So i have a project, that have a simple login system. There is a "users" table, that have "username" and "password" ecnrypted with SHA1.
And i have a simple form, that will change the password of the account that is logged in. But it is not working. Here is what i got:
<?php
include('connect.php');
if(isset($_POST['change']))
{
$nova_password = $_POST["nova_password"];
session_start();
$utilizador = $_SESSION['username'];
if (empty($nova_password)) {
$nopassword = '<span class="error">Insira uma nova password!</span></br>';
echo $nopassword;
}
if(!empty($nova_password))
{
$query = mysql_query("update users set password=SHA1('$nova_password') where username='$utilizador'");
$sucesso = '<span class="yes">Password Alterada com Sucesso!</span>';
echo $sucesso;
}
} //END IF
?>
When i go to the page, it says:"A session had already been started - ignoring session_start()".
This error appear before i click the button.
You have already started a session? Try removing session_start(); under $nova_password
Edit: Do this
$query = mysql_query("update users set password=SHA1('$nova_password') where username='$utilizador'");
// Destroy session and send them to login form
session_destroy();
header("Location: http://yourdomain.com/login.php");
exit();
But If you'd like to echo a message first you could use header( "refresh:seconds;url=wherever.php" );. But yes make sure no headers have been sent yet. Else you could use <meta http-equiv="refresh" content="seconds;url=url">
Or you could turn on output buffering ob_start(). Then it don't matter.
Substitute session_start() line with this:
if(!isset($_SESSION))
session_start();