SaranacLake

Right, and I also asked what is the best way to fix that notice. Currently I have this in all of my "major" scripts... // Initialize session. session_start(); And I asked if this would solve the problem... if(!isset($_SESSION)){ session_start(); } Or maybe this.. if ( is_session_started() === FALSE ) session_start(); [code] OR maybe you have an even better approach? I'm asking for some help here because obviously how I thought you set up sessions is wrong! Thanks.

My website basically consists of 3 pages - minus error pages. Page 1 is a login Page 2 is a menu Page 3 is a photo gallery Then I have access-denied and page-not-found scripts. You need to be logged in for sure to see Page 2 and 3. So I need a session on pages 1-3 definitely. So what is the best way to incorporate sessions on all of my non-included pages? Something like this... if ( is_session_started() === FALSE ) session_start(); I swear that when I learned PHP the books I read said to just stick session_start at the top of every pages and PHP would know whether the session had already been started. If that isn't true, then how do you do things? So if I just left things as they are then no real harm? (Of course I want to write good code!!)

Then why don't you enlighten me on the proper way to do sessions... 🙄

So I have been coding things incorrectly all these years??? 😮 I was sure that I learned in some PHP book that you just include session_start() at the top of every script, and that PHP was smart enough to figure out if you were starting the session for the first time, or continuing from another page?! That isn't the case, huh???? If what I have is truly wrong, maybe I could do this at the top of every PHP script... if(!isset($_SESSION)){ session_start(); }

For as long as I can remember, I always start my php scripts with... // Initialize session. session_start(); On my webserver, cPanel keeps populating a error_log with the following entry.. [<date>] PHP Notice: session_start(): session has already been started - ignoring in path/to/suspect/script.php on line 10 Have I been using PHP session incorrectly all of this time?! Fwiw, I don't get this error - at least not that I know - locally in MAMP...

I added this one line to my function and it appears to have fixed the issue... asort($photoFiles);

Yes, but I had already coded things as shown above, and it made no sense to recode things. Either way, I don't see where the issue is.... If my photos haven't changed between local DEV and PROD - they have the same filenames and created on dates - then why would anything change? The only thing I can think is maybe when I SFTPed the files to my webserver it changed the dates on the files and this the order the files are in on the server?

Hello. My website has a photo gallery of thumbnails that is created by reading all photo files in a specified directory. Here is my function that builds the array which is ultimately displayed in the gallery... <?php function getPhotoFilesArray($photoPath){ /** * Takes path to photo-directory, and returns an array containing photo-filenames. */ // Initialize Array. $photoFiles = array(); // Check for Photo-Directory. if (is_dir($photoPath)){ // Photo-Directory Found. // Open Directory-Handle. $handle = opendir($photoPath); // Open Photo-Directory. if($handle){ // Initialize Key. $i = 1001; // Iterate through Photo-Directory items. while(($file = readdir($handle)) !== FALSE){ // Return next Filename in Directory. // Define fullpath to file/folder. $fullPath = $photoPath . $file; // Populate Array. if(!is_dir($fullPath) && preg_match("#^[^\.].*$#", $file)){ // Not Directory. // Not Hidden File. // Add to array. $photoFiles[$i] = $file; $i++; }//End of POPULATE ARRAY. }//End of ITERATE THROUGH PHOTO-DIRECTORY ITEMS closedir($handle); }//End of OPEN PHOTO-DIRECTORY }else{ // Photo-Directory Not Found. // Redirect to Page-Not-Found. header("Location: " . BASE_URL . "/utilities/page-not-found"); // End script. exit(); }//End of CHECK FOR PHOTO-DIRECTORY return $photoFiles; }//End of getPhotoFilesArray ?> Everything works fine locally in DEV, but when I uploaded my website (and photos) onto a webserver, the photos are appearing in a backwards order in PROD. This is annoying, because I want the photos displayed chronologically from oldest (first) to newest (last). I'm not sure where the problem is happening, because each photo was taken with my camera and by nature of the camera, photo names are incremented by one, so IMG_001.jpg would have been taken FIRST, followed by IMG_002.jpg, IMG_003.jpg, and so on. How can I fix things so the photos are displayed in the order they were physically taken AND match how things display locally in DEV? Thanks!

I got it working now - thanks for the clarification!!

@requinix After extensive testing, here is the poop... Your code doesn't work with Cloudflare... This code from my web host - which I cleaned up a bit - does work in Chrome and Firefox with Cloudflare turned on... RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^ https://www.mysite.com%{REQUEST_URI} [L,R=301] RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !htts RewriteRule ^ https://www.mysite.com%{REQUEST_URI} [L,R=301] The key line being the 4th one!! if you have a way to reduce that down into less lines I am all ears, but for now, I will go with that... By the way, I haven't been able to recreate my SESSION issue, so I guess it had something to do with the redirects, but who knows?! One thing I did accomplish in like 3 hours on the phone tonight with my web host was getting a better understanding of how cPanel works with php.ini files - it is WAY more complicated than locally on my MAMP instance!!!

I understand that "." is current directory and ".." is one directory up, but I still don't see why my code includes the same directory (recursive) or the directory above it?! "_photos" and "_thumbnails" and "xxx" are folders in the parent directory, so YES, I expected my code to flag them as such...

@requinix Looks like I needed a SPACE between ^ and RewriteRule... 😉

@requinix I didn't really follow what you are saying... I commented out the mod_rewrites you helped me with, and in index.php added this at the top... var_dump($_SERVER["HTTPS"]); exit(); When I go to mysite.com Firefox reloads the screen as broken padlock http://mysite.com/ My home page displayed NULL I do NOT understand how the nifty 3 line mod_rewrite you showed me went from working perfectly last night to dead in the water today?! My webhost gave me another mod_rewrite that works for the https://www. issue, but I would prefer to use the one we worked on...

I have the following code... While(($file = readdir($handle)) !== FALSE){ if(is_dir($file))){ echo "$file - Directory<br>"; }else{ echo "$file - Not Directory<br>"; } } And I have the following files/folders... 2019-holiday-party _photos _thumbnails xxx IMG_2205.png I get these results... . - Directory .. - Directory _photos - Not Directory _thumbnails - Not Directory IMG_2205.png - Not Directory xxx - Not Directory Why do the directories "_photos" and "_thumbnails" and "xxx" get reported as "Not Directory"??? Also, where does the "." (dot) and ".." (dot dot) come from??

@requinix, Never in my life has I spent so much time trying to get a 4-page website working?! I made a backup of my current files on the server and am trying to leave no stone unturned on all of this. It would help if my web host would help me figure out the cPanel side of things. Did you see my last post? Why did your mod-rewrites suddenly stop working??

P.S. To make sure I am working from a clean workspace, I just yo-yo'ed my server, and I rebooted my MacBook. With CLoudFlare turned ON or OFF, and using your mod_rewrite code, when I go to mysite.com in either Chrome or Firefox, the mod_rewrite doesn't work. By that I mean the URL stays as mysite.com I feel like I am going in circles.... (Please see my previous post as well.)

Do you mean comment out all of the mod_rewrites in my .htaccess file? Or by redirects do you mean in each script like when I do this... menu.php // Check if Logged-In. if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == TRUE){ // Member Logged In. // Continue processing... }else{ // Not Logged In. // Redirect to Access-Denied. header("Location: " . BASE_URL . "/utilities/access-denied"); // End script. exit(); }//End of CHECK IF LOGGED-IN Not sure how to do this... Like in the php.ini file? Anything in particular you want to know about?

How would I verify that? While I was on the phone a few nights ago, the tech installed the free cPanel SSL for me and confirmed it was working. I wasn't understanding why I needed this code to make things work... #RewriteCond %{HTTP_HOST} !^www\. #RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] #RewriteCond %{HTTPS} off #RewriteCond %{HTTP:X-Forwarded-Proto} !https #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] BTW, I decided to brave things, and tried your code, and no crashes or infinite loops - based only on observation - appear to have occurred. So maybe I do not need the {HTTP X-Forwarded-Proto} thing?! Things seem to be working okay, but for some strange reason, when I go to: https://www.mysite.com/client1/gallery/2019-holiday-party and then I delete off the https:// and/or www. then my code goes to "Access Denied". Otherwise yourc ode seems to be working okay with CloudFlare turned ON. I have no clue how CloudFlare is handling things... It appears there may be a issue with how cPanel is set up, however, I was asking if maybe my PHP code isn't coded so great? You mentioned there might be an issue with my SESSONS and an incorrect subdomain or something? How would I fix that?

I set up a free CloudFlare account to hide my actual server from the outside world, and to learn more about proxy-servers and CDN's for an ecommerce site that I am working on separately. My CloudFlare account comes with a free shared SSL certificate, and I also have a free SSL certificate on my VPS that cPanel provides. As such, this is how a tech at my webhost explained things to me... Someone clicks on a link or type sin the URL to my website. The request ultimately ends up at CloudFlare which creates an encrypted tunnel between their server and the person requesting my website. CloudFlare's SSL cert is shared, but should protect traffic between the requester and CloudFlare. CloudFlare then takes this user's request, figures out the IP to my VPS, and then sends that request to my server over an encrypted tunnel that was established by cPanel's SSL cert that is on my VPS. So when a user makes a request to my website, there are two "legs" over which the request must travel, and they should both be encrypted. How does all of this relate to my desire to have mod_rewrites that take a non-WWW or WWW request and make it "proper" by redirecting to an "HTTPS://WWW." address? I have no clue.... You make it sound like if I use this, then it should work fine with CloudFlare, right? RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTPS} off RewriteRule ^https://www.mysite.com%{REQUEST_URI} [L,R=301] Since my webhost suggested using {HTTP:X-Forwarded-Proto} I wan't sure. Stepping back for a minute... Am I using SESSIONS properly on my website? Or am I missing some necessary PHP code? Back to CloudFlare, I don't know anything about reading logs...

Here is a link to a thread that I started before this one and asking about these erratic log-in/SESSION issues... https://forums.phpfreaks.com/topic/309716-problems-logging-in/ A few posts down I posted the code related to this. Ask #1: @requinix, if you could check out how I was doing SESSIONS and redirecting it might help you to help me solve this issue. (In the past, I thought using PHP sessions was as simple as starting a SESSION on each page, but maybe there is more to it than that?!) You would think that my webhost would have things configured to work out-of-the-box?! I have a ticket in, but who knows when I will get a response - let alone a solution?! Ask #2: @requinix So my questions relate to how my mod_rewrites - that you helped me with above - should be set up to work with CloudFlare. (I set up a free account to obuscate my VPS from people and add a little security.) Originally when my mod_rewrites looked like in my OP (shown again below), they seemed to be mostly working in that they no longer broke my SESSION but there was the fact my code wasn't handling the https://mysite.com to https://www.mysite.com scenario. Original mod_rewrite code: # NON-WWW to HTTPS://WWW RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteCond %{HTTPS} off RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [L,R=301] # WWW to HTTPS://WWW RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301] HOWEVER, when I turned ON CloudFlare, the above code sent Apache into an infinite loop, and even after killing it in the Activity Manager, I had to reboot my MacBook to get everything working properly. In order to fix this issue, my webhost suggested the following code... Webhost code: RewriteCond %{HTTP_HOST} !^www\. RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L] This code from my webhost fixed things, but it looks poorly written from a mod_rewrite standpoint! I conceded that the code @requinix helped write above is better, and I would like to use it, but I am concerned that it might cause the same issue. (nd, NO, I haven't tried the code you helped me with yet, because I have a window open on my Mac with the new error I got above, and I'm afraid Apache might crash again and lock up my Mac, so I am waiting to hear back from my webhost on the permission issue FIRST before testing things out. In the mean time, I did some research and found this... https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto The gist of it is that in order to see what a user requests between his/her computer and CloudFlare, you need to use X-Forwarded-Proto, It seems that in order to get the code we worked with yesterday, I would need to tweak your code and somehow include the X-Forwarded-Proto but I'm not sure where to begin on this... Can you comment on this second issue, @requinix? Thanks!

From what I have read, mod_rewrites can most certainly break SESSIONS if you are redirecting the wrong way. In addition to the SESSION sometimes breaking when I modify the URL for testing purposes, I got a weird error last night... Notice: session_start(): ps_files_cleanup_dir: opendir(/var/cpanel/php/sessions/ea-php72) failed: Permission denied (13) in path/to/index.php so on so on I am thinking that the way cPanel is set up might need to be tweaked, so for now let's assume that "your" 😉 mod_write is correct... At any rate, I do need help getting all of this to work with CloudFlare... Can I post my questions here, or should I start a new thread?

@requinix, I just tested your code, and while it mostly works, there were two web pages where when I loaded them, and then deleted off the "https://www." I was redirected to my "Access Denied" error-handling page, which means that my SESSION didn't like me changing the URL. When I tested my code in my OP, I did not have this issue. (This is with Cloudflare turned OFF.) Any ideas how to prevent your code from agitating my SESSION???

I went back to the scenarios that I spelled out earlier, and mapped things to your code... # NEW 5 # Scenarios... # # mysite.com ===> COND1 # www.mysite.com ===> COND2 # ---- # http://mysite.com ===> COND1 # http://www.mysite.com ===> COND2 # ---- # https://mysite.com ===> COND1 # https://www.mysite.com ==> OK AS-IS RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTPS} off RewriteRule ^https://www.mysite.com%{REQUEST_URI} [L,R=301] As always, you're a GENIUS, @requinix!! 🏆 Okay, fair enough. So, I will have to test this out later when my backup is done, but it looks like thanks to you I have a better understanding of things and cleaner code. Of course there is still (likely) a gotcha here... 😉 When I ran the code in my OP - which worked and didn't break my SESSION but which did miss the https://mysite.com scenario - I ran into another problem... On my VPS I am running CloudFlare, and while the code in my OP worked good enough with CloudFlare temporarily turned off, when I turned CLoudFlare back on, it not only sent Apache into an infinite loop, but it crahsed my Mac?! @requinix, should I start another thread about that, or continue n in this thread?

Yes. Interesting point! 😮 Yes, www.requinix.com would rewrite to https://www.mysite.com a.) Don't trust what you read on the Internet! b.) I guess I technically need *specificity*, right? Maybe... RewriteCond %{HTTP_HOST} ^(www\.)?(.*)$ Based on the link I posted above, it seems tricky at best to do complicated AND/OR logic with mod_rewrites since you cannot use parentheses. I didn't feel confident doing it all in one rule. Do you know how? If so, can you share a solution? As far as testing, I am actually doing a backup/clone of my Mac and it will be tied up for a few hours. In the mean time I am just trying to think things out in NotePad... 😉

If I do my mod_rewrite properly, then Apache should never create a https://mysite.com Right? Now if the user typed into the address bar https://mysite.com then I guess my above code doesn't handle that... Here is my last block of code (#NEW 3) with comments... # NEW 3a # IF(not www OR www) AND (not https) # THEN (https://www.mysite.com) RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTP_HOST} ^www\. RewriteCond %{HTTPS} off RewriteRule (.*) https://www.mysite.com/$1 [L,R=301] # NEW 3b # IF(not www OR www) AND (not https) # THEN (https://www.mysite.com) RewriteCond %{HTTP_HOST} ^(www\.)? RewriteCond %{HTTPS} off RewriteRule (.*) https://www.mysite.com/$1 [L,R=301] This is an interesting site I found... http://www.ckollars.org/apache-rewrite-htaccess.html#precedence And here is my best attempt at handling the https://mysite.com scenario... # NEW 4 # IF((not www OR www) AND (not https)) OR ((https) AND (not www)) # THEN (https://www.mysite.com) RewriteCond %{HTTP_HOST} ^(www\.)? RewriteCond %{HTTPS} off RewriteRule (.*) https://www.mysite.com/$1 [L,R=301] RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} !^www\. RewriteRule (.*) https://www.mysite.com/$1 [L,R=301] Comments??