PDA

View Full Version : PHP Problem (Warning: session_register(): Cannot send sessio



jhmisa
07-13-2004, 02:36 AM
hello..... I'm still learning PHP so please be patient with me.. Anyway I have a problem with my script, please view it below...

Basically this script is a password changer. What I want it to do is
1. change the password of the user (after it has passed all error checks)
2. Log-out user (unset and destroy session variables)
3. Log-back in the user! (set the new session variables)

Everything works fine if I only do number 1 and number 2 process but as soon as I add process 3 (which is to log user back in (setting new session variables), I get the following famous error message - Warning: session_register(): Cannot send session cookie - headers already sent. Is there a conflict between using unset, destroy and register all together in one script? is there a better way of doing it? or am I missing something in my script to make it all work..

I hope you can help me....

<?
//START DATABASE
session_start();
include 'db.php';
//CONVERT TO SIMPLE VARIABLES
$username = $_SESSION['username'];
$oldpass = $_POST['oldpass'];
$newpass1 = $_POST['newpass1'];
$newpass2 = $_POST['newpass2'];
//STRIPSLASHING
$username = stripslashes($username);
$oldpass = stripslashes($oldpass);
$newpass1 = stripslashes($newpass1);
$newpass2 = stripslashes($newpass2);
//CHECK THAT USER FILLED ALL TEXT BOXES
if((!$oldpass) || (!$newpass1) || (!$newpass2)){
//USER LEFT SOMETHING BLANK PRESENT AN ERROR AND DISPLAY LOGIN INFORMATION
echo('You did not complete the form! Please');

// IF NEW PASSWORD DOES NOT MATCH
}elseif( $newpass1 != $newpass2) {
echo("There was a mismatch between the passwords you have entered");
// IF NEW PASSWORD MATCHES
}elseif($newpass1 == $newpass2) {
//IF EVERYTHING HAS BEEN TESTED AND FOUND TO BE OK!
$db_newpass = md5("$newpass1");
$db_password = md5("$oldpass");
// COMPARE USERNAME AND OLD PASSWORD TO DATABASE
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$db_password' AND activated='1'");
$login_check = mysql_num_rows($sql);
//IF WE FOUND THE PASSWORD
if($login_check > 0){

//CHANGE THE PASSWORD IN THE DATABASE
mysql_query("UPDATE users SET password='$db_newpass' WHERE username='$username' AND activated='1'");

//GET VALUES AND FIELDS IN THE DATABASE
while($row = mysql_fetch_array($sql)){
foreach($row AS $key => $val){
$$key =stripslashes($val);
//echo ("just testing " . "$first_name");
} //foreach
//LOG-OFF USER / DESTROY SESSION VARIABLES
session_unset();
session_destroy();

//LOG-ON USER USING NEW PASSWORD

//REGISTER NEW SESSION VARIABLES

session_register('first_name');
$_SESSION['first_name'] = $first_name;
session_register('last_name');
$_SESSION['last_name'] = $last_name;
session_register('email_address');
$_SESSION['email_address'] = $email_address;
session_register('special_user');
$_SESSION['user_level'] = $user_level;
session_register('username');
$_SESSION['username'] = $username;
session_register('PASSWORD');
$_SESSION['PASSWORD'] = $password;

mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");


} //while loop

//EMAIL USER HERE!!!
echo("YOUR PASSWORD HAS BEEN SUCCESSFULLY CHANGED ");
}else {
echo('WRONG OLD PASSWORD: We did not find the password you have entered in our database');
}
}
?>

wildjokerdesign
07-13-2004, 04:17 AM
I haven't played with this area much in php but I think you may be right to a point that you can't do it all in one script. I think there may be a way around it but you have to reset the headers also when you want to reset the new session. Not sure how to go about it but I think you might need to redirect them within the script sending a variable that would somehow be able to reset the new session so that new headers are sent. Maybe even once the data has been changed in the database you could send them to a confirm page that states that the password has been updated and to please confirm the password and submit it.

My other thought is can you simply reset $_SESSION['PASSWORD'] = $password;

The one thing I see in your code that I am not sure of is where the variables where set for the new session ie $first_name $email_address and $password.

There may be a way to send new headers without redirecting or refreshing the browser but not sure. I think once they are sent that is it till a new page is requested. I am kind of just stabbing in the dark here but thought I would try and give you some input to think about in case no one else has any thoughts.

wildjokerdesign
07-13-2004, 05:12 AM
Did a bit of searching maybe this can help you:
http://php.us.themoes.org/manual/en/function.session-unset.php
In the comments at the bottom it talks about the diffrence between session_unset and session_destroy. Think maybe you do not want to use the session destroy here.

Also here is a simple example of two scripts that are changeing a session variable:
http://hotwired.lycos.com/webmonkey/00/05/index2a_page7.html?tw=programming

Looking at this page:
http://php.us.themoes.org/manual/en/ref.session.php
makes me wonder why you do not simply use something like
$_SESSION['PASSWORD'] = $db_newpass; once it is changed in the database instead.

Not sure what you are trying to accomplish but hopefully some of the above might help.