|MySQL/PHP: User Authetication Help|
MySQL/PHP User Authetication
Hi all. First, I apoligize if this gets long. Details Details. Details.
I read this message board alot and I have learned so much since I don't have to deal with ads and all the the "stuff" that more commercial sites bring along with them.
I am working on my first PHP/MySQL/Unix project and I'm glad to have gotten this far with it with the little I know (Win32 background).
Ok, now that all of the sacastic comments have been made here is the situation.
I've run into a problem with the administration portion of the site. I dug around and found several "pre built" admin scripts that I studied, hacked, modified, AND debugged. I needed something pretty simple, and the page permits deletion of records. No tables, fields, etc. I did not have the time and background to build it from scratch, considering I had to learn PHP/MySQL/Unix, build my first MySQL DB, AND work with it on a UNIX server, all in two weeks. Yeppie!! It's been almost 4!!
The hosting company (veriz'un) tech support has not been very much help with this whole experience. I'm not going to bash, but "tech support" sounded like they were scared that they may loose their jobs if they gave me too much info about how to secure that portion of the site.
Yesterday after calling tech support about how to deal with users, updates, login, etc., and after reciving "Warning: Headers already being sent" errors, I was told to "go research" and that "[they] were not there to debug code". I never asked if my code was bad, just what this was and if this was something on their end or mine. They told me that there was a "configuration issue" that prevented my cookies to set, and that I would have to "do research" and find out how to use something else. So I am a little bitter!!!
I would like to find a GOOD place to learn about setting up users and how to protect what I have built. As you see I am "the user" (contracted by design firm to fix the site) and I've have been reading all night since I needed to have this thing done last week. Any links, advice, tips will be appreciated. Please post on this board and I will respond via post or email.
I have found a lot of answers at [php.net ]
If you havent already. Do a search on Google for the error messages.
Hey I found this for ya.
Check through your code prior to the session_start(); command. You will
have already output some text to the browser, and since headers (and
cookies which are contained within headers) need to be sent before any
output, this error is happening.
Look for any print, printf, or echo commands. Also look for
whitespaces, tabs etc. before the session_start();
Bear in mind your include('file') statements, they might be causing the
problem, rather than the code in the file you're working on.
Hope this helps
I have had that "headers already sent" message a bunch but not in awhile. I seem to remember that when I change pages using
header (Location: $somepage);
that was the function generating the error but I can't seem to remember what I was doing right before that confused it.
As far as managing users goes you can do it a bunch of different ways. You can manage users in an sql table and then, once they have loggen in, put the info in a cookie. Only use one cookie, I have debugged a lot of code setting multiple cookies for logins that didn't work and switched to a single, longer, cookie.
I have a few pages that I need to protect by themselves and have used $PHP_AUTH_USER and $PHP_AUTH_PASS from arrays in the script to gain access.
php.net and mysql.com are the best resources.
thanks for the tips. after I posted today I read all I could find and I think I have decided on what to do. i also fixed the script to where it's not using the setcookie function which I think was causing problems. Once again the sucky part of this is I didn't have time to rewrite something else. After going to the local bookstore tonight and doing some reading (I was tired of looking at web pages) I came home with several lightbulbs going off. I'll let post and let you know how things went. Thanks again for the answers.
And by the way I did visit all those sites, but I think my brain was too fried to really comprehend what was going on. Now that I have a understanding of "who the culprit was" I know what to look for.