mac_gyver Posted November 11, 2022 Share Posted November 11, 2022 no. the session data files are managed by php. Quote Link to comment Share on other sites More sharing options...
PNewCode Posted November 11, 2022 Author Share Posted November 11, 2022 @mac_gyveryup I'm officially lost now. I was looking for something that would list all the data that I could do some sort of clear script or something. Are there people (maybe you?) on here that can be for hire to do things like this? Or is that not allowed to ask. I don't want to break any rules. Quote Link to comment Share on other sites More sharing options...
mac_gyver Posted November 11, 2022 Share Posted November 11, 2022 the simplest, straightforward solution would be to query on each page request to get the current user's status. even though you are not performing any of the actions i listed, you are forcing the user to become logged out. in the current code you should have login check logic on each protected page, that starts the session and tests if $_SESSION['unique_id'] is or is not set. you would change it to the following to cause a status value of "Offline now" to log the user out and redirect to the logintool.php page - <?php // this sets the lifetime to zero and the rest of the values to null session_set_cookie_params(0); session_start(); // login check code if(!isset($_SESSION['unique_id'])) { // if not logged in, go elsewhere header("location: https://www.peredy1.com/adminchat/logintool.php"); die; } // at this point there's a logged in user, get the user's current status // note: use 'require' for things your code must have for it to work require "config.php"; $sql = "SELECT status from users WHERE unique_id = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $_SESSION['unique_id']); $stmt->execute(); $stmt->bind_result($user_status); $stmt->fetch(); if($user_status === "Offline now") { // force a log-out // note: you should only unset() $_SESSION['unique_id'] since a session can contain other pieces of data session_unset(); session_destroy(); header("location: https://www.peredy1.com/adminchat/logintool.php"); die; } // at this point the user is logged in and can access the rest of the code on the protected page Quote Link to comment Share on other sites More sharing options...
PNewCode Posted November 11, 2022 Author Share Posted November 11, 2022 @mac_gyverthank you very much for all your help. I'm going to use this and go at it till it works. I really appreciate your time. Thank you. Quote Link to comment Share on other sites More sharing options...
PNewCode Posted November 12, 2022 Author Share Posted November 12, 2022 @mac_gyverI hope that I'm not a nuesence at this point. I tried like crazy to put in your example on the page that is being used itself. And I get the following errors. Any thoughts? And thank you again btw for all the guidance Quote Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at index.php:5) in index.php on line 10 Warning: require(): https:// wrapper is disabled in the server configuration by allow_url_include=0 in index.php on line 23 Warning: require(https://www.peredy1.com/adminchat/php/config.php): failed to open stream: no suitable wrapper could be found in index.php on line 23 Fatal error: require(): Failed opening required 'php/config.php' (include_path='.:/opt/cpanel/ea-php71/root/usr/share/pear') in index.php on line 23 Here is what I have now in the top of the script down to where the page begins it's normal look You may notice some of the URL is different than my orginal post, this is because this index page is in the same folder now so I didn't need to put a full URL in <?php error_reporting(E_ALL); ini_set('display_errors', '1'); ?> <?php // this sets the lifetime to zero and the rest of the values to null session_set_cookie_params(0); session_start(); // login check code if(!isset($_SESSION['unique_id'])) { // if not logged in, go elsewhere header("location: logintool.php"); die; } // at this point there's a logged in user, get the user's current status // note: use 'require' for things your code must have for it to work require "php/config.php"; $sql = "SELECT status from users WHERE unique_id = ?"; $stmt = $conn->prepare($sql); $stmt->bind_param('i', $_SESSION['unique_id']); $stmt->execute(); $stmt->bind_result($user_status); $stmt->fetch(); if($user_status === "Offline now") { // force a log-out // note: you should only unset() $_SESSION['unique_id'] since a session can contain other pieces of data session_unset(); session_destroy(); header("location: logintool.php"); die; } // at this point the user is logged in and can access the rest of the code on the protected page ?> <?php include_once "header.php"; ?> Quote Link to comment Share on other sites More sharing options...
Barand Posted November 12, 2022 Share Posted November 12, 2022 As the message tells you, you can't call session_start() after you have sent data to the browser. You are sending output on line 10 apparently. For example, the gap between ?> and the following <?php will result in a couple of newlines being sent. Quote Link to comment Share on other sites More sharing options...
PNewCode Posted November 12, 2022 Author Share Posted November 12, 2022 @BarandThank you for that info. I moved the session to the bottom so it is after it but now I get Quote Warning: Cannot modify header information - headers already sent by (output started at index.php:5) in index.php on line 12 Which is the second line in this Quote // if not logged in, go elsewhere header("location: logintool.php"); die; Quote Link to comment Share on other sites More sharing options...
Barand Posted November 12, 2022 Share Posted November 12, 2022 Same problem Quote Link to comment Share on other sites More sharing options...
PNewCode Posted November 12, 2022 Author Share Posted November 12, 2022 Yup... I give up haha. At least for today. I'm normally very good at "Ohhhh okay that makes sense" but this has my head feeling like spaghetti where the noodles have been boiled too long and then turned into mashed potatos, and then mixed with dog food and thrown at a wall haha. Quote Link to comment Share on other sites More sharing options...
kicken Posted November 12, 2022 Share Posted November 12, 2022 (edited) Going back to the original statement of ending the other user's sessions, you can get PHP to do that for you by setting the session lifetime to 0 and invoking a garbage collection pass. //You must end the current session before you can change the lifetime settings. session_write_close(); //If you want to preserve your admin session, save a copy of $_SESSION $sessionCache = $_SESSION; //Make the lifetime 0 so every session is considered expired. ini_set('session.gc_maxlifetime', 0); //Re-start your admin session, GC requires an active session. session_start(); //Restore the saved $_SESSION if desired. $_SESSION = $sessionCache; //Run GC to delete other sessions. session_gc(); Edited November 12, 2022 by kicken Quote Link to comment Share on other sites More sharing options...
PNewCode Posted November 12, 2022 Author Share Posted November 12, 2022 @kickenThank you much for your time. I appreciate it. I tried that one too and I got a huge list of errors. I would post them but I can see from the previous answer that even being told what is wrong, I can't seem to figure out where or what to fix, or really... how to fix it. What is frustrating me the most is I can almost always see the codes and if I get help then it makes sense, then I learned from it, then I can build again from that. But this one... has me about ready to put my forehead in the monitor. I really do appreciate everyones help though. I just hate that this time I can't make heads or tales of it all Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.