Re: [PHP] plz check the warning message

Balaji Ankem Mon, 13 Aug 2001 01:04:08 -0700

Hi! Renze,

Thanks a lot for u'r help. I am in vacation up to now.

Now i am trying with u'r solution. I am getting the following error.

I am sending the file also.

Warning: Cannot send session cache limiter - headers already sent in c:\www\authentication.php on line 34

File:authentication.php

<?php
header ("Cache-Control: no-cache, must-revalidate");
header ("Pragma: no-cache");

error_log ("emp_id: $emp_id", 0);
error_log ("Lastname: $emp_pass", 0);

// Connect to MySQL

mysql_connect( 'localhost', 'balaji', 'pingpong' )
or die ( 'Unable to connect to server.' );

// Select database on MySQL server

mysql_select_db( 'imac' )
or die ( 'Unable to select database.' );

// Formulate the query

$sql = "SELECT * FROM employee WHERE
emp_id = '$emp_id' AND emp_pass = '$emp_pass'";

// Execute the query and put results in $result

$result = mysql_query( $sql )
or die ( 'Unable to execute query.' );

// Get number of rows in $result.

$num = mysql_numrows( $result );

    if ( $num != 0 ) {
        // A matching row was found - the user is authenticated.
        session_start();
       session_register('$emp_id');

$row = mysql_fetch_object($result);

  if ($row->user_type=='S')
  {
              include('super.php');

  }
  else if ($row->user_type=='O')
  {
     include('ordinary.php');

}
}

else
{
file://User does not exist or not authenticated.
   echo '<center><h1>Authorization Required.</h1></center>';
   file://header( 'WWW-Authenticate: Basic realm="Private"' );
   file://header( 'HTTP/1.0 401 Unauthorized' );
   exit;
     }

Thanks and regards

-Balaji

----- Original Message -----

From: Renze Munnik

To: Balaji Ankem

Cc: [EMAIL PROTECTED]

Sent: Friday, August 10, 2001 5:41 PM

Subject: Re: [PHP] plz check the warning message

On Fri, Aug 10, 2001 at 04:42:48PM +0530, Balaji Ankem wrote:
> Is there anyway to restrict the reposting?? Means after pressing
> logout button we shouldn't allow the user to go back or reposting
> the data again and getting session again.

Okay... I've figured out two 'solutions'. But... I must say: They're
not pretty. Actually you can't prevent it. But:

Option 1
--------
You can set a cookie after logging in. The authorization page should
check for that cookie. It should not exist in order to login. The
login page (where one gives his username/password) should remove
that cookie if it exists.
This is, though, a _very_ ugly solution and using cookies for
security isn't realy the best thing to do. So actually I wouldn't
encourage you to use this.

Option 2
--------
Another solution is to redirect to a different page. I created the
following example:

=====[ PHP code ]=====
// File: login.php
<HTML>
<HEAD>
<TITLE>Login Test</TITLE>
</HEAD>

<BODY>
<FORM method="post" action="submit-login.php">
   <INPUT type="text" name="firstname">
   <INPUT type="text" name="lastname">
   <BR>
   <INPUT type="submit">
</FORM>
</BODY>
</HTML>

// File: submit-login.php
<?
/* Here you should do things with the provided data...
     For the example I only write it to the log. */
error_log ("Firstname: $firstname", 0);
error_log ("Lastname: $lastname", 0);

/* Here's where you redirect */
header ("Location: logged-in.php");
?>

// File: logged-in.php
/* Whatever you want! */

=====[ end of code ]=====

After pushing the submit-button, the data will be submitted to
submit-login.php. There you handle the login-procedure. After that,
you automatically redirect to a different page (logged-in.php in my
example). That's you you show eg 'You are logged in now'. If you
reload that page, nothing realy happens. If you push 'Back', you end
up on login.php again.

Uptil now this is the best option I've come up with.

Hope it works for what you had in mind.

--

* R&zE:

-- 遙遙遙遙遙遙遙遙遙遙遙遙
-- Renze Munnik
-- DataLink BV
--
-- E: [EMAIL PROTECTED]
-- W: +31 23 5326162
-- F: +31 23 5322144
-- M: +31 6 21811143
-- H: +31 23 5516190
--
-- Stationsplein 82
-- 2011 LM HAARLEM
--
-- http://www.datalink.nl
-- 垂垂垂垂垂垂垂垂垂垂垂垂

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

-----------------------------------------------------------------------------------------------------------------------
Information transmitted by this E-MAIL is proprietary to Wipro Limited and
is intended for use only by the individual or entity to which it is
addressed, and may contain information that is privileged, confidential or
exempt from disclosure under applicable law. If you are not the intended
recipient or it appears that this mail has been forwarded to you without
proper authority, you are notified that any use or dissemination of this
information in any manner is strictly prohibited. In such cases, please
notify us immediately at mailto:[EMAIL PROTECTED] and delete this mail
from your records.
------------------------------------------------------------------------------------------------------------------------

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] plz check the warning message

Reply via email to