bschultz Posted June 4, 2009 Share Posted June 4, 2009 I can't reproduce the problem...but I've been told by several people that they are having a problem logging in to a members only section. The login page asks for a username and a password. Here's the code for the execution of that login: <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($password)."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; $_SESSION['SESS_ADDRESS'] = $member['address']; $_SESSION['SESS_CITY'] = $member['city']; $_SESSION['SESS_STATE'] = $member['state']; $_SESSION['SESS_LOGIN'] = $member['login']; $_SESSION['SESS_CAPTAIN'] = $member['captain']; $_SESSION['SESS_TEAM'] = $member['team_name']; $_SESSION['SESS_MANUAL_TEAM'] = $member['manual_team']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Here's the code for the "members only" section: <?php session_start(); require_once('auth.php'); ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Member Index</title> <link href="loginmodule.css" rel="stylesheet" type="text/css" /> </head> <body> <h1>Welcome <?php echo $_SESSION['SESS_FIRST_NAME'];?></h1> <a href="logout.php">Logout</a> <p> <?php include "links.php"; ?> <br /> <br /> Thank you for participating in the Go100 For Health walks for 2009. Below, you will see how many miles your team has walked. <br /> blah blah blah Here's auth.php <?php //Start session session_start(); //Check whether the session variable SESS_MEMBER_ID is present or not if(!isset($_SESSION['SESS_MEMBER_ID']) || (trim($_SESSION['SESS_MEMBER_ID']) == '')) { header("location: access-denied.php"); exit(); } ?> Like I said, I can't recreate the problem, so I'm a bit at a loss as to what might be causing this. The people that are having a problem logging in are able to login once in a while...just not every time they try. Anything look out of place or wrong to anyone? Thanks! Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/ Share on other sites More sharing options...
PFMaBiSmAd Posted June 4, 2009 Share Posted June 4, 2009 If you could narrow it down by telling us what does happen when it does not work it would help. Does it redirect to a page and if so, which page? Are there any php error messages or any of the error messages that you code outputs? Just a blank page? Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849272 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 they get redirected from the line in auth.pp header("location: access-denied.php"); upon turning on error reporting... Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /login-exec.php on line 73 Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849276 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 This section obviously is the problem in login-exec.php //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; $_SESSION['SESS_ADDRESS'] = $member['address']; $_SESSION['SESS_CITY'] = $member['city']; $_SESSION['SESS_STATE'] = $member['state']; $_SESSION['SESS_LOGIN'] = $member['login']; $_SESSION['SESS_CAPTAIN'] = $member['captain']; $_SESSION['SESS_TEAM'] = $member['team_name']; $_SESSION['SESS_MANUAL_TEAM'] = $member['manual_team']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> Doesn't that then mean that session_write_close(); isn't happening? Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849286 Share on other sites More sharing options...
PFMaBiSmAd Posted June 4, 2009 Share Posted June 4, 2009 [Edit: per your last post, nothing is obvious in programming, you must find out exactly at what point the values are as expected and at what point they are not.] About the only thing apparent is if they reach your site using a URL that contains www. and they reach the members only page using a URL that drops the www. (or vice versa) and your session cookie parameters are not setup to match both www.yourdomain.com and yourdomain.com (without the www.). Start by checking what session.cookie_domain is. If it is not set, try setting it to .yourdomain.com (with the leading dot.) Ref: http://us.php.net/manual/en/session.configuration.php#ini.session.cookie-domain You should also note that browsers that strictly follow HTTP 1.1 expect a fully qualified URI in a header() redirect - Note: HTTP/1.1 requires an absolute URI as argument to » Location: including the scheme, hostname and absolute path, but some clients accept relative URIs. You can usually use $_SERVER['HTTP_HOST'], $_SERVER['PHP_SELF'] and dirname() to make an absolute URI from a relative one yourself: <?php /* Redirect to a different page in the current directory that was requested */ $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'mypage.php'; header("Location: http://$host$uri/$extra"); exit; ?> Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849288 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 The directory that these scripts are in is a shared directory for four of our company domains... so... domain1.com/shared domain2.com/shared domain3.com/shared domain4.com/shared ...all point to /public_html/shared How can I set the session.cookie_domain in this case? Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849292 Share on other sites More sharing options...
PFMaBiSmAd Posted June 4, 2009 Share Posted June 4, 2009 Cookies are domain specific. You would need to check the request URI that was used to request the page and use that value to set the session.cookie_domain. The session.cookie_domain would need to be set before each session_start() statement. If there is any chance that you have links or redirects on your pages or if your visitors have short-cuts or favorites that switch domains, that could also cause the problem. Your visitor's might be logging in under one domain and switching to a different domain, whereas your testing to reproduce the symptom does not switch between domains. Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849299 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 all links are relative paths...so that SHOULDN'T be the problem (won't say anything for certain though!)... I've tried this for the session domain path: <?php if (strpos(getenv('SERVER_name'), 'kkbj.com')!==false) { ini_set(session.cookie_domain, kkbj.com) } elseif (strpos(getenv('SERVER_name'), 'kkbjam.com')!==false) { ini_set(session.cookie_domain, kkbjam.com) } elseif (strpos(getenv('SERVER_name'), 'wmisfm.com')!==false) { ini_set(session.cookie_domain, wmisfm.com) }elseif (strpos(getenv('SERVER_name'), 'wbji.com')!==false) { ini_set(session.cookie_domain, wbji.com) }; echo ini_set(session.cookie_domain); ?> and I get this error Parse error: syntax error, unexpected '}' in /iniget.php on line 4 Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849303 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 ok...sound this online.. if (isset($_SERVER['HTTP_HOST'])) { if(strpos($_SERVER['HTTP_HOST'], ':') != -1){ $domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':')); } else{ $domain = $_SERVER['HTTP_HOST']; } $domain = preg_replace('`^www.`', '', $domain); // Per RFC 2109, cookie domains must contain at least one dot other than the // first. For hosts such as 'localhost', we don't set a cookie domain. if (count(explode('.', $domain)) > 2) { ini_set('session.cookie_domain', $domain); } } That's now before every session_start()... and I still get the error Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /sandbox/login-exec.php on line 94 Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849320 Share on other sites More sharing options...
PFMaBiSmAd Posted June 4, 2009 Share Posted June 4, 2009 Edit: Cannot help with the last error unless we see all the code in that file. I see you edited a post above (Reply #2) with the following - Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in /login-exec.php on line 73 That is relavant to the problem at hand. What exact line of the posted code is line 73? And depending on that, it almost sounds like your pages are being requested twice by the browser (which could be related to the URL rewriting/redirecting of the four domains to one.) For your last post (Reply #7), ini_set() expects two strings. All the session.cookie_domain and all the strings you are setting it to must be enclosed in quotes (single-quotes would work.) You probably want to use ini_get() in the echo statement. Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849321 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 that line is session_regenerate_id(); complete code <?php //////////// SET COOKIE DIRECTORY if (isset($_SERVER['HTTP_HOST'])) { if(strpos($_SERVER['HTTP_HOST'], ':') != -1){ $domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':')); } else{ $domain = $_SERVER['HTTP_HOST']; } $domain = preg_replace('`^www.`', '', $domain); // Per RFC 2109, cookie domains must contain at least one dot other than the // first. For hosts such as 'localhost', we don't set a cookie domain. if (count(explode('.', $domain)) > 2) { ini_set('session.cookie_domain', $domain); } } //////////// END SET COOKIE DIRECTORY //Start session session_start(); //Include database connection details require_once('config.php'); /////////////ERROR REPORTING . . . COMMENT OUT WHEN GOING LIVE! ///////////////////////////////// echo ini_get('display_errors'); if (!ini_get('display_errors')) { ini_set('display_errors', 1); } echo ini_get('display_errors'); ///////////// END OF ERROR REPORTING ///////////////////////////////// //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra1 = 'login-form.php'; header("Location: http://$host$uri/$extra1"); exit; } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($password)."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; $_SESSION['SESS_ADDRESS'] = $member['address']; $_SESSION['SESS_CITY'] = $member['city']; $_SESSION['SESS_STATE'] = $member['state']; $_SESSION['SESS_LOGIN'] = $member['login']; $_SESSION['SESS_CAPTAIN'] = $member['captain']; $_SESSION['SESS_TEAM'] = $member['team_name']; $_SESSION['SESS_MANUAL_TEAM'] = $member['manual_team']; session_write_close(); $extra2 = 'member-index.php'; header("Location: http://$host$uri/$extra2"); exit; }else { //Login failed $extra3 = 'login-failed.php'; header("Location: http://$host$uri/$extra3"); exit; } }else { die("Query failed"); } ?> Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849324 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 I've added ob_clean and ob_start before all session_start's...and it appears to be working. I'll be back if I hear that it's not working yet. Thanks for the help, PFMaBiSmAd! <?php ob_clean(); ob_start(); //////////// SET COOKIE DIRECTORY if (isset($_SERVER['HTTP_HOST'])) { if(strpos($_SERVER['HTTP_HOST'], ':') != -1){ $domain = substr($_SERVER['HTTP_HOST'], 0, strpos($_SERVER['HTTP_HOST'], ':')); } else{ $domain = $_SERVER['HTTP_HOST']; } $domain = preg_replace('`^www.`', '', $domain); // Per RFC 2109, cookie domains must contain at least one dot other than the // first. For hosts such as 'localhost', we don't set a cookie domain. if (count(explode('.', $domain)) > 2) { ini_set('session.cookie_domain', $domain); } } //////////// END SET COOKIE DIRECTORY //Start session session_start(); //Include database connection details require_once('config.php'); /////////////ERROR REPORTING . . . COMMENT OUT WHEN GOING LIVE! ///////////////////////////////// //echo ini_get('display_errors'); //if (!ini_get('display_errors')) { // ini_set('display_errors', 1); //} //echo ini_get('display_errors'); ///////////// END OF ERROR REPORTING ///////////////////////////////// //Domain Info used to header redirects $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); $extra1 = 'login-form.php'; header("Location: http://$host$uri/$extra1"); exit; } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($password)."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; $_SESSION['SESS_ADDRESS'] = $member['address']; $_SESSION['SESS_CITY'] = $member['city']; $_SESSION['SESS_STATE'] = $member['state']; $_SESSION['SESS_LOGIN'] = $member['login']; $_SESSION['SESS_CAPTAIN'] = $member['captain']; $_SESSION['SESS_TEAM'] = $member['team_name']; $_SESSION['SESS_MANUAL_TEAM'] = $member['manual_team']; session_write_close(); $extra2 = 'member-index.php'; header("Location: http://$host$uri/$extra2"); exit; }else { //Login failed $extra3 = 'login-failed.php'; header("Location: http://$host$uri/$extra3"); exit; } }else { die("Query failed"); } ?> Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849400 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 OK...still hearing of problems with people logging in. Any ideas? Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849575 Share on other sites More sharing options...
bschultz Posted June 4, 2009 Author Share Posted June 4, 2009 The problem appears to be limited to IE7...if that helps anyone! Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849583 Share on other sites More sharing options...
bschultz Posted June 5, 2009 Author Share Posted June 5, 2009 Alright...after LOT's of Google-ing...I commented out the line session_regenerate_id(); And all seems to be working again. Don't I want that line in there? Why would that cause IE7 to not pass along session data? Link to comment https://forums.phpfreaks.com/topic/160925-sessions-not-working-for-some-users/#findComment-849682 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.