SaranacLake
-
Posts
648 -
Joined
-
Last visited
Posts posted by SaranacLake
-
-
On 12/25/2019 at 8:31 AM, ginerjm said:
Yes you could add an extra line of code to do the check. But - the better way is to decide which scripts are your 'major' ones, ie, the ones that start a process. The ones that are used solely as includes/requires (I think of them as modules) do not need to begin a session and that is when you have to think about it.
My website basically consists of 3 pages - minus error pages.
Page 1 is a login
Page 2 is a menu
Page 3 is a photo gallery
Then I have access-denied and page-not-found scripts.
You need to be logged in for sure to see Page 2 and 3.
So I need a session on pages 1-3 definitely.
So what is the best way to incorporate sessions on all of my non-included pages?
Something like this...
if ( is_session_started() === FALSE ) session_start();
I swear that when I learned PHP the books I read said to just stick session_start at the top of every pages and PHP would know whether the session had already been started.
If that isn't true, then how do you do things?
On 12/25/2019 at 8:31 AM, ginerjm said:FWIW - that PHP 'notice' is just that - a notice. Not an error or warning.
So if I just left things as they are then no real harm?
(Of course I want to write good code!!)
-
3 hours ago, requinix said:
What you should do is actually learn how to program with PHP instead of throwing code into files and tweaking it until it works.
Then why don't you enlighten me on the proper way to do sessions... 🙄
-
3 minutes ago, maxxd said:
If you start all your php scripts with that, then you're attempting to start an already started session every time you use an include or require directive. Depending on the pattern you're using it may or may not be easy to make sure you only instantiate the session once, but you can always check to see if a session has been started before attempting to start another one.
So I have been coding things incorrectly all these years??? 😮
I was sure that I learned in some PHP book that you just include session_start() at the top of every script, and that PHP was smart enough to figure out if you were starting the session for the first time, or continuing from another page?!
That isn't the case, huh????
If what I have is truly wrong, maybe I could do this at the top of every PHP script...
if(!isset($_SESSION)){ session_start(); } -
For as long as I can remember, I always start my php scripts with...
// Initialize session. session_start();
On my webserver, cPanel keeps populating a error_log with the following entry..
[<date>] PHP Notice: session_start(): session has already been started - ignoring in path/to/suspect/script.php on line 10
Have I been using PHP session incorrectly all of this time?!
Fwiw, I don't get this error - at least not that I know - locally in MAMP...
-
4 hours ago, requinix said:
Here's a really simple reason that you should be able to understand:
If your code doesn't do what you want it do then you need to recode things.
We're talking about removing a couple lines and changing a couple lines. It's not rocket surgery.
Read the other thread where we told you why you should use glob() until you figure out why.
Because you don't understand what the problem is.
No.
I added this one line to my function and it appears to have fixed the issue...
asort($photoFiles);
-
34 minutes ago, requinix said:
Didn't we tell you to use glob()?
Yes, but I had already coded things as shown above, and it made no sense to recode things.
Either way, I don't see where the issue is....
If my photos haven't changed between local DEV and PROD - they have the same filenames and created on dates - then why would anything change?
The only thing I can think is maybe when I SFTPed the files to my webserver it changed the dates on the files and this the order the files are in on the server?
-
Hello. My website has a photo gallery of thumbnails that is created by reading all photo files in a specified directory.
Here is my function that builds the array which is ultimately displayed in the gallery...
<?php function getPhotoFilesArray($photoPath){ /** * Takes path to photo-directory, and returns an array containing photo-filenames. */ // Initialize Array. $photoFiles = array(); // Check for Photo-Directory. if (is_dir($photoPath)){ // Photo-Directory Found. // Open Directory-Handle. $handle = opendir($photoPath); // Open Photo-Directory. if($handle){ // Initialize Key. $i = 1001; // Iterate through Photo-Directory items. while(($file = readdir($handle)) !== FALSE){ // Return next Filename in Directory. // Define fullpath to file/folder. $fullPath = $photoPath . $file; // Populate Array. if(!is_dir($fullPath) && preg_match("#^[^\.].*$#", $file)){ // Not Directory. // Not Hidden File. // Add to array. $photoFiles[$i] = $file; $i++; }//End of POPULATE ARRAY. }//End of ITERATE THROUGH PHOTO-DIRECTORY ITEMS closedir($handle); }//End of OPEN PHOTO-DIRECTORY }else{ // Photo-Directory Not Found. // Redirect to Page-Not-Found. header("Location: " . BASE_URL . "/utilities/page-not-found"); // End script. exit(); }//End of CHECK FOR PHOTO-DIRECTORY return $photoFiles; }//End of getPhotoFilesArray ?>Everything works fine locally in DEV, but when I uploaded my website (and photos) onto a webserver, the photos are appearing in a backwards order in PROD.
This is annoying, because I want the photos displayed chronologically from oldest (first) to newest (last).
I'm not sure where the problem is happening, because each photo was taken with my camera and by nature of the camera, photo names are incremented by one, so IMG_001.jpg would have been taken FIRST, followed by IMG_002.jpg, IMG_003.jpg, and so on.
How can I fix things so the photos are displayed in the order they were physically taken AND match how things display locally in DEV?
Thanks!
-
7 hours ago, Psycho said:
readdir() returns all the "items" in a directory - that includes the '.' and '..', because that is how the file system works. As to your second comment, I think you did not understand @requinix's response. From the 1st line of the description in the manual for readdir()
It just returns a string value for the name of the entity. Then, if you look at the manual for is_dir() it states
I got it working now - thanks for the clarification!!
-
After extensive testing, here is the poop...
Your code doesn't work with Cloudflare...
This code from my web host - which I cleaned up a bit - does work in Chrome and Firefox with Cloudflare turned on...
RewriteCond %{HTTP_HOST} !^www\. RewriteRule ^ https://www.mysite.com%{REQUEST_URI} [L,R=301] RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !htts RewriteRule ^ https://www.mysite.com%{REQUEST_URI} [L,R=301]The key line being the 4th one!!
if you have a way to reduce that down into less lines I am all ears, but for now, I will go with that...
By the way, I haven't been able to recreate my SESSION issue, so I guess it had something to do with the redirects, but who knows?!
One thing I did accomplish in like 3 hours on the phone tonight with my web host was getting a better understanding of how cPanel works with php.ini files - it is WAY more complicated than locally on my MAMP instance!!!
-
6 minutes ago, requinix said:
If you really don't know what . and .. are then you need to research the very basics of how every single filesystem in existence works.
$file is not a full path to the file. It's just the name of the file. So the question is whether you think is_dir("_photos") should say true or false.
I understand that "." is current directory and ".." is one directory up, but I still don't see why my code includes the same directory (recursive) or the directory above it?!
"_photos" and "_thumbnails" and "xxx" are folders in the parent directory, so YES, I expected my code to flag them as such...
-
-
8 hours ago, requinix said:
Disable all redirections, put this on your server, and browse to it. What does it say? For both http:// and https://.
<?php var_dump($_SERVER["HTTPS"] ?? "unset");
I didn't really follow what you are saying...
I commented out the mod_rewrites you helped me with, and in index.php added this at the top...
var_dump($_SERVER["HTTPS"]); exit();
When I go to mysite.com Firefox reloads the screen as broken padlock http://mysite.com/
My home page displayed NULL
I do NOT understand how the nifty 3 line mod_rewrite you showed me went from working perfectly last night to dead in the water today?!
My webhost gave me another mod_rewrite that works for the https://www. issue, but I would prefer to use the one we worked on...
-
I have the following code...
While(($file = readdir($handle)) !== FALSE){ if(is_dir($file))){ echo "$file - Directory<br>"; }else{ echo "$file - Not Directory<br>"; } }And I have the following files/folders...
2019-holiday-party _photos _thumbnails xxx IMG_2205.png
I get these results...
. - Directory .. - Directory _photos - Not Directory _thumbnails - Not Directory IMG_2205.png - Not Directory xxx - Not Directory
Why do the directories "_photos" and "_thumbnails" and "xxx" get reported as "Not Directory"???
Also, where does the "." (dot) and ".." (dot dot) come from??
-
Never in my life has I spent so much time trying to get a 4-page website working?!
I made a backup of my current files on the server and am trying to leave no stone unturned on all of this.
It would help if my web host would help me figure out the cPanel side of things.
Did you see my last post?
Why did your mod-rewrites suddenly stop working??
-
P.S.
To make sure I am working from a clean workspace, I just yo-yo'ed my server, and I rebooted my MacBook. With CLoudFlare turned ON or OFF, and using your mod_rewrite code, when I go to mysite.com in either Chrome or Firefox, the mod_rewrite doesn't work. By that I mean the URL stays as mysite.com
I feel like I am going in circles....
(Please see my previous post as well.)
-
4 minutes ago, requinix said:
Disable all redirections, put this on your server, and browse to it. What does it say? For both http:// and https://.
<?php var_dump($_SERVER["HTTPS"] ?? "unset");
Do you mean comment out all of the mod_rewrites in my .htaccess file?
Or by redirects do you mean in each script like when I do this...
menu.php
// Check if Logged-In. if (isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] == TRUE){ // Member Logged In. // Continue processing... }else{ // Not Logged In. // Redirect to Access-Denied. header("Location: " . BASE_URL . "/utilities/access-denied"); // End script. exit(); }//End of CHECK IF LOGGED-IN4 minutes ago, requinix said:Check your error log.
Not sure how to do this...
4 minutes ago, requinix said:What are the session cookie settings?
Like in the php.ini file?
Anything in particular you want to know about?
-
7 minutes ago, requinix said:
Should be, yes. But what you're describing makes it sound like that second leg is not being encrypted right now.
How would I verify that?
While I was on the phone a few nights ago, the tech installed the free cPanel SSL for me and confirmed it was working.
7 minutes ago, requinix said:If it was not, with my version of the URL rewriting, it would always think the connection was HTTP and would always redirect. Every time. The browser would keep being redirected to https://www.mysite.com over and over, which could appear to you as a "loop" because the CPU usage of Apache handling the same request over and over.
You don't see how understanding HTTPS on your site has anything to do with redirections to HTTPS?
I wasn't understanding why I needed this code to make things work...
#RewriteCond %{HTTP_HOST} !^www\. #RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] #RewriteCond %{HTTPS} off #RewriteCond %{HTTP:X-Forwarded-Proto} !https #RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]BTW, I decided to brave things, and tried your code, and no crashes or infinite loops - based only on observation - appear to have occurred. So maybe I do not need the {HTTP X-Forwarded-Proto} thing?!
Things seem to be working okay, but for some strange reason, when I go to: https://www.mysite.com/client1/gallery/2019-holiday-party and then I delete off the https:// and/or www. then my code goes to "Access Denied".
Otherwise yourc ode seems to be working okay with CloudFlare turned ON.
7 minutes ago, requinix said:Not necessarily. It should in theory, sure, but if they're unwrapping the SSL then this will not work, and if they're forcing SSL even if the original connection to them was not then this will not work.
I have no clue how CloudFlare is handling things...
7 minutes ago, requinix said:You've said that sessions are not working properly on your site. I've said that it was a configuration problem. You decide.
It appears there may be a issue with how cPanel is set up, however, I was asking if maybe my PHP code isn't coded so great?
You mentioned there might be an issue with my SESSONS and an incorrect subdomain or something?
How would I fix that?
-
21 minutes ago, requinix said:
What they do show is the use of X-Forwarded-Proto. It suggests that your CloudFlare configuration is middleman-ing the HTTPS: browser thinks it wants HTTPS, goes to CloudFlare, CloudFlare handles the SSL and then forwards it as HTTP to your server.
Is that what it's doing? Are you seeing many duplicate entries in your access log?
I set up a free CloudFlare account to hide my actual server from the outside world, and to learn more about proxy-servers and CDN's for an ecommerce site that I am working on separately.
My CloudFlare account comes with a free shared SSL certificate, and I also have a free SSL certificate on my VPS that cPanel provides.
As such, this is how a tech at my webhost explained things to me...
Someone clicks on a link or type sin the URL to my website. The request ultimately ends up at CloudFlare which creates an encrypted tunnel between their server and the person requesting my website. CloudFlare's SSL cert is shared, but should protect traffic between the requester and CloudFlare.
CloudFlare then takes this user's request, figures out the IP to my VPS, and then sends that request to my server over an encrypted tunnel that was established by cPanel's SSL cert that is on my VPS.
So when a user makes a request to my website, there are two "legs" over which the request must travel, and they should both be encrypted.
How does all of this relate to my desire to have mod_rewrites that take a non-WWW or WWW request and make it "proper" by redirecting to an "HTTPS://WWW." address?
I have no clue....
You make it sound like if I use this, then it should work fine with CloudFlare, right?
RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTPS} off RewriteRule ^https://www.mysite.com%{REQUEST_URI} [L,R=301]Since my webhost suggested using {HTTP:X-Forwarded-Proto} I wan't sure.
Stepping back for a minute...
Am I using SESSIONS properly on my website? Or am I missing some necessary PHP code?
Back to CloudFlare, I don't know anything about reading logs...
-
27 minutes ago, requinix said:
There aren't too many ways to break it. As long as your session configuration uses the right domain names and paths, and as long as the redirect does what it is supposed to do, then sessions will continue to work.
Here is a link to a thread that I started before this one and asking about these erratic log-in/SESSION issues...
https://forums.phpfreaks.com/topic/309716-problems-logging-in/
A few posts down I posted the code related to this.
Ask #1:
@requinix, if you could check out how I was doing SESSIONS and redirecting it might help you to help me solve this issue. (In the past, I thought using PHP sessions was as simple as starting a SESSION on each page, but maybe there is more to it than that?!)
QuoteSome sort of permissions are wrong. Like, the user PHP is running as does not have permissions on that ea-php72 directory. I can't explain why.
You would think that my webhost would have things configured to work out-of-the-box?!
I have a ticket in, but who knows when I will get a response - let alone a solution?!
Ask #2:
QuoteMight as well as here. If it's too complicated I'll split the post(s) into a new thread.
So my questions relate to how my mod_rewrites - that you helped me with above - should be set up to work with CloudFlare. (I set up a free account to obuscate my VPS from people and add a little security.)
Originally when my mod_rewrites looked like in my OP (shown again below), they seemed to be mostly working in that they no longer broke my SESSION but there was the fact my code wasn't handling the https://mysite.com to https://www.mysite.com scenario.
Original mod_rewrite code:
# NON-WWW to HTTPS://WWW RewriteCond %{HTTP_HOST} !^www\. [NC] RewriteCond %{HTTPS} off RewriteRule (.*) https://www.%{HTTP_HOST}/$1 [L,R=301] # WWW to HTTPS://WWW RewriteCond %{HTTP_HOST} ^www\. [NC] RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}/$1 [L,R=301]HOWEVER, when I turned ON CloudFlare, the above code sent Apache into an infinite loop, and even after killing it in the Activity Manager, I had to reboot my MacBook to get everything working properly.
In order to fix this issue, my webhost suggested the following code...
Webhost code:
RewriteCond %{HTTP_HOST} !^www\. RewriteRule (.*) https://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L] RewriteCond %{HTTPS} off RewriteCond %{HTTP:X-Forwarded-Proto} !https RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]This code from my webhost fixed things, but it looks poorly written from a mod_rewrite standpoint!
I conceded that the code @requinix helped write above is better, and I would like to use it, but I am concerned that it might cause the same issue. (nd, NO, I haven't tried the code you helped me with yet, because I have a window open on my Mac with the new error I got above, and I'm afraid Apache might crash again and lock up my Mac, so I am waiting to hear back from my webhost on the permission issue FIRST before testing things out.
In the mean time, I did some research and found this...
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Proto
The gist of it is that in order to see what a user requests between his/her computer and CloudFlare, you need to use X-Forwarded-Proto,
It seems that in order to get the code we worked with yesterday, I would need to tweak your code and somehow include the X-Forwarded-Proto but I'm not sure where to begin on this...
Can you comment on this second issue, @requinix?
Thanks!
-
12 hours ago, requinix said:
"My" code has nothing to do with your session.
If your sessions are breaking then your session cookie configuration is wrong. Likely the domain: it needs to be either "www.mysite.com" or ".mysite.com".
From what I have read, mod_rewrites can most certainly break SESSIONS if you are redirecting the wrong way.
In addition to the SESSION sometimes breaking when I modify the URL for testing purposes, I got a weird error last night...
-
Notice: session_start(): ps_files_cleanup_dir: opendir(/var/cpanel/php/sessions/ea-php72) failed: Permission denied (13) in path/to/index.php
so on so on
I am thinking that the way cPanel is set up might need to be tweaked, so for now let's assume that "your" 😉 mod_write is correct...
At any rate, I do need help getting all of this to work with CloudFlare...
13 hours ago, requinix said:Sounds like maybe your CloudFlare configuration is wrong.
Can I post my questions here, or should I start a new thread?
-
Notice: session_start(): ps_files_cleanup_dir: opendir(/var/cpanel/php/sessions/ea-php72) failed: Permission denied (13) in path/to/index.php
-
I just tested your code, and while it mostly works, there were two web pages where when I loaded them, and then deleted off the "https://www." I was redirected to my "Access Denied" error-handling page, which means that my SESSION didn't like me changing the URL.
When I tested my code in my OP, I did not have this issue. (This is with Cloudflare turned OFF.)
Any ideas how to prevent your code from agitating my SESSION???
-
10 minutes ago, requinix said:
Maybe, if your rule is matching the hostname of every single domain then maybe, you don't need to test for the hostname at all...
You might kick yourself over this.
RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTPS} off RewriteRule ^ https://www.mysite.com%{REQUEST_URI} [L,R=301]Think about what it does for each of the four conditions:
1. http and mysite.com
2. http and www.mysite.com
3. https and mysite.com
4. https and www.mysite.comI went back to the scenarios that I spelled out earlier, and mapped things to your code...
# NEW 5 # Scenarios... # # mysite.com ===> COND1 # www.mysite.com ===> COND2 # ---- # http://mysite.com ===> COND1 # http://www.mysite.com ===> COND2 # ---- # https://mysite.com ===> COND1 # https://www.mysite.com ==> OK AS-IS RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTPS} off RewriteRule ^https://www.mysite.com%{REQUEST_URI} [L,R=301]As always, you're a GENIUS, @requinix!! 🏆
10 minutes ago, requinix said:As for the last line, I did the same thing as you had, but I prefer my version because it doesn't require doing any regular expression matching, it doesn't rely on mod_rewrite automatically appending any query string, and it's overall just more explicit and obvious about where it's redirecting to.
Okay, fair enough.
So, I will have to test this out later when my backup is done, but it looks like thanks to you I have a better understanding of things and cleaner code.
Of course there is still (likely) a gotcha here... 😉
When I ran the code in my OP - which worked and didn't break my SESSION but which did miss the https://mysite.com scenario - I ran into another problem...
On my VPS I am running CloudFlare, and while the code in my OP worked good enough with CloudFlare temporarily turned off, when I turned CLoudFlare back on, it not only sent Apache into an infinite loop, but it crahsed my Mac?!
@requinix, should I start another thread about that, or continue n in this thread?
-
8 minutes ago, requinix said:
And we all know that our users are highly educated and very knowledgeable about things like HTTPS and www/non-www domain names.
8 minutes ago, requinix said:Good. Now for the next step:
Will mysite.com match the hostname conditions? Will www.mysite.com match the hostname conditions?
Yes.
8 minutes ago, requinix said:Will any domain whatsoever match the hostname conditions?
Interesting point! 😮
Yes, www.requinix.com would rewrite to https://www.mysite.com
8 minutes ago, requinix said:Can you conclude anything from that?
a.) Don't trust what you read on the Internet!
b.) I guess I technically need *specificity*, right?
Maybe...
RewriteCond %{HTTP_HOST} ^(www\.)?(.*)$8 minutes ago, requinix said:So you've added a second rule, yes?
Does it work? Do you still think it's not possible to do both in one single rule set?
Based on the link I posted above, it seems tricky at best to do complicated AND/OR logic with mod_rewrites since you cannot use parentheses.
I didn't feel confident doing it all in one rule.
Do you know how? If so, can you share a solution?
As far as testing, I am actually doing a backup/clone of my Mac and it will be tied up for a few hours.
In the mean time I am just trying to think things out in NotePad...
😉
-
2 minutes ago, requinix said:
Good. But what happened to redirecting https://mysite.com to https://www.mysite.com? Do you not want to do that anymore?
If I do my mod_rewrite properly, then Apache should never create a https://mysite.com
Right?
Now if the user typed into the address bar https://mysite.com then I guess my above code doesn't handle that...
Here is my last block of code (#NEW 3) with comments...
# NEW 3a # IF(not www OR www) AND (not https) # THEN (https://www.mysite.com) RewriteCond %{HTTP_HOST} !^www\. [OR] RewriteCond %{HTTP_HOST} ^www\. RewriteCond %{HTTPS} off RewriteRule (.*) https://www.mysite.com/$1 [L,R=301] # NEW 3b # IF(not www OR www) AND (not https) # THEN (https://www.mysite.com) RewriteCond %{HTTP_HOST} ^(www\.)? RewriteCond %{HTTPS} off RewriteRule (.*) https://www.mysite.com/$1 [L,R=301]This is an interesting site I found...
http://www.ckollars.org/apache-rewrite-htaccess.html#precedence
And here is my best attempt at handling the https://mysite.com scenario...
# NEW 4 # IF((not www OR www) AND (not https)) OR ((https) AND (not www)) # THEN (https://www.mysite.com) RewriteCond %{HTTP_HOST} ^(www\.)? RewriteCond %{HTTPS} off RewriteRule (.*) https://www.mysite.com/$1 [L,R=301] RewriteCond %{HTTPS} on RewriteCond %{HTTP_HOST} !^www\. RewriteRule (.*) https://www.mysite.com/$1 [L,R=301]Comments??
session_start( )
in PHP Coding Help
Posted
Right, and I also asked what is the best way to fix that notice.
Currently I have this in all of my "major" scripts...
And I asked if this would solve the problem...
if(!isset($_SESSION)){ session_start(); }Or maybe this..
if ( is_session_started() === FALSE ) session_start();
[code]
OR maybe you have an even better approach?
I'm asking for some help here because obviously how I thought you set up sessions is wrong!
Thanks.