Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 263
  • Last Modified:

session problems script wont work (cant login to site, and is displaying only session errors)

i was asked to help a friend transfer a site to a new server, this new one is a unix box(old one as too) but a lot of things are different one is the session_start(); on the old one didnt care if it was on another line other then the first. ive been converting the code to be compliment.

i ran into a snag with the logins of the site, mind you this is NOT my code, i was merely helping a friend transfer there site.

right now im getting errors of


 
Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 536

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 538

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 540

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 190

Open in new window


here comes the fun part, the line 190 is in fact the header line for  header("Location: {$_SESSION["previouspage"]}"); line 100 in the script
the other lines are not in the script (see attached script). and the dbconnect.php has 2 lines a mysql_connect and a mysql_select_db thats it

so how do i fix this problem, im really stuck here.
thanks in advance for any help or code you may provide
Johnny
<?PHP
session_start();
/*
echo '<pre>';
var_dump($_POST);
var_dump($_SESSION);
echo '</pre>';
*/
ini_set('session.cookie_lifetime',0);
ini_set('session.gc_maxlifetime',10800);

include("dbconnect.php");

$pos1 = strpos(getenv("HTTP_REFERER"),'logon.php');
$pos2 = strpos(getenv("HTTP_REFERER"),'confirm.php');

if($pos1 === false && $pos2 === false)
{ $_SESSION["previouspage"] = getenv("HTTP_REFERER"); }
else
{ $_SESSION["previouspage"] = "memberscorner.php"; }

$intestmode = false;
if(isset($_GET["testing"]))
{
  $intestmode = "<input type=hidden name=TESTMODE value=1>";
}

//chdir("forums/"); 
//require('./global.php'); 
//chdir("../"); 

// check several settings for the ip; good for not grabbing proxy IPs, but can still be problematic 
if ($_SERVER['HTTP_CLIENT_IP']) 
{ 
    define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']); 
} 
else if ($_SERVER['HTTP_X_FORWARDED_FOR'] AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) 
{ 
    // make sure we dont pick up an internal IP defined by RFC1918 
    foreach ($matches[0] AS $ip) 
    { 
        if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip)) 
        { 
            define('ALT_IP', $ip); 
            break; 
        } 
    } 
} 
else if ($_SERVER['HTTP_FROM']) 
{ 
    define('ALT_IP', $_SERVER['HTTP_FROM']); 
} 
else 
{ 
    define('ALT_IP', $_SERVER['REMOTE_ADDR']); 
} 

define('SESSION_HOST', substr(IPADDRESS, 0, 15)); 
define('SCRIPTPATH', $scriptpath); 
define('TIMENOW', time()); 
define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']); 
define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . osws_fetch_substr_ip(ALT_IP,1) )); // this should *never* change during a session 

//echo SESSION_IDHASH."<br> ".osws_fetch_substr_ip(ALT_IP)."<br> ".$_SERVER['HTTP_USER_AGENT']."<Br>".md5($_SERVER['HTTP_USER_AGENT'] . osws_fetch_substr_ip(ALT_IP));
//echo SESSION_IDHASH." ".osws_fetch_substr_ip(ALT_IP,1);

$error = "";
if(isset($_POST["login"]))
{
  $isDown = mysql_query("SELECT * FROM osws_settings");
  @$isDown = mysql_fetch_assoc($isDown);
  
  if($isDown["SITEDOWN"] != "Y" || isset($_POST["TESTMODE"]))
  {
  
  $u = mysql_real_escape_string($_POST["user"]);
  
  $isvalid = mysql_query("SELECT * FROM osws_users WHERE USERNAME='$u'") or die("Unable to retrieve user data");
  if(@mysql_num_rows($isvalid) > 0)
  {
    @$row = mysql_fetch_assoc($isvalid);
	
	if(crypt($_POST["pass"],"Th3 Sky i5 blue") == $row["USERPASS"])
	{
	 if($row["STATUS"] == "I")
     { $error = "<font class=error><b>- Profile is currently inactive. Please contact us to resolve this. -</b></font>"; }
	 elseif($row[STATUS] == "S")
     { $error = "<font class=error><b>- Profile is currently suspended. Please contact us to resolve this. Typically this occurs when a subscription payment has failed.-</b></font>"; }
     elseif($row[STATUS] == "A")
	 {
	       $thismoment = time();
		   mysql_query("UPDATE osws_users SET LASTACCESSTIME = '$thismoment' WHERE USERNAME='$u'");
		   
	       vblogin($u);
		   
		   $_SESSION['onestopuser'] = $u;
		   
		   session_write_close();
	  	   //@ - fix this
	  	   header("Location: {$_SESSION["previouspage"]}");
		   exit;
	 }
	 else
     { $error = "<font class=error><b>- Profile is currently set to an unknown status. Please contact us to resolve this. -</b></font>"; }

	}
	else
	{
		  
	  $error = "<font class=error><b>- Invalid Username or Password -</b></font>";  
	  
	}
	
  }
  else
  {
    $error = "<font class=error><b>- Invalid Username or Password -</b></font>"; 
  }
  
  }
  else
  {
     $error = "<font color=red>".stripslashes($isDown["SITEDOWNTEXT"])."</font>";
  
  }
  
}

$html = "<form name=logon action=logon.php method=POST >
         <table width=360 align=center cellspacing=0 cellpadding=3 class=bluebox border=0 >
		  <tr><td colspan=3 class=tcat align=left><b>Member Login</b></td></tr>
	      <tr>
	        <td rowspan=2><img src=images/logon_lock.gif align=center></td>
          <td align=right><b>Username:</b></td><td align=left><input type=text name=user size=30 maxlength=100 value=\"{$_POST["user"]}\"></td></tr>
		  <tr>
	      <td align=right><b>Password:</b></td><td align=left><input type=password name=pass size=30 maxlength=100></td></tr>
		  <tr><td align=center colspan=3><input type=submit name=login value=\"Login\" class=loginbtn>$intestmode</td></tr>
		 </table>
		 <div align=center><span style=\"display: inline; width: 350px;\"><a href=forgotpassword.php class=bluelink>Forgot Password</a>| <a href=forgotusername.php class=bluelink>Forgot Username</a> | <a href=newusersignup.php class=bluelink>New Member Sign-Up</a></span></div>
		 <br>
		 $error
		 </form>
		 ";


		 
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- *             Powered by      Developjet    www.developjet.com     * -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Login at Onestopwriteshop</title>
<meta name="description" content="One Stop Write Shop is an online writing community for publish writing & poetry online, story writing , fiction writing also offers free classes, writing contest and memberships for readers, writers and educators." />
<meta name="keywords" content="online writing community, classes, writing contest, poetry contests, publish writing, writing tips, publish poetry, short stories, story writing, one stop write shop, novels free" />

<script type="text/javascript" language="javascript">
var winW=screen.width;

if (winW >= 1024)  {
  document.write('<link rel="stylesheet" type="text/css" href="css/styles-1024_012008.css">');
}

else if (winW <= 1023) {
  document.write('<link rel="stylesheet" type="text/css" href="css/styles_012008.css">');
}
</script>

</head>

<body onLoad="document.logon.user.focus();">

<div align="center">

	<div id="wrapper">
	
		<div id="container">
	
			<div id="left_column" >
				<div id="header">	
				<div id="image">
					<?php require_once('includes/random_rotator.php'); ?>
				</div>
				</div>
					<? include("standard_nav.html"); ?>
				<div id="content_top">
				</div>
				<div id="content_body">
				<? echo $html; ?>
			      <? include("footer.html"); ?>
				</div>			
				<div id="content_bottom">
					<? include("bottom_links.html"); ?>
				</div>
			</div>
			<div id="right_column">
				<div id="right_column_top">	
					<div id="right_column_members_only">
						<div class="cssnav"><a href="memberscorner.php"><img src="images/login_membersonly2.jpg" alt="Members Only" width="17" height="141" /></a></div>	
					</div>
					<div id="right_column_writers_station">
						<div class="cssnav3"><a href="writers-station.php"><img src="images/login_writersstation.jpg" alt="Writers Station" width="17" height="171" /></a></div>
					</div>			
					<div id="right_column_logon">
						<div class="cssnav2"><a href="logon.php"><img src="images/login_down2.jpg" height="61" width="17" alt="Logon"  /></a></div>
					</div>
				</div>
			</div>
			<div id="footer">
			</div>
		</div>
	</div>
</div>
</body>
</html>


<?
function fetch_sessionhash() 
    { 
        return md5(TIMENOW . SCRIPTPATH . SESSION_IDHASH . SESSION_HOST . vbrand(1, 1000000)); 
} 


 function vbrand($min, $max, $seed = -1) 
    { 
    if (!defined('RAND_SEEDED')) 
        { 
        if ($seed == -1) 
            { 
                $seed = (double) microtime() * 1000000; 
            } 
            mt_srand($seed); 
            define('RAND_SEEDED', true); 
        } 
        return mt_rand($min, $max); 
    } 

function vblogin($vBid)
{
mysql_select_db("onestopw_vb_forums");

$md5password=""; 
$md5password_utf=""; 

$found = false;

$getuser = mysql_query("SELECT * FROM user WHERE username='$vBid'") or die(mysql_error());
if($getuser)
{ $found = true; }
@$getuser = mysql_fetch_assoc($getuser);

// strikin user 
$strikes=1; 
$query="INSERT INTO  strikes    (striketime, strikeip, username) VALUES    ('".time()."', '".$_SERVER['REMOTE_ADDR']."', '$vBid')";         

$query="DELETE FROM session WHERE sessionhash = '" . addslashes($_session['dbsessionhash']) . "'"; 
$go=mysql_query($query); 

$session['sessionhash']=fetch_sessionhash(); 
$session['dbsessionhash']=$session['sessionhash']; 
                     
$query=" 
                        INSERT INTO session 
                        (sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent,location) 
                        VALUES 
                        ('" . addslashes($session['sessionhash']) . "', ".$getuser["userid"].", '" . $_SERVER['REMOTE_ADDR'] . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", 0, 2, 0, '" . addslashes($_SERVER['HTTP_USER_AGENT']) . "','/forums/index.php') 
                        "; 

if($found)
{ 
  setcookie("bbsessionhash",$session['sessionhash'],0,"/","",0);
  setcookie("bblastvisit",time(),time()+10800,"/","",0);
  setcookie("bblastactivity",0,time()+10800,"/","",0);
  
 // header("Set-Cookie: bbsessionhash={$session['sessionhash']}; path=/; HttpOnly;"); 
 // header("Set-Cookie: bblastvisit=".time()."; expires=".date("D",time()+10800)." ".date("d-M-y H:i:s",time()+10800)." GMT-05:00; path=/");
 // header("Set-Cookie: bblastactivity=0; expires=".date("D",time()+10800)." ".date("d-M-y H:i:s",time()+10800)." GMT-05:00; path=/");

  $go=mysql_query($query); 
}
                     
//setcookie("sessionhash", $session['sessionhash'], "0", "/", "", "0"); 
}


function vbsetcookie($name, $value = '', $permanent = 1) 
{ 
    global $vboptions, $_SERVER; 
        $expire = 0; 
        $secure = 0; 
        $name = COOKIE_PREFIX . $name; 
        $filename = 'N/A'; 
        $linenum = 0; 
//        setcookie($name, $value, $expire, '/', $vboptions['cookiedomain'], $secure); 
      //  setcookie($name, $value, $expire, $vboptions['cookiepath'], '', $secure); 
} 

function osws_fetch_substr_ip($ip, $length = null)
	{
		if ($length === null OR $length > 3)
		{
			$length = $this->registry->options['ipcheck'];
		}
		return implode('.', array_slice(explode('.', $ip), 0, 4 - $length));
	}

?>

Open in new window

0
Johnny
Asked:
Johnny
1 Solution
 
Manikandan1986Commented:
Is there any white space or line break after <?PHP in dbconnect.php?

Like below

<?PHP
<line-break>
mysql_connect...
mysql_select_db...
?>
0
 
JohnnyAuthor Commented:
Yes
0
 
Bruce SmithSoftware Engineer IICommented:
This often occurs when the "session_start()" function is called incorrectly. You have it correctly on line 1. However, you are including/requiring a bunch of other php files here. Check those files to be sure that they DO NOT call the "session_start()" function.

Lastly, you may try to move all the PHP functions after the </html> tag to the top right after your session_start() call on line 1. This probably isn't the problem, but won't hurt to try.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Lukasz ChmielewskiCommented:
Well, how about moving that two lines of
include("dbconnect.php");
to that place - just for a beginning. Do not include the file, just paste it's content instead.
0
 
JohnnyAuthor Commented:
wow, that worked moving the two lines of code to the login.php file.

how do you like that.

ok i gota ask this, who get the points

this ok for points

100 to Manikandan1… suggestion
100 to patsmitty suggestion
300 to Roads_Roads solution

any objections?

thank you all for the help
0
 
Bruce SmithSoftware Engineer IICommented:
0 points to me as my post was not the solution to your issue.
0
 
JohnnyAuthor Commented:
this was the solution
0
 
Bruce SmithSoftware Engineer IICommented:
@Pern, whenever you are awarding points, you need to think about how others will view this page in the future. They see the question and they want to see the exact solution to that question so they can fix their problem also. If you mark say my post here as an assisted solution, you will lead others to think that my answer specifically actually helped you to solve your question when in fact it did not. So always award the points as fairly as you can, but try not to ever accept answers if they didn't specifically answer (or help answer) your question.

I hope this helps. And you did award points correctly here.

Cheers
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now