I am working on a new project www.merapalwal.com. I have created a user login panel for this project where the user can login with their email id and password. Everything is working fine, user created and updated correctly. I used login form in header page which is included in all other pages.
I have created two db files, db-user.php (for db config) and db-sess.php (for db config with session_start). But if I use db-sess.php on the login form in header-top.php, it gives me the error:
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/mypalwal/public_html/index.php:16) in /home/mypalwal/public_html/includes/db-sess.php on line 3
When I use db-user.php, it allows a user to log in but does not show the username after welcome, please advise me code as under:
header.php:
<?php
ini_set('session.bug_compat_42',0);
ini_set('session.bug_compat_warn',0);
include('includes/db-sess.php');
$error = '';
$form = $_POST['login'];
$lemail = $_POST['lemail'];
$pass = $_POST['pass'];
$_SESSION['lemail'] = $_POST['lemail'];
if( isset($form) ) {
if( isset($lemail) && isset($pass) && $lemail !== '' && $pass !== '' ) {
$sql = mysql_query("SELECT * FROM `userdata` WHERE email='$lemail' and pass='$pass' and type='Normal User';");
if( mysql_num_rows($sql) != 0 ) { //success
$_SESSION['logged-in'] = true;
print "<script type=\"text/javascript\">";
print "window.location.href = \"users/index.php\"";
print "</script>";
exit;
}
else { $error = "Login Detail Incorrect"; }
} else { $error = 'Login Detail Missing';}
}
?>
db-user.php:
<?php
$dbhost = 'localhost';
$dbuser = '######';
$dbpass = '######';
$db = '#######';
$conn = mysql_connect($dbhost, $dbuser, $dbpass );
mysql_select_db($db);
?>
If I use the above code for db config, it allows login and redirects to the next page but does not show user details but when I use db-sess.php which has session_start in it, the login form allows me to login and shows the username.
If I use db-sess.php, it shows an error on index.php page:
Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/mypalwal/public_html/index.php:16) in /home/mypalwal/public_html/includes/db-sess.php on line 3
There is some space before in one of the 3 files, which causes the page output to be started and headers to be sent. Remove the space and especially remove the ?>
P.S.: You have 2 astonishing security issues in your code: SQL Injection possibilities and clear text passwords.