);
if(strlen($subuser) < 5){
$form->setError($field, "* Username below 5 characters");
}
else if(strlen($subuser) > 30){
$form->setError($field, "* Username above 30 characters");
}
/* Check if username is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", $subuser)){
$form->setError($field, "* Username not alphanumeric");
}
/* Check if username is reserved */
else if(strcasecmp($subuser, GUEST_NAME) == 0){
$form->setError($field, "* Username reserved word");
}
/* Check if username is already in use */
else if($database->usernameTaken($subuser)){
$form->setError($field, "* Username already in use");
}
/* Check if username is banned */
else if($database->usernameBanned($subuser)){
$form->setError($field, "* Username banned");
}
}
/* Password error checking */
$field = "pass"; //Use field name for password
if(!$subpass){
$form->setError($field, "* Password not entered");
}
else{
/* Spruce up password and check length*/
$subpass = stripslashes($subpass);
if(strlen($subpass) < 4){
$form->setError($field, "* Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subpass = trim($subpass)))){
$form->setError($field, "* Password not alphanumeric");
}
/**
* Note: I trimmed the password only after I checked the length
* because if you fill the password field up with spaces
* it looks like a lot more characters than 4, so it looks
* kind of stupid to report "password too short".
*/
}
/* Email error checking */
$field = "email"; //Use field name for email
if(!$subemail || strlen($subemail = trim($subemail)) == 0){
$form->setError($field, "* Email not entered");
}
else{
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return 1; //Errors with form
}
/* No errors, add the new account to the */
else{
if($database->addNewUser($subuser, md5($subpass), $subemail)){
if(EMAIL_WELCOME){
$mailer->sendWelcome($subuser,$subemail,$subpass);
}
return 0; //New user added succesfully
}else{
return 2; //Registration attempt failed
}
}
}
/**
* editAccount - Attempts to edit the user's account information
* including the password, which it first makes sure is correct
* if entered, if so and the new password is in the right
* format, the change is made. All other fields are changed
* automatically.
*/
function editAccount($subcurpass, $subnewpass, $subemail){
global $database, $form; //The database and form object
/* New password entered */
if($subnewpass){
/* Current Password error checking */
$field = "curpass"; //Use field name for current password
if(!$subcurpass){
$form->setError($field, "* Current Password not entered");
}
else{
/* Check if password too short or is not alphanumeric */
$subcurpass = stripslashes($subcurpass);
if(strlen($subcurpass) < 4 ||
!eregi("^([0-9a-z])+$", ($subcurpass = trim($subcurpass)))){
$form->setError($field, "* Current Password incorrect");
}
/* Password entered is incorrect */
if($database->confirmUserPass($this->username,md5($subcurpass)) != 0){
$form->setError($field, "* Current Password incorrect");
}
}
/* New Password error checking */
$field = "newpass"; //Use field name for new password
/* Spruce up password and check length*/
$subpass = stripslashes($subnewpass);
if(strlen($subnewpass) < 4){
$form->setError($field, "* New Password too short");
}
/* Check if password is not alphanumeric */
else if(!eregi("^([0-9a-z])+$", ($subnewpass = trim($subnewpass)))){
$form->setError($field, "* New Password not alphanumeric");
}
}
/* Change password attempted */
else if($subcurpass){
/* New Password error reporting */
$field = "newpass"; //Use field name for new password
$form->setError($field, "* New Password not entered");
}
/* Email error checking */
$field = "email"; //Use field name for email
if($subemail && strlen($subemail = trim($subemail)) > 0){
/* Check if valid email address */
$regex = "^[_+a-z0-9-]+(\.[_+a-z0-9-]+)*"
."@[a-z0-9-]+(\.[a-z0-9-]{1,})*"
."\.([a-z]{2,}){1}$";
if(!eregi($regex,$subemail)){
$form->setError($field, "* Email invalid");
}
$subemail = stripslashes($subemail);
}
/* Errors exist, have user correct them */
if($form->num_errors > 0){
return false; //Errors with form
}
/* Update password since there were no errors */
if($subcurpass && $subnewpass){
$database->updateUserField($this->username,"password",md5($subnewpass));
}
/* Change Email */
if($subemail){
$database->updateUserField($this->username,"email",$subemail);
}
/* Success! */
return true;
}
/**
* isAdmin - Returns true if currently logged in user is
* an administrator, false otherwise.
*/
function isAdmin(){
return ($this->userlevel == ADMIN_LEVEL ||
$this->username == ADMIN_NAME);
}
/**
* generateRandID - Generates a string made up of randomized
* letters (lower and upper case) and digits and returns
* the md5 hash of it to be used as a userid.
*/
function generateRandID(){
return md5($this->generateRandStr(16));
}
/**
* generateRandStr - Generates a string made up of randomized
* letters (lower and upper case) and digits, the length
* is a specified parameter.
*/
function generateRandStr($length){
$randstr = "";
for($i=0; $i<$length; $i++){
$randnum = mt_rand(0,61);
if($randnum < 10){
$randstr .= chr($randnum+48);
}else if($randnum < 36){
$randstr .= chr($randnum+55);
}else{
$randstr .= chr($randnum+61);
}
}
return $randstr;
}
};
/**
* Initialize session object - This must be initialized before
* the form object because the form uses session variables,
* which cannot be accessed unless the session has started.
*/
$session = new Session;
/* Initialize form object */
$form = new Form;
?>
protected.php
CODE
<?
include("include/session.php");
if($session->logged_in){
include "index.php";
}
else{
include "not_logged.php";
}
?>
include("include/session.php");
if($session->logged_in){
include "index.php";
}
else{
include "not_logged.php";
}
?>
QUOTE(Tom @ Oct 27 2007, 09:43 PM) 
Well there it is, you're outputting HTML before sending the headers. Include session.php BEFORE loginpage.php and it should work as intended.
I don't understand.. I'm not including loginpage.php into anything. That's the page i am including "protected.php" in.
Okay, i think i've found the error, the error is in this script somewhere
CODE
<?
include("include/session.php");
if($session->logged_in){
include "index.php";
}
else{
include "not_logged.php";
}
?>
include("include/session.php");
if($session->logged_in){
include "index.php";
}
else{
include "not_logged.php";
}
?>
QUOTE(Tom @ Oct 27 2007, 10:01 PM)
loginpage.php is being called somewhere before session.php, and you need to sort that out.
Thanks so much for your help, do you reckon the best idea would be to make a page that conducts protected.php then redirects to e.g "loggged_in.php" or "error_logging_in.php"?
Here's what's going on in your code
1. The user accesses your loginpage.php
2. The html output begins and in the middle of it you <? include "protected.php" ?>
3. The php interpreter looks inside the file and sees another 'include' call, so it looks inside the session.php file in which you define a class and then instantiate it, thus calling its constructor.
4. Your constructor function calls session_start(), which tries to send a session cookie to the client, however php requires the headers (and thus cookies too) to be sent before the output begins.
Add <? include "include/session.php" ?> to the beginning of your loginpage.php and remove it from your protected.php
1. The user accesses your loginpage.php
2. The html output begins and in the middle of it you <? include "protected.php" ?>
3. The php interpreter looks inside the file and sees another 'include' call, so it looks inside the session.php file in which you define a class and then instantiate it, thus calling its constructor.
4. Your constructor function calls session_start(), which tries to send a session cookie to the client, however php requires the headers (and thus cookies too) to be sent before the output begins.
Add <? include "include/session.php" ?> to the beginning of your loginpage.php and remove it from your protected.php
Don't ever include a page thats protected, thats what hackers dream of.
Try....
Try....
CODE
<?php
require("include/session.php");
if($session->logged_in){
?>
<!--Your html for when your logged in, here-->
<?php
}else{
?>
<!--Your html for when your not logged in, here-->
<?php
}
?>
require("include/session.php");
if($session->logged_in){
?>
<!--Your html for when your logged in, here-->
<?php
}else{
?>
<!--Your html for when your not logged in, here-->
<?php
}
?>
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.