Solved

session problems script wont work (cant login to site, and is displaying only session errors)

Posted on 2011-03-13
8
242 Views
Last Modified: 2012-06-22
i was asked to help a friend transfer a site to a new server, this new one is a unix box(old one as too) but a lot of things are different one is the session_start(); on the old one didnt care if it was on another line other then the first. ive been converting the code to be compliment.

i ran into a snag with the logins of the site, mind you this is NOT my code, i was merely helping a friend transfer there site.

right now im getting errors of


 
Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 536

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 538

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 540

Warning: Cannot modify header information - headers already sent by (output started at /home/onestopw/public_html/dbconnect.php:12) in /home/onestopw/public_html/logon.php on line 190

Open in new window


here comes the fun part, the line 190 is in fact the header line for  header("Location: {$_SESSION["previouspage"]}"); line 100 in the script
the other lines are not in the script (see attached script). and the dbconnect.php has 2 lines a mysql_connect and a mysql_select_db thats it

so how do i fix this problem, im really stuck here.
thanks in advance for any help or code you may provide
Johnny
<?PHP
session_start();
/*
echo '<pre>';
var_dump($_POST);
var_dump($_SESSION);
echo '</pre>';
*/
ini_set('session.cookie_lifetime',0);
ini_set('session.gc_maxlifetime',10800);

include("dbconnect.php");

$pos1 = strpos(getenv("HTTP_REFERER"),'logon.php');
$pos2 = strpos(getenv("HTTP_REFERER"),'confirm.php');

if($pos1 === false && $pos2 === false)
{ $_SESSION["previouspage"] = getenv("HTTP_REFERER"); }
else
{ $_SESSION["previouspage"] = "memberscorner.php"; }

$intestmode = false;
if(isset($_GET["testing"]))
{
  $intestmode = "<input type=hidden name=TESTMODE value=1>";
}

//chdir("forums/"); 
//require('./global.php'); 
//chdir("../"); 

// check several settings for the ip; good for not grabbing proxy IPs, but can still be problematic 
if ($_SERVER['HTTP_CLIENT_IP']) 
{ 
    define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']); 
} 
else if ($_SERVER['HTTP_X_FORWARDED_FOR'] AND preg_match_all('#\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}#s', $_SERVER['HTTP_X_FORWARDED_FOR'], $matches)) 
{ 
    // make sure we dont pick up an internal IP defined by RFC1918 
    foreach ($matches[0] AS $ip) 
    { 
        if (!preg_match("#^(10|172\.16|192\.168)\.#", $ip)) 
        { 
            define('ALT_IP', $ip); 
            break; 
        } 
    } 
} 
else if ($_SERVER['HTTP_FROM']) 
{ 
    define('ALT_IP', $_SERVER['HTTP_FROM']); 
} 
else 
{ 
    define('ALT_IP', $_SERVER['REMOTE_ADDR']); 
} 

define('SESSION_HOST', substr(IPADDRESS, 0, 15)); 
define('SCRIPTPATH', $scriptpath); 
define('TIMENOW', time()); 
define('ALT_IP', $_SERVER['HTTP_CLIENT_IP']); 
define('SESSION_IDHASH', md5($_SERVER['HTTP_USER_AGENT'] . osws_fetch_substr_ip(ALT_IP,1) )); // this should *never* change during a session 

//echo SESSION_IDHASH."<br> ".osws_fetch_substr_ip(ALT_IP)."<br> ".$_SERVER['HTTP_USER_AGENT']."<Br>".md5($_SERVER['HTTP_USER_AGENT'] . osws_fetch_substr_ip(ALT_IP));
//echo SESSION_IDHASH." ".osws_fetch_substr_ip(ALT_IP,1);

$error = "";
if(isset($_POST["login"]))
{
  $isDown = mysql_query("SELECT * FROM osws_settings");
  @$isDown = mysql_fetch_assoc($isDown);
  
  if($isDown["SITEDOWN"] != "Y" || isset($_POST["TESTMODE"]))
  {
  
  $u = mysql_real_escape_string($_POST["user"]);
  
  $isvalid = mysql_query("SELECT * FROM osws_users WHERE USERNAME='$u'") or die("Unable to retrieve user data");
  if(@mysql_num_rows($isvalid) > 0)
  {
    @$row = mysql_fetch_assoc($isvalid);
	
	if(crypt($_POST["pass"],"Th3 Sky i5 blue") == $row["USERPASS"])
	{
	 if($row["STATUS"] == "I")
     { $error = "<font class=error><b>- Profile is currently inactive. Please contact us to resolve this. -</b></font>"; }
	 elseif($row[STATUS] == "S")
     { $error = "<font class=error><b>- Profile is currently suspended. Please contact us to resolve this. Typically this occurs when a subscription payment has failed.-</b></font>"; }
     elseif($row[STATUS] == "A")
	 {
	       $thismoment = time();
		   mysql_query("UPDATE osws_users SET LASTACCESSTIME = '$thismoment' WHERE USERNAME='$u'");
		   
	       vblogin($u);
		   
		   $_SESSION['onestopuser'] = $u;
		   
		   session_write_close();
	  	   //@ - fix this
	  	   header("Location: {$_SESSION["previouspage"]}");
		   exit;
	 }
	 else
     { $error = "<font class=error><b>- Profile is currently set to an unknown status. Please contact us to resolve this. -</b></font>"; }

	}
	else
	{
		  
	  $error = "<font class=error><b>- Invalid Username or Password -</b></font>";  
	  
	}
	
  }
  else
  {
    $error = "<font class=error><b>- Invalid Username or Password -</b></font>"; 
  }
  
  }
  else
  {
     $error = "<font color=red>".stripslashes($isDown["SITEDOWNTEXT"])."</font>";
  
  }
  
}

$html = "<form name=logon action=logon.php method=POST >
         <table width=360 align=center cellspacing=0 cellpadding=3 class=bluebox border=0 >
		  <tr><td colspan=3 class=tcat align=left><b>Member Login</b></td></tr>
	      <tr>
	        <td rowspan=2><img src=images/logon_lock.gif align=center></td>
          <td align=right><b>Username:</b></td><td align=left><input type=text name=user size=30 maxlength=100 value=\"{$_POST["user"]}\"></td></tr>
		  <tr>
	      <td align=right><b>Password:</b></td><td align=left><input type=password name=pass size=30 maxlength=100></td></tr>
		  <tr><td align=center colspan=3><input type=submit name=login value=\"Login\" class=loginbtn>$intestmode</td></tr>
		 </table>
		 <div align=center><span style=\"display: inline; width: 350px;\"><a href=forgotpassword.php class=bluelink>Forgot Password</a>| <a href=forgotusername.php class=bluelink>Forgot Username</a> | <a href=newusersignup.php class=bluelink>New Member Sign-Up</a></span></div>
		 <br>
		 $error
		 </form>
		 ";


		 
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!-- *             Powered by      Developjet    www.developjet.com     * -->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Login at Onestopwriteshop</title>
<meta name="description" content="One Stop Write Shop is an online writing community for publish writing & poetry online, story writing , fiction writing also offers free classes, writing contest and memberships for readers, writers and educators." />
<meta name="keywords" content="online writing community, classes, writing contest, poetry contests, publish writing, writing tips, publish poetry, short stories, story writing, one stop write shop, novels free" />

<script type="text/javascript" language="javascript">
var winW=screen.width;

if (winW >= 1024)  {
  document.write('<link rel="stylesheet" type="text/css" href="css/styles-1024_012008.css">');
}

else if (winW <= 1023) {
  document.write('<link rel="stylesheet" type="text/css" href="css/styles_012008.css">');
}
</script>

</head>

<body onLoad="document.logon.user.focus();">

<div align="center">

	<div id="wrapper">
	
		<div id="container">
	
			<div id="left_column" >
				<div id="header">	
				<div id="image">
					<?php require_once('includes/random_rotator.php'); ?>
				</div>
				</div>
					<? include("standard_nav.html"); ?>
				<div id="content_top">
				</div>
				<div id="content_body">
				<? echo $html; ?>
			      <? include("footer.html"); ?>
				</div>			
				<div id="content_bottom">
					<? include("bottom_links.html"); ?>
				</div>
			</div>
			<div id="right_column">
				<div id="right_column_top">	
					<div id="right_column_members_only">
						<div class="cssnav"><a href="memberscorner.php"><img src="images/login_membersonly2.jpg" alt="Members Only" width="17" height="141" /></a></div>	
					</div>
					<div id="right_column_writers_station">
						<div class="cssnav3"><a href="writers-station.php"><img src="images/login_writersstation.jpg" alt="Writers Station" width="17" height="171" /></a></div>
					</div>			
					<div id="right_column_logon">
						<div class="cssnav2"><a href="logon.php"><img src="images/login_down2.jpg" height="61" width="17" alt="Logon"  /></a></div>
					</div>
				</div>
			</div>
			<div id="footer">
			</div>
		</div>
	</div>
</div>
</body>
</html>


<?
function fetch_sessionhash() 
    { 
        return md5(TIMENOW . SCRIPTPATH . SESSION_IDHASH . SESSION_HOST . vbrand(1, 1000000)); 
} 


 function vbrand($min, $max, $seed = -1) 
    { 
    if (!defined('RAND_SEEDED')) 
        { 
        if ($seed == -1) 
            { 
                $seed = (double) microtime() * 1000000; 
            } 
            mt_srand($seed); 
            define('RAND_SEEDED', true); 
        } 
        return mt_rand($min, $max); 
    } 

function vblogin($vBid)
{
mysql_select_db("onestopw_vb_forums");

$md5password=""; 
$md5password_utf=""; 

$found = false;

$getuser = mysql_query("SELECT * FROM user WHERE username='$vBid'") or die(mysql_error());
if($getuser)
{ $found = true; }
@$getuser = mysql_fetch_assoc($getuser);

// strikin user 
$strikes=1; 
$query="INSERT INTO  strikes    (striketime, strikeip, username) VALUES    ('".time()."', '".$_SERVER['REMOTE_ADDR']."', '$vBid')";         

$query="DELETE FROM session WHERE sessionhash = '" . addslashes($_session['dbsessionhash']) . "'"; 
$go=mysql_query($query); 

$session['sessionhash']=fetch_sessionhash(); 
$session['dbsessionhash']=$session['sessionhash']; 
                     
$query=" 
                        INSERT INTO session 
                        (sessionhash, userid, host, idhash, lastactivity, styleid, loggedin, bypass, useragent,location) 
                        VALUES 
                        ('" . addslashes($session['sessionhash']) . "', ".$getuser["userid"].", '" . $_SERVER['REMOTE_ADDR'] . "', '" . addslashes(SESSION_IDHASH) . "', " . TIMENOW . ", 0, 2, 0, '" . addslashes($_SERVER['HTTP_USER_AGENT']) . "','/forums/index.php') 
                        "; 

if($found)
{ 
  setcookie("bbsessionhash",$session['sessionhash'],0,"/","",0);
  setcookie("bblastvisit",time(),time()+10800,"/","",0);
  setcookie("bblastactivity",0,time()+10800,"/","",0);
  
 // header("Set-Cookie: bbsessionhash={$session['sessionhash']}; path=/; HttpOnly;"); 
 // header("Set-Cookie: bblastvisit=".time()."; expires=".date("D",time()+10800)." ".date("d-M-y H:i:s",time()+10800)." GMT-05:00; path=/");
 // header("Set-Cookie: bblastactivity=0; expires=".date("D",time()+10800)." ".date("d-M-y H:i:s",time()+10800)." GMT-05:00; path=/");

  $go=mysql_query($query); 
}
                     
//setcookie("sessionhash", $session['sessionhash'], "0", "/", "", "0"); 
}


function vbsetcookie($name, $value = '', $permanent = 1) 
{ 
    global $vboptions, $_SERVER; 
        $expire = 0; 
        $secure = 0; 
        $name = COOKIE_PREFIX . $name; 
        $filename = 'N/A'; 
        $linenum = 0; 
//        setcookie($name, $value, $expire, '/', $vboptions['cookiedomain'], $secure); 
      //  setcookie($name, $value, $expire, $vboptions['cookiepath'], '', $secure); 
} 

function osws_fetch_substr_ip($ip, $length = null)
	{
		if ($length === null OR $length > 3)
		{
			$length = $this->registry->options['ipcheck'];
		}
		return implode('.', array_slice(explode('.', $ip), 0, 4 - $length));
	}

?>

Open in new window

0
Comment
Question by:Johnny
8 Comments
 
LVL 3

Expert Comment

by:Manikandan1986
ID: 35122015
Is there any white space or line break after <?PHP in dbconnect.php?

Like below

<?PHP
<line-break>
mysql_connect...
mysql_select_db...
?>
0
 

Author Comment

by:Johnny
ID: 35122042
Yes
0
 
LVL 11

Expert Comment

by:patsmitty
ID: 35122828
This often occurs when the "session_start()" function is called incorrectly. You have it correctly on line 1. However, you are including/requiring a bunch of other php files here. Check those files to be sure that they DO NOT call the "session_start()" function.

Lastly, you may try to move all the PHP functions after the </html> tag to the top right after your session_start() call on line 1. This probably isn't the problem, but won't hurt to try.
0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 35122832
Well, how about moving that two lines of
include("dbconnect.php");
to that place - just for a beginning. Do not include the file, just paste it's content instead.
0
Easy Project Management (No User Manual Required)

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:Johnny
ID: 35124922
wow, that worked moving the two lines of code to the login.php file.

how do you like that.

ok i gota ask this, who get the points

this ok for points

100 to Manikandan1… suggestion
100 to patsmitty suggestion
300 to Roads_Roads solution

any objections?

thank you all for the help
0
 
LVL 11

Expert Comment

by:patsmitty
ID: 35125041
0 points to me as my post was not the solution to your issue.
0
 

Author Closing Comment

by:Johnny
ID: 35130093
this was the solution
0
 
LVL 11

Expert Comment

by:patsmitty
ID: 35130824
@Pern, whenever you are awarding points, you need to think about how others will view this page in the future. They see the question and they want to see the exact solution to that question so they can fix their problem also. If you mark say my post here as an assisted solution, you will lead others to think that my answer specifically actually helped you to solve your question when in fact it did not. So always award the points as fairly as you can, but try not to ever accept answers if they didn't specifically answer (or help answer) your question.

I hope this helps. And you did award points correctly here.

Cheers
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to count occurrences of each item in an array.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

25 Experts available now in Live!

Get 1:1 Help Now