tags:

views:

77

answers:

4
Q: 

It wont set the session?

Hi SO.

I have this php login system, I had it working great on localhost, I bought a webhotel and now it doesn't work no longer, and i can't find where it goes wrong.

I get no errors.

The login page is in index.php, and when you sign in, and if everythings ok (no errors/wrong pw etc.) then you will be redirected to home.php.

This is not the case. When I log in, it just refreshes the index.php and outputs this at top:

Warning: Cannot modify header information - headers already sent by (httpd.www/oBz/index.php:2) in httpd.www/oBz/index.php on line 221

on line 221 there's: header("Location: home.php");

ok, so i went to home.php manually by enter in the address. Now in home.php I have this at top:

include 'dbc.php';
page_protect();
echo "HELLO WORLD";

page_protect checks if there's any sessions set or cookie(remember me), but if something has been set you will see the content "HELLO WORLD" else you wont.

But right now when i enter home.php I just receive this:

Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at httpd.www/oBz/dbc.php:29) in httpd.www/oBz/dbc.php on line 69
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at httpd.www/oBz/dbc.php:29) in httpd.www/oBz/dbc.php on line 69
Warning: Cannot modify header information - headers already sent by (output started at httpd.www/oBz/dbc.php:29) in httpd.www/oBz/dbc.php on line 117

Line 69 theres session_start(), and it's the first line in the function page_protect();

line 117 theres header("Location: index.php") and is there to redirect if you are not logged in(session set/cookie set)

Hope i provided information enough, if not just comment what you need, and i'll try my best to provide it to you..

Thank you

Update:

Here is dbc.php: http://phpbin.net/x/999009567

**index.php where you log in and where the session sets http://phpbin.net/x/1564167411

**UPDATE: I now solved the header warning/errors but that was not the solution for the session issue!

**UPDATE: phpbin.net/x/25857430 the updated dbc.php, all the html that was in the dbc.php previously is in a new file top.php. I include the top.php file AFTER the doLogin function section in index.php, so there doesnt get any errors with the headers..

***UPDATE: The problem is somewhere here: http://phpbin.net/x/557713701 thats why its redirecting me to index.php all the time

+4  A: 

You're looking at the wrong bits of the error message. The part you're looking at is where it tries to send the headers (ie: where it realizes something is wrong). The relevant part, however, is the part where it began producing output. For the first error, it says the output was already started at index.php, line 2. You probably have whitespace in front of your opening <?php tag. I'd check that first...

kander  2010-07-27 22:41:49
please check the dbc.php i have uploaded. No i do not have a whitespace infront of the <?php.
Karem  2010-07-27 22:49:03
@Karem well it may be after ?> tag. Why can't you check the line 29 yourself?
Col. Shrapnel  2010-07-27 22:52:34
You have output before the tag. session_start() must be called before any output. The reason why it probably worked on your localhost server was you had output buffering turned on (would be my guess). A simple `<?php session_start(); ?>` before the `<html>` should solve the issue (and of course remove it from that function).
Brad F Jacobs  2010-07-27 22:52:39
@premiso i just checked my wampserver setting, and I do have output buffering turned on, so you might be right. I made session_start at the top of dbc.php and removed any other session_start(); in files, but still something is occuring the problem, because it wont login..
Karem  2010-07-27 22:59:13
@karem `$_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])` Where is $_SESSION['HTTP_USER_AGENT'] being set?
George Marian  2010-07-27 23:02:30
@Karem Infact you have ~25 lines of output infront of `<?php` in dbc.php
Mike B  2010-07-27 23:04:55
when you log in on index.php: http://phpbin.net/x/1564167411
Karem  2010-07-27 23:06:32
@Mike B @George Marian @premiso I have solved the headers errors, and rearranged the code but still the session issue wont work
Karem  2010-07-27 23:07:26
@Karem You're going to need to provide us with the updated code.
George Marian  2010-07-27 23:15:21
@George Marian http://phpbin.net/x/25857430 dbc.php, all the html that was in the dbc.php previously is in a new file top.php. I include the top.php file AFTER the doLogin function section in index.php, so there doesnt get any errors with the headers..
Karem  2010-07-27 23:18:12
@Karem define "wont work"
Col. Shrapnel  2010-07-27 23:18:41
@Col. Shrapnel, when i log in on index.php, nothing happends, 1) i dont get redirected 2) and even when i try to enter home.php manually now, i get redirected back to index.php, which means sessions are not set.
Karem  2010-07-27 23:20:21
A: 

I would guess :

Did you issue 

die();

After header("Location: home.php");

???

You might just forget to close the output so that it prints out the rest of the page regardless of this redirection.

Also, please confirm that the encoding is good, should be UTF-8? Sometimes I got it wrong myself :(

Okay, updated answer:

266 header("Location: index.php");

303 header("Location: home.php");

340 header("Location: home.php");

You didn't issue Die() after these three lines. So this might be a risk :)

Michael Mao  2010-07-27 22:42:23
I used exit(); i tried die(); i still have headers errors, but I just found out that is not the session issue problem.
Karem  2010-07-27 22:50:09
@Karem : please check my updated answer
Michael Mao  2010-07-27 23:23:06
@Michael Mao i've issued die(); now, still nothing :(
Karem  2010-07-27 23:26:32
A: 

And line 29 of dbc.php is echoing, or printing, or generating some output to the browser.... so what's the code in dbc.php around that line?

Likewise line 2 of index.php

Mark Baker  2010-07-27 22:42:47
please check updated question for dbc.php
Karem  2010-07-27 22:51:04
+4  A: 

You've already sent output to the browser with all that HTML that exists before your first bit of PHP.

You need to rearrange the code, so that anything which needs to send headers happens before any HTML is sent to the browser.

So:

<?php
session_start();

?>
<html>
<head>
...

The simplest answer may be to move all of that HTML after the PHP code. There's a session_regenerate_id() call in there and another session_start() in the logout function.

For that matter, why do have any HTML in this file anyway? Beyond the session functions, I spotted at least 2 header() calls.

Update:

if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
    /* we double check cookie expiry time against stored in database */

// I snipped a bunch of code, to point out what's going on here

  } else {
    header("Location: index.php");
    die();
    }

So, if the cookie values don't exist, what do you suppose happens here?

George Marian  2010-07-27 22:53:10
I did what you said rearranged the code, moved all html in another file (top.php) so i just call that for the html stuff, this cleaned up the warnings but didnt fix the solution.
Karem  2010-07-27 23:13:37
@karem Theres's a lot of reasons why it may redirect to index.php. Find every `header("Location: index.php");` call and debug the code before that. Maybe cookies aren't being sent or set correctly, for example.
George Marian  2010-07-27 23:29:45
@George Marian cookies aren't being set if you havent checked "remember", but i think you ment sessions. I have 2 header location index.php, one inside logout function, and one if either cookie or session is set
Karem  2010-07-27 23:36:06
@karem See my update.
George Marian  2010-07-27 23:42:23
Karem  2010-07-27 23:48:14
@karem Only if the cookies are set.
George Marian  2010-07-28 00:02:48
@george i found something interesting.. I changed every index.php to indexR.php which doesnt exist and when i log on it trys to go to indexR.php. And one after one i found out which header it was, and now i think i know what code part that needs to be fixed, heres PHPbin: http://phpbin.net/x/557713701
Karem  2010-07-28 00:08:32
George Marian  2010-07-28 00:14:49
Karem  2010-07-28 00:30:35
@karem From index.php: `// session_start();` `// session_regenerate_id (true);` `//prevent against session fixation attacks.` That's the only call to `session_start`, and it's commented out.
George Marian  2010-07-28 00:35:26
FINALLY A BIG THANK YOU! Why i commented it out, or how it got commented out, I cant remember, but a big thank you! Appreciate...really!!
Karem  2010-07-28 00:41:49
@karem You're quite welcome. It probably happened when you were trying to debug the header issue. It happens to us all, at one point or another.
George Marian  2010-07-28 00:44:23

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases