Troubleshooting After A Power Outage?

[sf_guy]

Our office suffered a two-day power outage. Fortunately, it was planned so I did an orderly shut down of the web server. I got the web server back up and running, but now code that was working fine before no longer works and I'm too new to PHP to figure out why.

 

I have this at the start of the "landing" page (this is the page users get to after their password is validated)

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<?PHP session_start(); ?>
<html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
<head>
<title>Welcome</title>
</head><body>
<?PHP
$_SESSION['valid']='TRUE';
?>

... code and HTML ...

</body></html>

 

On each subsequent page linked to from the landing page, I have the following code:

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "[url="http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"]http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd[/url]">
<?PHP session_start(); ?>
<html xmlns="[url="http://www.w3.org/1999/xhtml"]http://www.w3.org/1999/xhtml[/url]">
<head><title>Page Title</title>
</head>
<body>
<?php
/// Kick them out if they try to open this page directly
if ($_SESSION['valid']!='TRUE') {
session_destroy();
die("<b>You must be logged into this application to use it</b>");
?>

... code and html ...

</body></html>

 

This was working perfectly fine until I restarted the server. Now, whenever I click a link that opens another PHP page, I get the error

 

Notice: Undefined index: valid in C:\inetpub\wwwroot\usermanager\selectuser.php on line 9

 

You must be logged into this application to use it.

 

Why? How do I fix this? I can't figure out how just restarting a server could change the code from working to non-working. I'm still a bit of a n00b with PHP. Help GREATLY appreciated. Thanks!

Edited November 20, 2012 by sf_guy

[Pikachu2000]

That code shouldn't have worked correctly previously. You have output being sent to the browser before the session_start();

[sf_guy]

Moving the session_start(); to the very very top of the file still causes the same "Undefined index" error, so that didn't change things.

[sf_guy]

I added a DEBUG print_r statement to the $_SESSION array to see what values are in there and 'valid" IS there and it IS true, so not sure why subsequent pages don't see it

 

DEBUG: Array ( [maxprivilegelevel] =>3 [valid] => TRUE [rotatingphotocount] => 31 )

 

These are all the variables I wanted set, and they are all being set correctly.

 

On the subsequent pages all that's showing is:

 

DEBUG: Array()

 

so the session is obviously not being stored.

 

Is the session stored in memory or on disk?

[PFMaBiSmAd]

You need to set php's error_reporting to E_ALL and either set display_errors to ON (to get errors to display in the browser) or set log_errors to ON (to get errors logged to the server error log file) to get php to help you by reporting and displaying/logging all the errors it detects.

 

Displaying the content of the $_SESSION variable on the page it is set at doesn't actually mean you have set session variables, if your session_start() statement is failing due to the output being sent or some other session related error.

[Pikachu2000]

Like I already said, you have output before session_start(). The session is NOT being started. I'm betting you print_r()'d the $_SESSION array immediately after assigning values to it, yes? If that's the case, all you've done is initialize a LOCAL array, named $_SESSION. You have not successfully started the session, so you have NO superglobal variable named $_SESSION.

[sf_guy]

@Pikeachu2000: I changed it so that there is nothing at all before session_start();.

 

My understanding is that $_SESSION is supposed to be "super global" meaning it's available anywhere.

 

What I'm trying to do is prevent users from initially going to a page directly by typing (or saving) the URL--I want them to have to go through the landing page. Would it be better to just avoid session altogether and just post a hidden form variable on the landing page and test for that on subsequent pages?

 

For clarity, I made two stripped down, rewritten pages where the code STILL doesn't work, i.e. print "Hello World"

 

----------- WEB PAGE ONE.PHP -----------------

<?PHP session_start(); ?>
<html>
<head>
<title>Page One</title>
</head><body>
<?PHP
 $_SESSION['testvalue'] = "Hello World";
?>
<p><a href="pagetwo.php">Click here</a> to see page two</p>
</body></html>

 

----------- WEB PAGE TWO.PHP -----------------

<?PHP session_start(); ?>
<html>
<head>
<title>Page Two</title>
</head><body>
<?PHP echo $_SESSION['testvalue']; ?>
<br>
</body></html>

 

 

I run one.php, click the link to open two.php, and instead of a page showing "Hello World" I get

 

Notice: Undefined index: testvalue in c:\inetpub\wwwroot\two.php

 

Sorry if I seem dense but I'm just not understanding why even this isn't working.

Edited November 20, 2012 by sf_guy

[PFMaBiSmAd]

See my post above pika's, about setting error_reporting (you apparently only have it set to display notice messages) to get php to help you debug what is going on.

Edited November 20, 2012 by PFMaBiSmAd

[sf_guy]

I turned on error reporting, but no messages are showing other than the ones I already listed

 

I thought perhaps there might be a security issue, but I checked C:\PROGRAMDATA\PHP\SESSIONS and there is a file in there called

sess_905m06314ibdubru8ko0aqj4d1 which contains the following testvalue|s:11:"hello world"; and it is created when I run the app.

[sf_guy]

Thanks to all who responded. Turns out it was a problem with the session store.

 

I looked at the path, which was correct, but when I physically went there on the machine, it was full of garbage files and filenames with bad characters in them. We have various web servers running on several Virtual Machines on the same overall server, and a couple others in different areas had problems too.

 

We moved the entire web site to a new VM and it's working fine now.

 

I *did* learn the value of isset() though, so I can now display errors not just to people who logged out but to those who never logged in in the first place, so the day hasn't been a total waste.

 

Thanks again for your help and Happy Thanksgiving

[PFMaBiSmAd]

Are you doing any url rewriting, so that when you clicked on your test pagetwo.php link that something beside just the filename changed in the url, compared to the url for pageone.php, such as adding or removing the www. in front of the domain name?

 

The reason I ask, is your pageone script is starting a session and storing the data in it, but for some reason that session doesn't match pagetwo. One reason would be because the browser isn't sending the session id cookie to the server with the request for pagetwo because it thinks the cookie doesn't match that page, either due to the domain being different (unlikely), the subdomain being different (a changing www. vs no www. between the two pages), or the path after the domain is different (unlikely based on the test href link you used.)

 

Edit: or nevermind, since you apparently found the problem.

Edited November 20, 2012 by PFMaBiSmAd

[sf_guy]

@PFMaBiSmAd: Thanks for all the help. None of these things turned out to be the issue, but I did learn a lot about domains and isset() so at least something good came out of it!