0

I am trying to create an admin page with sessions. I get the following two errors from admin.php. 

Deprecated: Function session_is_registered() is deprecated in /home/content/95/10216895/html/test/admin.php on line 4

Warning: Cannot modify header information - headers already sent by (output started at /home/content/95/10216895/html/test/admin.php:4) in /home/content/95/10216895/html/test/admin.php on line 7

The code looks like this:

<?php
  //Start the session
  session_start();
  //Get the user name from the previously registered super global variable
  define(ADMIN, $_SESSION['name']);

  if (!session_is_registered("admin"))
  {
    //If session not registered, redirect to login.php page
    header("location:login.php");
  }
  else
  {
    header( 'Content-Type: text/html; charset=utf-8' );
  }
?>


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>

The login check code which is in another file check_login.php for setting the variable is below:

    $sql="SELECT * FROM login_admin WHERE user_name='$myusername' and user_pass=SHA1('$mypassword')";
    //echo '<p>'.$sql.'</p>';

    $result=mysqli_query($dbC, $sql);
    //echo '<p>'.$result.'</p>';

    // Mysql_num_row is counting table row
    $count=mysqli_num_rows($result);
    // If result matched $myusername and $mypassword, table row must be 1 row
    if ($count==1)
    {
      // Register $myusername, $mypassword and redirect to file "admin.php"
      session_start();
      $_SESSION['name'] = 'admin';
      $_SESSION['password'] = 'password';
      // session_register("admin");
      // session_register("password");
      // $_myusername= $myusername;
      $_SESSION['name']= $myusername;
      header("location:admin.php");
    }

Can any one help me to solve this issue?

Adam Wright
  • 48,938
  • 12
  • 131
  • 152
Arvind
  • 189
  • 3
  • 7
  • 15
  • Do you get these errors in the log or on the page? If the latter, you need to change `display_errors` to off. – Eugen Rieck Feb 04 '13 at 12:29
  • error tells the answer `session_is_registered()` fn is deprecated, use `isset($_SESSION['name'])` instead. and put `exit()` after header redirect. – iLaYa ツ Feb 04 '13 at 12:30

6 Answers6

0

First of all you have a typo:

define(ADMIN,$_SESSION['name']);

should be:

define('ADMIN',$_SESSION['name']);

Second:

The problem arises from the fact that you are actually outputting something to the browser with:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head>

Because static HTML at the end of a PHP file sends the text/html header.

You should put all the HTML code inside an .php/.html file and then include it at the end of the script instead.

Third you should use:

isset($_SESSION['admin'])

instead of:

session_is_registered('admin')
Shoe
  • 74,840
  • 36
  • 166
  • 272
0

This is issue caused because of the error you are getting. When you get the error output is sent. so fix the error As it is just a notice if you make your error_reporting to 0 this will work.

ref: How to fix "Headers already sent" error in PHP

if (!session_is_registered("admin")) change to if (!isset($_SESSION["admin"]))

Community
  • 1
  • 1
Prasanth Bendra
  • 31,145
  • 9
  • 53
  • 73
  • Can you please explain -1 – Prasanth Bendra Feb 04 '13 at 12:33
  • Sure: "This is issue caused because of the error you are getting." is like saying "You have an error" which is obvious. "When you get the error output is sent." yeah, that's what the error says, how could that help?. "so fix the error", yeah champ, how are we gonna do that though? "As it is just a notice if you make your error_reporting to 0 this will work." are you **seriously** suggesting that suppressing every error with the error reporting is a good idea? (even suppressing notices only is a bad idea). Should I add more? – Shoe Feb 04 '13 at 13:12
  • i edited the answer after that, I added the code how to fix that issue. – Prasanth Bendra Feb 04 '13 at 13:16
  • The (E_WARNING) error is because of there is a (E_DEPRECATED), so if you fix (E_DEPRECATED) it will automatically fix (E_WARNING), Please read the question, and check the error message there with line numbers specified. – Prasanth Bendra Feb 04 '13 at 13:22
  • You are right, but I voted on your first version of the answer and now my vote is locked until you edit it. So if you edit your answer I'll undo my vote. – Shoe Feb 04 '13 at 13:31
  • that's fine thanks Jeffrey :) – Prasanth Bendra Feb 04 '13 at 13:33
0

So, the warning about session_is_registered("admin") being deprecated is because, unsurprisingly, the function is deprecated (and indeed, removed from PHP 5.4+). You should check variable existence with isset($_SESSION["admin"]).

The second is because, somehow, output is slipping out before you send the header. Your code doesn't seem to be sending anything before the header call as is given, but this can be as little as a single whitespace character before your <?php leader. Check your code carefully to ensure that your file starts with a PHP leader and nothing else.

Adam Wright
  • 48,938
  • 12
  • 131
  • 152
0

While what both posters are saying is true, the output that is being generated is actually the E_DEPRECATED error from using session_is_registered.

Once you change that to one of the other suggestions, you shouldn't have an issue.

Also, you absolutely should put an "exit" immediately after your header redirect. As it stands right now, PHP will execute that whole page, even after you try to redirect a non-authorized user

Colin M
  • 13,010
  • 3
  • 38
  • 58
0

please use the isset function to verify if session is set the header already sent error is because the warning is considered as white space hence the header function not executed

Shinto Anto
  • 66
  • 1
  • 2
-1

After your recent edit, you shouldn't use deprecated function and instead use isset();

This situation arises when there is some output encountered before the session_start call.

One solution is to put ob_start(); just before the session_start();

Ghazanfar Mir
  • 3,493
  • 2
  • 26
  • 42