Clicky

I have an app that was running fine on PHP 4. something. I changed to a new server running PHP 5.1.6 (From the PHP info screen) and now my session variable are not working

Here's My phpinfo session section if that helps.
Capture.PNG (43 KB)
PHP Session Capture from phpinfo (image/png)


I turned on error with:
1:
2:
ini_set('display_errors', '1');
error_reporting(E_ALL);


and what I'm getting is :

1:
2:
3:
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/notreal.com/public_html/includes/require_sysadmin.php:4) in /home/notreal.com/public_html/includes/functions.php on line 4

Warning: Cannot modify header information - headers already sent by (output started at /home/notreal.com/public_html/includes/require_sysadmin.php:4) in /home/notrealcom/public_html/includes/functions.php on line 5


I changed the domain name to "notreal".

Any ideas?

asked 06/10/2011 10:45

rduval's gravatar image

rduval ♦♦


21 Answers:
require_sysadmin.php, line 4
what does it contain ?
link
Roads_Roads's gravatar image

Roads_Roads

Your trouble is that now you have error_reporting <> 0

Change error_reporting to 0 on php.ini

NOTE : This is not the actual soluction since this warning reveals a bad programming
link
NoiS's gravatar image

NoiS

Session_Start() must be the first function called in your script, right after error_reporting(E_ALL);

The reason for this is that session_start() depends on headers, including cookies.  It is a law of the WWW that all headers must come first and be complete before there is ANY browser output.  ANY includes invisible whitespace and error messages.
link
Ray_Paseur's gravatar image

Ray_Paseur

Roads Roads:

require_sysadmin contains:
1:
2:
3:
4:
5:
<?php
if (!isset($_SESSION['user_addr_id']) OR !isset($_SESSION['user_is_system_admin']) )
header("Location: index.php");
echo 'require sysadmin';
?>


and is the problem. The session variables are not getting passed and subsequently it returns to the index.php
link
rduval's gravatar image

rduval

Ray_Paseur:

I tried moving the sesson_start() as you suggested, it made no difference.
link
rduval's gravatar image

rduval

One of the things to remember here is that this code worked fine in PHP4 and is broken in PHP5. What's the difference with regard to session variables?
link
rduval's gravatar image

rduval

What's the difference... - could be a lot of things.  Some of the ways PHP handled sessions have been deprecated.  Deprecated actions may throw a message.  The message may create browser output.  If the browser output precedes a call to session_start() or setcookie() the script will not work right.

Coding standards play a big part in successful application deployment.  I use a modified Zend standard for most of my work (however I follow the standards, if any, of a client who is footing the bill).  

Here is the effective action of the require_sysadmin script.  

1. A test is made to see if $_SESSION['user_addr_id'] is not set and if it is not set the if() statement is TRUE and further tests end (line 2).
2. If further tests have not ended, a test is made to see if $_SESSION['user_is_system_admin'] is not set and if it is not set the if() statement is TRUE (line 2)
3. In case the if() statement ended with TRUE, the instructions up to the next semicolon are executed (line 3).
4. In case the if() statement ended with FALSE, the instructions up to the next semicolon are skipped (line 3).
5. In either case the echo statement on line 4 is going to be executed.

The header() statement in PHP is a synchronous statement.  What this means is that PHP sends the header() and the script keeps right on running.  That might not be what you want if you think the header should redirect the client browser to the home page.  And the choice of Location: index.php might not be right, either.  

Here is how I would code the snippet posted at ID:35950466.  You can learn more about PHP authentication in this article.
http://www.qa.downappz.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
1:
2:
3:
4:
5:
6:
7:
<?php
session_start();
if ( !isset($_SESSION['user_addr_id']) || !isset($_SESSION['user_is_system_admin']) )
{
    header("Location: /");
    exit;
}
link
Ray_Paseur's gravatar image

Ray_Paseur

The central question in my mind is first, does the session handler work correctly?  This code snippet will test that.  Install it and run it to see if things are OK.  If it works, then there is almost certainly a programming logic error somewhere, probably one that is now causing a message to issue before the session_start() command.

In my programming, I like to use a require_once('common.php'); statement at the very top of every script.  The required common.php script sets error_reporting, starts the session, handles data base connectivity, etc. - all the housekeeping functions are in one place.  You can see this design pattern at work in the access control article.

Please run the test and let us know if the cheese variable incremented correctly.
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
<?php // RAY_session_test.php
error_reporting(E_ALL);


// DEMONSTRATE HOW PHP SESSIONS WORK
// MAN PAGE HERE: http://php.net/manual/en/function.session-start.php


// START THE SESSION (DO THIS FIRST, UNCONDITIONALLY, IN EVERY PHP SCRIPT ON EVERY PAGE)
session_start();

// INITIALIZE THE SESSION ARRAY TO SET A DEFAULT VALUE
if (empty($_SESSION["cheese"])) $_SESSION["cheese"] = 1;

// SEE IF THE CORRECT SUBMIT BUTTON WAS CLICKED
if (isset($_POST['fred']))
{
    // ADD ONE TO THE CHEESE
    $_SESSION['cheese']++;
}

// RECOVER THE CURRENT VALUE FROM THE SESSION ARRAY
$cheese = $_SESSION['cheese'];


// END OF PROCESSING SCRIPT - CREATE THE FORM USING HEREDOC NOTATION
$form = <<<ENDFORM
<html>
<head>
<title>Session Test</title>
</head>
<body>
Currently, SESSION["cheese"] contains: $cheese<br/>
<form method="post">
<input type="submit" value="increment this cheese" name="fred"  />
<input type="submit" value="leave my cheese alone" name="john" />
</form>
</body>
</html>
ENDFORM;

echo $form;
link
Ray_Paseur's gravatar image

Ray_Paseur

Ray Paseur:

You're test script  worked perfectly. So why isn't mine working???

One other question on your test code, I see that you build the output into a variable then echo the variable instead of building on the fly. Why do you do it that way and that is the "$form = <<<ENDFORM" and it's subsequent close doing. I've never seen a "<<<" contruct before?
link
rduval's gravatar image

rduval

Wow, I'm going crazy trying to find this!!!! Can anyone tell me the difference between the 2 following bit s of code? The top one works and the bottom one doesn't! Argh! I can't see any difference at all!! (these are just cut and paste BTW, I'm not retyping).

1:
2:
3:
4:
5:
6:
<?php
if ( !isset($_SESSION['user_addr_id']) OR !isset($_SESSION['user_is_system_admin']) )
{
	header("Location: index.php");
}
?>


1:
2:
3:
4:
5:
6:
<?php
if ( !isset($_SESSION['user_addr_id']) OR !isset($_SESSION['user_is_system_admin']) )
{
    header("Location: index.php");
}
?>


link
rduval's gravatar image

rduval

Maybe the file has a BOM.
link
NoiS's gravatar image

NoiS

BOM? What's a BOM?
link
rduval's gravatar image

rduval

A byte-order marker.
link
Ray_Paseur's gravatar image

Ray_Paseur

Regarding this: $form = <<<ENDFORM

That is called "heredoc notation" and it's a syntax that I find quite useful.  It eliminates lots of the punctuation and escaping that is needed when you work with variables, especially arrays, in quoted strings.
http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.heredoc

The only difference I can detect between the two strings at ID:35951523 is that one uses a tab and the other uses spaces.

Going forward you might want to omit the close-php tag from the end of your scripts.  It often leads to invisible problems, like whitespace in the output stream.

Please post the entire text of includes/functions and includes/require_sysadmin, thanks.   Also, if you want, you might go through the old PHP4 phpinfo() and compare all the session settings.

Some of this might (or might not) offer a clue:
http://php.net/manual/en/faq.migration5.php
http://www.php.net/manual/en/migration5.php
link
Ray_Paseur's gravatar image

Ray_Paseur

Ray Paseur:

Reading...thanks.

BTW, is there any way other than using the "header("Location: index.php");" to go to another page? It seems to cause a LOT of problems.
link
rduval's gravatar image

rduval

Couple of things..

Using "exit;" not only stops the included php function but prevents the rest of the page from executing

Using "start_session();" seem to be required on each php page in order to carry over the sessions vars... didn't need it in PHP4. hmmmm.

I'm off for the weekend guys, thanks for your help, still not finding the problem however, if you're willing we can continue on monday.
link
rduval's gravatar image

rduval

This is what I use to go to the home page.

header("Location: /");
exit;

You can also throw a meta-refresh tag with a zero time value into the browser stream.  This is deprecated by the W3C, but supported by all browser makers, and the browser makers are the ones that count.
http://en.wikipedia.org/wiki/Meta_refresh

header() may require some planning in the design of the script, since all headers and cookies must come before any browser output.
http://us3.php.net/header

For better or worse, PHP allows programmers to intermix the program logic with the HTML output and this practice has led to some really lame programming.  There are a couple of things that can help.  One is to use the output buffers.  If you add ob_start() to the top of the script, either before or after session_start() it will capture any echo statement output (and error messages) in the output buffers instead of sending it to the client.
http://us3.php.net/ob_start

link
Ray_Paseur's gravatar image

Ray_Paseur

Using "exit;" not only stops the included php function but prevents the rest of the page from executing

Yes.  You use it after header("Location: ..."); for exactly that purpose.  It means the same thing as die();
http://us.php.net/exit

Using "start_session();" seem to be required on each php page in order to carry over the sessions vars... didn't need it in PHP4. hmmmm.

This might be caused by a configuration difference between the PHP4 and PHP5 installations.  See session_auto_start.  Compare the settings shown in phpinfo();
http://www.php.net/manual/en/session.configuration.php#ini.session.auto-start

The requirement to actually code the session_start() line is often handled by using an include() statement at the top of the script.  See the design pattern of the "config" script in this article.
http://www.qa.downappz.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Enjoy the rest of the weekend, ~Ray
link
Ray_Paseur's gravatar image

Ray_Paseur

Nobody solved the problem, I'm just closing the question
link
rduval's gravatar image

rduval

Let's see, rduval.  I think this is what happened.  

You posted this question at 06/10/11 10:45 AM.  

You got the exact answer at 06/10/11 04:04 PM.  See ID:35949202.  

Your last comment came at 06/11/11 10:57 AM.  

Then, months later, you closed the question at 10/16/11 04:53 PM with the worst possible grade anyone can give at EE.

We are unpaid volunteers here; we work for points.  And we depend on those who are asking the questions to have some background knowledge and engage in some dialog.  

Please explain why any of us should try to help you again.  Thanks, ~Ray
link
Ray_Paseur's gravatar image

Ray_Paseur

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×1

Asked: 06/10/2011 10:45

Seen: 1221 times

Last updated: 10/22/2011 01:51