Solved

session problems script wont work (cant login to site, and is displaying only session errors)

Posted on 2011-03-13
8
248 Views
Last Modified: 2012-06-22
i was asked to help a friend transfer a site to a new server, this new one is a unix box(old one as too) but a lot of things are different one is the session_start(); on the old one didnt care if it was on another line other then the first. ive been converting the code to be compliment.

i ran into a snag with the logins of the site, mind you this is NOT my code, i was merely helping a friend transfer there site.

right now im getting errors of


 
Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 536

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 538

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 540

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 190

Open in new window


here comes the fun part, the line 190 is in fact the header line for  header("Location: {$_SESSION["previouspage"]}"); line 100 in the script
the other lines are not in the script (see attached script). and the dbconnect.php has 2 lines a mysql_connect and a mysql_select_db thats it

so how do i fix this problem, im really stuck here.
thanks in advance for any help or code you may provide
Johnny
<?PHP
session_start();
/*
echo '<pre>';
var_dump($_POST);
var_dump($_SESSION);
echo '</pre>';
*/
ini_set('session.cookie_lifetime',0);
ini_set('session.gc_maxlifetime',10800);

include("dbconnect.php");

$pos1 = strpos(getenv("HTTP_REFERER"),'logon.php');
$pos2 = strpos(getenv("HTTP_REFERER"),'confirm.php');

if($pos1 === false && $pos2 === false)
{ $_SESSION["previouspage"] = getenv("HTTP_REFERER"); }
else
{ $_SESSION["previouspage"] = "memberscorner.php"; }

$intestmode = false;
if(isset($_GET["testing"]))
{
  $intestmode = "<input type=hidden name=TESTMODE value=1>";
}

//chdir("forums/"); 
//require('./global.php'); 
//chdir("../"); 

// check several settings for the ip; good for not grabbing proxy IPs, but can still be problematic 
if ($_SERVER['HTTP_CLIENT_IP']) 
{ 
    define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']); 
} 
else if ($_SERVER['HTTP_X_FORWARDED_FOR'] AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) 
{ 
    // make sure we dont pick up an internal IP defined by RFC1918 
    foreach ($matches[0] AS $ip) 
    { 
        if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip)) 
        { 
            define('ALT_IP', $ip); 
            break; 
        } 
    } 
} 
else if ($_SERVER['HTTP_FROM']) 
{ 
    define('ALT_IP', $_SERVER['HTTP_FROM']); 
} 
else 
{ 
    define('ALT_IP', $_SERVER['REMOTE_ADDR']); 
} 

define('SESSION_HOST', substr(IPADDRESS, 0, 15)); 
define('SCRIPTPATH', $scriptpath); 
define('TIMENOW', time()); 
define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']); 
define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . osws_fetch_substr_ip(ALT_IP,1) )); // this should *never* change during a session 

//echo SESSION_IDHASH."<br> ".osws_fetch_substr_ip(ALT_IP)."<br> ".$_SERVER['HTTP_USER_AGENT']."<Br>".md5($_SERVER['HTTP_USER_AGENT'] . osws_fetch_substr_ip(ALT_IP));
//echo SESSION_IDHASH." ".osws_fetch_substr_ip(ALT_IP,1);

$error = "";
if(isset($_POST["login"]))
{
  $isDown = mysql_query("SELECT * FROM osws_settings");
  @$isDown = mysql_fetch_assoc($isDown);
  
  if($isDown["SITEDOWN"] != "Y" || isset($_POST["TESTMODE"]))
  {
  
  $u = mysql_real_escape_string($_POST["user"]);
  
  $isvalid = mysql_query("SELECT * FROM osws_users WHERE USERNAME='$u'") or die("Unable to retrieve user data");
  if(@mysql_num_rows($isvalid) > 0)
  {
    @$row = mysql_fetch_assoc($isvalid);
	
	if(crypt($_POST["pass"],"Th3 Sky i5 blue") == $row["USERPASS"])
	{
	 if($row["STATUS"] == "I")
     { $error = "<font class=error><b>- Profile is currently inactive. Please contact us to resolve this. -</b></font>"; }
	 elseif($row[STATUS] == "S")
     { $error = "<font class=error><b>- Profile is currently suspended. Please contact us to resolve this. Typically this occurs when a subscription payment has failed.-</b></font>"; }
     elseif($row[STATUS] == "A")
	 {
	       $thismoment = time();
		   mysql_query("UPDATE osws_users SET LASTACCESSTIME = '$thismoment' WHERE USERNAME='$u'");
		   
	       vblogin($u);
		   
		   $_SESSION['onestopuser'] = $u;
		   
		   session_write_close();
	  	   //@ - fix this
	  	   header("Location: {$_SESSION["previouspage"]}");
		   exit;
	 }
	 else
     { $error = "<font class=error><b>- Profile is currently set to an unknown status. Please contact us to resolve this. -</b></font>"; }

	}
	else
	{
		  
	  $error = "<font class=error><b>- Invalid Username or Password -</b></font>";  
	  
	}
	
  }
  else
  {
    $error = "<font class=error><b>- Invalid Username or Password -</b></font>"; 
  }
  
  }
  else
  {
     $error = "<font color=red>".stripslashes($isDown["SITEDOWNTEXT"])."</font>";
  
  }
  
}

$html = "<form name=logon action=logon.php method=POST >
         <table width=360 align=center cellspacing=0 cellpadding=3 class=bluebox border=0 >
		  <tr><td colspan=3 class=tcat align=left><b>Member Login</b></td></tr>
	      <tr>
	        <td rowspan=2><img src=images/logon_lock.gif align=center></td>
          <td align=right><b>Username:</b></td><td align=left><input type=text name=user size=30 maxlength=100 value=\"{$_POST["user"]}\"></td></tr>
		  <tr>
	      <td align=right><b>Password:</b></td><td align=left><input type=password name=pass size=30 maxlength=100></td></tr>
		  <tr><td align=center colspan=3><input type=submit name=login value=\"Login\" class=loginbtn>$intestmode</td></tr>
		 </table>
		 <div align=center><span style=\"display: inline; width: 350px;\"><a href=forgotpassword.php class=bluelink>Forgot Password</a>| <a href=forgotusername.php class=bluelink>Forgot Username</a> | <a href=newusersignup.php class=bluelink>New Member Sign-Up</a></span></div>
		 <br>
		 $error
		 </form>
		 ";


		 
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- *             Powered by      Developjet    www.developjet.com     * -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Login at Onestopwriteshop</title>
<meta name="description" content="One Stop Write Shop is an online writing community for publish writing & poetry online, story writing , fiction writing also offers free classes, writing contest and memberships for readers, writers and educators." />
<meta name="keywords" content="online writing community, classes, writing contest, poetry contests, publish writing, writing tips, publish poetry, short stories, story writing, one stop write shop, novels free" />

<script type="text/javascript" language="javascript">
var winW=screen.width;

if (winW >= 1024)  {
  document.write('<link rel="stylesheet" type="text/css" href="css/styles-1024_012008.css">');
}

else if (winW <= 1023) {
  document.write('<link rel="stylesheet" type="text/css" href="css/styles_012008.css">');
}
</script>

</head>

<body onLoad="document.logon.user.focus();">

<div align="center">

	<div id="wrapper">
	
		<div id="container">
	
			<div id="left_column" >
				<div id="header">	
				<div id="image">
					<?php require_once('includes/random_rotator.php'); ?>
				</div>
				</div>
					<? include("standard_nav.html"); ?>
				<div id="content_top">
				</div>
				<div id="content_body">
				<? echo $html; ?>
			      <? include("footer.html"); ?>
				</div>			
				<div id="content_bottom">
					<? include("bottom_links.html"); ?>
				</div>
			</div>
			<div id="right_column">
				<div id="right_column_top">	
					<div id="right_column_members_only">
						<div class="cssnav"><a href="memberscorner.php"><img src="images/login_membersonly2.jpg" alt="Members Only" width="17" height="141" /></a></div>	
					</div>
					<div id="right_column_writers_station">
						<div class="cssnav3"><a href="writers-station.php"><img src="images/login_writersstation.jpg" alt="Writers Station" width="17" height="171" /></a></div>
					</div>			
					<div id="right_column_logon">
						<div class="cssnav2"><a href="logon.php"><img src="images/login_down2.jpg" height="61" width="17" alt="Logon"  /></a></div>
					</div>
				</div>
			</div>
			<div id="footer">
			</div>
		</div>
	</div>
</div>
</body>
</html>


<?
function fetch_sessionhash() 
    { 
        return md5(TIMENOW . SCRIPTPATH . SESSION_IDHASH . SESSION_HOST . vbrand(1, 1000000)); 
} 


 function vbrand($min, $max, $seed = -1) 
    { 
    if (!defined('RAND_SEEDED')) 
        { 
        if ($seed == -1) 
            { 
                $seed = (double) microtime() * 1000000; 
            } 
            mt_srand($seed); 
            define('RAND_SEEDED', true); 
        } 
        return mt_rand($min, $max); 
    } 

function vblogin($vBid)
{
mysql_select_db("onestopw_vb_forums");

$md5password=""; 
$md5password_utf=""; 

$found = false;

$getuser = mysql_query("SELECT * FROM user WHERE username='$vBid'") or die(mysql_error());
if($getuser)
{ $found = true; }
@$getuser = mysql_fetch_assoc($getuser);

// strikin user 
$strikes=1; 
$query="INSERT INTO  strikes    (striketime, strikeip, username) VALUES    ('".time()."', '".$_SERVER['REMOTE_ADDR']."', '$vBid')";         

$query="DELETE FROM session WHERE sessionhash = '" . addslashes($_session['dbsessionhash']) . "'"; 
$go=mysql_query($query); 

$session['sessionhash']=fetch_sessionhash(); 
$session['dbsessionhash']=$session['sessionhash']; 
                     
$query=" 
                        INSERT INTO session 
                        (sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent,location) 
                        VALUES 
                        ('" . addslashes($session['sessionhash']) . "', ".$getuser["userid"].", '" . $_SERVER['REMOTE_ADDR'] . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", 0, 2, 0, '" . addslashes($_SERVER['HTTP_USER_AGENT']) . "','/forums/index.php') 
                        "; 

if($found)
{ 
  setcookie("bbsessionhash",$session['sessionhash'],0,"/","",0);
  setcookie("bblastvisit",time(),time()+10800,"/","",0);
  setcookie("bblastactivity",0,time()+10800,"/","",0);
  
 // header("Set-Cookie: bbsessionhash={$session['sessionhash']}; path=/; HttpOnly;"); 
 // header("Set-Cookie: bblastvisit=".time()."; expires=".date("D",time()+10800)." ".date("d-M-y H:i:s",time()+10800)." GMT-05:00; path=/");
 // header("Set-Cookie: bblastactivity=0; expires=".date("D",time()+10800)." ".date("d-M-y H:i:s",time()+10800)." GMT-05:00; path=/");

  $go=mysql_query($query); 
}
                     
//setcookie("sessionhash", $session['sessionhash'], "0", "/", "", "0"); 
}


function vbsetcookie($name, $value = '', $permanent = 1) 
{ 
    global $vboptions, $_SERVER; 
        $expire = 0; 
        $secure = 0; 
        $name = COOKIE_PREFIX . $name; 
        $filename = 'N/A'; 
        $linenum = 0; 
//        setcookie($name, $value, $expire, '/', $vboptions['cookiedomain'], $secure); 
      //  setcookie($name, $value, $expire, $vboptions['cookiepath'], '', $secure); 
} 

function osws_fetch_substr_ip($ip, $length = null)
	{
		if ($length === null OR $length > 3)
		{
			$length = $this->registry->options['ipcheck'];
		}
		return implode('.', array_slice(explode('.', $ip), 0, 4 - $length));
	}

?>

Open in new window

0
Comment
Question by:Johnny
8 Comments
 
LVL 3

Expert Comment

by:Manikandan1986
ID: 35122015
Is there any white space or line break after <?PHP in dbconnect.php?

Like below

<?PHP
<line-break>
mysql_connect...
mysql_select_db...
?>
0
 

Author Comment

by:Johnny
ID: 35122042
Yes
0
 
LVL 11

Expert Comment

by:Bruce Smith
ID: 35122828
This often occurs when the "session_start()" function is called incorrectly. You have it correctly on line 1. However, you are including/requiring a bunch of other php files here. Check those files to be sure that they DO NOT call the "session_start()" function.

Lastly, you may try to move all the PHP functions after the </html> tag to the top right after your session_start() call on line 1. This probably isn't the problem, but won't hurt to try.
0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 35122832
Well, how about moving that two lines of
include("dbconnect.php");
to that place - just for a beginning. Do not include the file, just paste it's content instead.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 

Author Comment

by:Johnny
ID: 35124922
wow, that worked moving the two lines of code to the login.php file.

how do you like that.

ok i gota ask this, who get the points

this ok for points

100 to Manikandan1… suggestion
100 to patsmitty suggestion
300 to Roads_Roads solution

any objections?

thank you all for the help
0
 
LVL 11

Expert Comment

by:Bruce Smith
ID: 35125041
0 points to me as my post was not the solution to your issue.
0
 

Author Closing Comment

by:Johnny
ID: 35130093
this was the solution
0
 
LVL 11

Expert Comment

by:Bruce Smith
ID: 35130824
@Pern, whenever you are awarding points, you need to think about how others will view this page in the future. They see the question and they want to see the exact solution to that question so they can fix their problem also. If you mark say my post here as an assisted solution, you will lead others to think that my answer specifically actually helped you to solve your question when in fact it did not. So always award the points as fairly as you can, but try not to ever accept answers if they didn't specifically answer (or help answer) your question.

I hope this helps. And you did award points correctly here.

Cheers
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

929 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now