|
PHP - Errors Turned Up By Code Analyzer.
Hi all ! I just passed my code through an analyzer and it showed that a lot of it was not following best practices. Some examples are below: 1.Direct use of $_SERVER Superglobal detected.
if($_SERVER['REQUEST_METHOD']==="POST"){
if(!isset($_SESSION)) sess_start();
if(isset($_SESSION['timeout'])){
$_SESSION['user']=$user; 2. Direct use of $_POST Superglobal detected.
if(isset($_POST['submit']) && $_POST['submit'] ==='Logoff'){
$_POST = array(); $usertype = fcheckRecruiter($_POST['usertype']); and many more like these concerning the use of SUPERGLOBALS. 3. Discouraged functions : header(), session_unset(), mysqli_close(), session destroy() & require_once to name a few besides a lot of other common php functions.
header ("Location: donepage.php");
session_unset(); mysqli_close($link); session_destroy(); Well the question is obviously how to tackle these. The surprising part though is that prior to checking the code by an analyzer, I had no clue, like many other coders on this forum perhaps, especially the newbies, that my code was flawed or at least not following the best practices. I never found a single piece of code on the net, in examples, even in examples in the PHP manual that showed the correct usage of these as per best practices. The most surprising of these were of course the SUPERGLOBALS since they are used everywhere and by almost everybody. Googling the internet shows that hardly anyone is clear about these. People are debating on the direct usage of suberglobals where they are used for checking the existence of the variable. So it's all very moot and very grey it seems. Then there are common functions some of which i mentioned above. For example how would I reset the super global $_POST if not by setting it to a blank array? $_POST = array(); Why are these functions, enlisted above, being discouraged from use and what and how should the alternate functions be used ? How to achieve the same functionality in an alternate way? For the use of superglobals I found that it's proposed to use the filters or filter functions to sanatise or validate the input. If i recall correct, Guru Jacques strongly advised against sanitizing any user input. While I can understand validation of user input, sanitization of it seems to be wrong ?? I would be very grateful if someone can shed some light on these very basic and important questions and provide, if possible, some examples of the correct method of using these in code. Thanks all ! Similar TutorialsThis topic has been moved to Editor Help (Dreamweaver, Zend, etc). http://www.phpfreaks.com/forums/index.php?topic=322054.0 I wrote the code below as a way of deleting books from a database. The variables sent to this piece of code come from the page before it, through checkboxes with names corresponding to books, for example the page may have 3 checkboxes with the names 3, 4 and 5. If the user was to select checkbox 4, the variable 4 would be sent through post to this piece of code. The code below selects all of the books from the database in the users school, and then cycles through it, checking whether a book should be deleted by checking whether the post value for that book has been set, eg. if book three has been sent, isset($_POST[$temp]) should return a true, and thus the book is deleted from the database via the mysql_query. The code however will not run, currently I am getting Parse error: syntax error, unexpected T_STRING in /home/textexch/public_html/home/exchange/deletebooks.php on line 81, but i fear there are other problems. Does anyone have any advice as to how to do this better? Code: [Select] $result = mysql_query("SELECT * FROM `books` WHERE School ='".$_COOKIE['School']."'"); while($row = mysql_fetch_array($result)){ $temp = $row['BookID']; if(isset($_POST[$temp])){ mysql_query("DELETE FROM books WHERE BookID = '$Delete'); } } if (mysql_affected_rows() == 0) { echo "sorry didn't work"; } else { echo "Books successfully deleted. Return home <a href='../'>here</a>"; } Hi, can any see is the are mistakes in this for me. Thanks echo'<img src="skinFiles/'.$skin['thumb_name'].'"class="skinImage" onclick="changeSkin(\'skinFiles/'.$skin["css_name"].'\')" />'; I have a form that is passing the User to following code. The code below is just ported from another site that I created, which works extremely well. I've had to change the datatable, database connection and some of the variables for this site, but it's otherwise the same. I've triple checked the variables. The datatable is accurate. It doesn't appear to be passing variable from the Form with the exception of "content", and I'm getting the following error: Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'year='', position='', content='Test', ppg='', rp' at line 6 Query: INSERT INTO players SET playerFirst='', playerLast='', feet='', inches='' year='', position='', content='Test', ppg='', rpg='', apg='', spg='', bpg='', fgp='', ftp='', status='' What am I missing? Code: [Select] <?php include('db.php'); $playerFirst = $_POST['playerFirst']; $playerLast = $_POST['playerLast']; $feet = $_POST['feet']; $inches = $_POST['inches']; $year = $_POST['year']; $position = $_POST['position']; $content = $_POST['content']; $ppg = $_POST['ppg']; $rpg = $_POST['rpg']; $apg = $_POST['apg']; $spg = $_POST['spg']; $bpg = $_POST['bpg']; $fgp = $_POST['fgp']; $ftp = $_POST['ftp']; $status = $_POST['status']; //if(isSet($_POST['playerFirst']['playerLast']['feet']['inches']['year']['status'])) //{ /* search for existing row */ $sql = "SELECT msg_id FROM players WHERE playerFirst='".mysql_real_escape_string($playerFirst)."' AND playerLast='".mysql_real_escape_string($playerLast)."'"; if(!$result = mysql_query($sql)) { die(mysql_error()."<br />Query: ".$sql); } if(mysql_num_rows($result)) { $row = mysql_fetch_assoc($result); /* update existing row */ $sql = "UPDATE players SET feet='".mysql_real_escape_string($feet)."', inches='".mysql_real_escape_string($inches)."' year='".mysql_real_escape_string($year)."', position='".mysql_real_escape_string($position)."', content='".$content."', ppg='".$ppg."', rpg='".$rpg."', apg='".$apg."', spg='".$spg."', bpg='".$bpg."', fgp='".$fgp."', ftp='".$ftp."', status='".$status."', WHERE msg_id='".$row['msg_id']."'"; if(!$result = mysql_query($sql)) { die(mysql_error()."<br />Query: ".$sql); } } else { /* insert new row */ $sql = "INSERT INTO players SET playerFirst='".mysql_real_escape_string($playerFirst)."', playerLast='".mysql_real_escape_string($playerLast)."', feet='".mysql_real_escape_string($feet)."', inches='".mysql_real_escape_string($inches)."' year='".mysql_real_escape_string($year)."', position='".mysql_real_escape_string($position)."', content='".$content."', ppg='".$ppg."', rpg='".$rpg."', apg='".$apg."', spg='".$spg."', bpg='".$bpg."', fgp='".$fgp."', ftp='".$ftp."', status='".$status."'"; if(!$result = mysql_query($sql)) { die(mysql_error()."<br />Query: ".$sql); } } Why won't this code work when register_globals is turned off (works fine when register_globals is on though). <?php $link = mysql_connect("localhost","un","pw"); mysql_select_db("the_db"); $username = $_POST['usernamex']; $surname = $_POST['surname']; $email = $_POST['email']; $result =sprintf("SELECT * FROM tbl WHERE username ='%s' || email = '%s'", mysql_real_escape_string($username), mysql_real_escape_string($email)); $resultfin = mysql_query($result); if (mysql_num_rows ($resultfin) > 0){ $register = "Retry."; echo($register); } else { $go =sprintf("INSERT INTO tbl (username, email, surname) VALUES ('%s', '%s', '%s'", mysql_real_escape_string($username), mysql_real_escape_string($email), mysql_real_escape_string($surname)); $resultg = mysql_query($go); $register = "Successful."; echo($register); } ?> Thanks, Bickey. Hey everyone, So here is my problem. I have some code to display the amount of views that page has got. In this case it is the thread in my forums section. I have used the same code to show how many people have views a certain persons profile page and that works fine but when I use it on my forum thread page I get this error. Quote You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE id='20' LIMIT 1' at line 1 Here is the section of code: Code: [Select] <?php $thread_id = preg_replace('#[^0-9]#i', '', $_GET['id']); $getThreadViews = mysql_query("SELECT view_count FROM forum_posts WHERE id='$thread_id' LIMIT 1") or die (mysql_error()); $row = mysql_fetch_assoc($getThreadViews); $counter = $row['view_count']; if($counter == 0){ $counter = 1; $startCounter = mysql_query("INSERT INTO forum_posts (view_count) VALUES ('$counter') WHERE id='$thread_id' LIMIT 1") or die (mysql_error()); } $threadViews = $counter+1; $appendCounter = mysql_query("UPDATE forum_posts SET view_count='$view_count' WHERE id='$thread_id'") or die (mysql_error()); ?> I have checked that there are no spelling errors so just wanted to show it to a fresh pair of eyes because its really starting to annoy me. Thanks in advance for any help. good day PHP-test on OpenSuse Linux 11.3 - ugliest errors (garbage code wherever i look) - i get seasick - this is too much to me. I am willing to throw the computer out of the windows... Well to begin with the beginning: i am brandnew to PHP on OpenSuse 11.3 i just start with PHP while running a first test - this here <?php echo date("Y/m/d") . "<br />"; echo date("Y.m.d") . "<br />"; echo date("Y-m-d") ?> i get ugly Effekts see the output suse-linux:/usr/perl # php learnmecha.php PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/perl/learnmecha.php on line 2 2010/11/15<br />PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/perl/learnmecha.php on line 3 2010.11.15<br />PHP Warning: date(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/perl/learnmecha.php on line 4 suse-linux:/usr/perl # well - can i say that php runs - but not safe or what is this -- do you have another test - i want to test if the PHP runs well !? How do I display the actual errors in IIS 7.5? If I miss a semicolon, I get: "HTTP Error 500.0 - Internal Server Error" absolutely useless. In prior versions, I could see the line and get to the PHP error. How do I display PHP errors? I've added: set_ini('display_errors', '1'); but it doesn't help. Hello. I am at beginning with php and now trying to make an ecommerce website. I know it's a bit stupid but it works until now. This site work perfect on localhost using xampp but then I transfered it to webhost, I get a lot of errors. i get this when i tried to retrive a venue id so admin can edit them Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource Warning: session_start() [FUNCTION.SESSION-START]: Cannot send session cache limiter - headers already sent Code: [Select] <?php include 'scripts/connect.php'; if(isset($_GET['vid'])){ $query = mysql_query("SELECT * FORM venue"); while ($row = mysql_fetch_array($query)){ $id = $row['id']; $venuename = $row['venuename']; $address = $row['address']; $phone = $row['phone']; $vemail = $row['vemail']; $state = $row['state']; $town = $row['town']; $zip = $row['zip']; $seats = $row['seats']; } } ?> <?php require "header.php"; ?> Does anyone know what would cause this error: Notice: Undefined index: file in C:\Inetpub\wwwroot\Upload\uploader3.php on line 2 No file specified with these files for uploading images: uploader.htm <html><head><title>File Uploader</title></head> <body><h3>File Upload</h3> Select a file to upload:<br> <form action="uploader.php" method="post" enctype="multipart/form-data"> <input type="file" name="file" size="45"> <br> <input type="submit" value="Upload File"> </form> </body></html> and, uploader.php <?php if( $_FILES['file']['name'] != "" ) { copy ( $_FILES['file']['tmp_name'], "C:/Inetpub/wwwroot/Upload/" . $_FILES['file']['name'] ) or die( "Could not copy file" ); } else{ die( "No file specified" ); } ?> <html> <head><title>Upload Complete</title></head> <body> <h3>File Upload Succeeded...</h3> <ul> <li>Sent: <?php echo $_FILES['file']['name']; ?> <li>Size: <?php echo $_FILES['file']['size']; ?> bytes <li>Type: <?php echo $_FILES['file']['type']; ?> </ul> <a href="<?php echo "C:/Inetpub/wwwroot/Upload/".$_FILES['file']['name']; ?>"><img src="<?php echo "C:/Inetpub/wwwroot/Upload/".$_FILES['file']['name']; ?>" height="200"></a> </body> </html> Thanks! The code below returns the correct results, which are in this case are email addresses. After each displayed value there is a br eg. emai1@hotmail.com<br>email2@hotmail.com<br>email3@ etc. So the quesion is, can i change the below codeing to prevent this. I have tried changing $message .= "<br>". $row['email'] to $message .= "\n". $row['email'] but this results in; Warning: mail() [function.mail]: SMTP server response: 451 See http://pobox.com/~djb/docs/smtplf.html $code = $_GET['postcode']; $message = $_GET['message']; $emailad = "email@hotmail.co.uk"; $shortcode = substr($code,0,2); $result = mysql_query("SELECT email FROM treesurgeons WHERE postcode like '%" . $shortcode . "%' ORDER BY companyName LIMIT 3") or die(mysql_error()); echo "<h2>Business Names:</h2>"; while ($row = mysql_fetch_array( $result )) { $message .= "<br>". $row['email'] ; } echo "\n"; echo $message; mail( "$emailad", "Header","$message" ); echo "<br>" . "Thank you for using our mail form."; When I am trying to update a record in the database i get this error after I submit the form that is populated from the database. You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc = 'SFR ANNOUNCES 3RD ANNUAL \"12 DAYS OF CHRISTMAS FOOD DRIVE\"', body = '<' at line 1 Does anyone know of a function that I can use to get all occurring PHP errors during script execution into a string. Also, does anyone know what's wrong with php.net? It keeps saying service is down. im getting following errors:
Warning: DOMDocument::load() [domdocument.load]: Opening and ending tag mismatch: property line 6 and xsl:for-each in /home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/apartment.xsl, line: 25 in/home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/transform1.php on line 9 Warning: DOMDocument::load() [domdocument.load]: Opening and ending tag mismatch: for-each line 5 and property in /home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/apartment.xsl, line: 26 in/home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/transform1.php on line 9 Warning: XSLTProcessor::importStylesheet() [xsltprocessor.importstylesheet]: compilation error in /home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/transform1.php on line 14 Warning: XSLTProcessor::importStylesheet() [xsltprocessor.importstylesheet]: xsltParseStylesheetProcess : empty stylesheet in /home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/transform1.php on line 14 Warning: XSLTProcessor::transformToXml() [xsltprocessor.transformtoxml]: No stylesheet associated to this object in /home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/transform1.php on line 16 Fatal error: Call to a member function saveXML() on a non-object in /home/students/accounts/s4909321/cos80021/www/htdocs/Assignment3/transform1.php on line 18 the xslt file is as following: <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/19...XSL/Transform"> <xsl:output method="xml" indent="yes"/> i m facing this 2 errors in the below script
Notice: Undefined index: media in D:\server\website\htdocs\wefondyou\themes\grape\layout\story\content.phtml on line 107 Warning: Invalid argument supplied for foreach() in D:\server\website\htdocs\wefondyou\themes\grape\layout\story\content.phtml on line 107 I had tried add isset and is_array to line, the errors gone away, but image also gone away. any ideas??
<div id="story_<?php echo $sk['story']['id']; ?>" class="story-wrapper story_<?php echo $sk['story']['id']; ?>" data-story-id="<?php echo $sk['story']['id']; ?>">
<div class="publisher-wrapper">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td width="48px" align="left" valign="top">
<a href="<?php echo $sk['story']['publisher']['url']; ?>" data-href="?tab1=timeline&id=<?php echo $sk['story']['publisher']['username']; ?>">
<img class="avatar" src="<?php echo $sk['story']['publisher']['thumbnail_url']; ?>" width="40px" height="40px" alt="<?php echo $sk['story']['publisher']['name']; ?>">
</a>
</td>
<td align="left" valign="top">
<a class="name" href="<?php echo $sk['story']['publisher']['url']; ?>" data-href="?tab1=timeline&id=<?php echo $sk['story']['publisher']['username']; ?>">
<?php echo substr($sk['story']['publisher']['name'], 0, 35); ?>
</a>
<?php
if ($sk['story']['recipient_exists'] == true) {
?>
<i class="icon-arrow-right recipient-indicator-icon"></i> <a class="name" href="<?php echo $sk['story']['recipient']['url']; ?>" data-href="?tab1=timeline&id=<?php echo $sk['story']['recipient']['username']; ?>">
<?php echo substr($sk['story']['recipient']['name'], 0, 35); ?>
</a>
<?php
}
echo $sk['story']['activity_text'];
?>
<div class="other-data">
<span class="time-wrapper ajax-time" title="<?php echo date('c', $sk['story']['time']); ?>">
<?php echo date('c', $sk['story']['time']); ?>
</span>
<?php
if ($sk['story']['location_exists'] == true) {
?>
<abbr class="space3">·</abbr>
<span class="location-wrapper" title="<?php echo $sk['story']['location']['name']; ?>">
<i class="icon-map-marker"></i>
<?php echo $sk['story']['location']['name']; ?>
</span>
<?php
}
?>
</div>
</td>
</tr>
</table>
<?php
if ($sk['logged'] == true) {
?>
<div class="setting-buttons">
<?php
if ($sk['story']['admin'] == true) {
?>
<span class="remove-btn cursor-hand" title="<?php echo $lang['remove']; ?>" onclick="SK_deletePostWindow(<?php echo $sk['story']['id']; ?>);">
<i class="icon-remove progress-icon"></i>
</span>
<?php
} elseif (!SK_isPostReported($sk['story']['id'])) {
?>
<span class="report-btn cursor-hand" title="<?php echo $lang['report']; ?>" onclick="SK_reportPost(<?php echo $sk['story']['id']; ?>);">
<i class="icon-flag progress-icon"></i>
</span>
<?php
}
?>
</div>
<?php
}
?>
</div>
<?php
if ($sk['logged'] == true) {
?>
<div class="options-wrapper">
<?php echo SK_getPostLikeButton($sk['story']['id']); ?>
<abbr class="space6">·</abbr>
<?php echo SK_getPostShareButton($sk['story']['id']); ?>
<abbr class="space6">·</abbr>
<?php echo SK_getPostFollowButton($sk['story']['id']); ?>
</div>
<?php
}
if (!empty($sk['story']['text'])) {
?>
<div class="text-wrapper">
<?php echo $sk['story']['text']; ?>
</div>
<?php
}
if ($sk['story']['media_exists'] == true) {
// If it is photos
if ($sk['story']['media_type'] == "photos") {
?>
<div class="photos-wrapper">
<?php
$photo_class = 'width-' . $sk['story']['media_num'];
if ($sk['story']['media_num'] >= 3) {
$photo_class = 'width-3';
}
LINE HERE 107 -----> foreach ($sk['story']['media'] as $photo) {
?>
<a href="javascript:void(0);">
<img class="<?php echo $photo_class; ?>" src="<?php echo $photo['url']; ?>" alt="Photo" onclick="javascript:SK_openLightbox(<?php echo $photo['post_id']; ?>);">
</a>
<?php
}
?>
</div>
<?php
} elseif ($sk['story']['media_type'] == "soundcloud") {
?>
<div class="soundcloud-wrapper" align="center">
<iframe frameborder="0" src="https://w.soundcloud.com/player/?url=<?php echo $sk['story']['media']['url']; ?>&color=f07b22" width="100%"></iframe>
</div>
<?php
} elseif ($sk['story']['media_type'] == "youtube") {
?>
<div class="youtube-wrapper" align="center">
<iframe src="https://www.youtube.com/embed/<?php echo $sk['story']['media']['id']; ?>?ap=%2526fmt%3D18&disablekb=1&rel=0" width="100%" height="300px" frameborder="0" allowfullscreen></iframe>
</div>
<?php
}
} elseif ($sk['story']['location_exists'] == true) {
?>
<div class="google-map-viewer-wrapper" align="center">
<img src="http://maps.googleapis.com/maps/api/staticmap?center=<?php echo $sk['story']['location']['name']; ?>&zoom=13&size=600x300&maptype=roadmap&markers=color:red%7C<?php echo $sk['story']['location']['name']; ?>" width="100%" alt="<?php echo $sk['story']['location']['name']; ?>">
</div>
<?php
}
?>
<div class="activity-wrapper">
<table border="0" width="100%" cellspacing="0" cellpadding="0">
<tr>
<td align="left" valign="middle">
<span class="story-like-activity">
<?php
echo SK_getPostLikeActivityButton($sk['story']['id']);
?>
</span>
<abbr class="space6">·</abbr>
<span class="story-comment-activity">
<?php
echo SK_getPostCommentActivityButton($sk['story']['id']);
?>
</span>
<abbr class="space6">·</abbr>
<span class="story-share-activity">
<?php
echo SK_getPostShareActivityButton($sk['story']['id']);
?>
</span>
</td>
<td align="right" valign="middle">
<?php if ($sk['story']['via_type'] == "like") {
?>
<a class="via-name" href="<?php echo $sk['story']['via']['url']; ?>" data-href="?tab1=timeline&id=<?php echo $sk['story']['via']['username']; ?>">
<?php echo $sk['story']['via']['name']; ?>
</a> <?php echo $lang['likes_this_label']; ?>
<?php
} elseif ($sk['story']['via_type'] == "share") {
?>
<a class="via-name" href="<?php echo $sk['story']['via']['url']; ?>" data-href="?tab1=timeline&id=<?php echo $sk['story']['via']['username']; ?>">
<?php echo $sk['story']['via']['name']; ?>
</a> <?php echo $lang['shared_this_label']; ?>
<?php
} elseif ($sk['story']['via_type'] == "tag") {
?>
<a class="via-name" href="<?php echo $sk['story']['via']['url']; ?>" data-href="?tab1=timeline&id=<?php echo $sk['story']['via']['username']; ?>">
<?php echo substr($sk['story']['via']['name'], 0, 15); ?>
</a> <?php echo $lang['tagged_on_this_label']; ?>
<?php
}
?>
</td>
</tr>
</table>
</div>
<div class="comments-container hidden">
<?php
if ($sk['story']['view_all_comments'] == true) {
?>
<div class="view-more-wrapper" align="center" onclick="SK_loadAllComments(<?php echo $sk['story']['id']; ?>);">
<i class="icon-lightbulb progress-icon hide"></i>
<?php
echo $lang['view_all_comments_label'];
?>
</div>
<?php
}
?>
<div class="comments-wrapper">
<?php
echo $sk['story']['comments'];
?>
</div>
<?php
echo $sk['story']['comment']['publisher_box'];
?>
</div>
</div>
Hi I'm in need of help with some errors that the admin page of my cms is spitting out, I'm very new to php but I'm great understanding directions so any help that anyone can provide will be greatly appreciated.
These are the errors being displayed:
Warning: date() [function.date]: It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'America/Chicago' for 'CDT/-5.0/DST' instead in /home/mysite/public_html/includes/joomla.php on line 437 I apologize to keep posting this in different topics, but since I can't edit my last topic to fit this one; I must. Code: (function.php) [Select] <?php error_reporting(-1); ini_set('display_errors', 1); function check() { $admin="test"; $pass="test"; if (isset($_POST["user"]) && $_POST["user"] == $admin && isset($_POST["pwd"]) && $_POST["pwd"] == $pass) { sesshin(); } } function sesshin() { session_start(); $_SESSION['user'] = "test"; if ($_SESSION['user'] = "test") { header('Location: output.php'); } else { header('Location: index.html'); } } ?> I get the following errors when I try to login. Code: [Select] Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:25) in /srv/www/deadnode.com/public_html/function.php on line 15 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /srv/www/deadnode.com/public_html/function.php:25) in /srv/www/deadnode.com/public_html/function.php on line 15 Warning: Cannot modify header information - headers already sent by (output started at /srv/www/deadnode.com/public_html/function.php:25) in /srv/www/deadnode.com/public_html/function.php on line 1 I've just confused myself into doing this. Maybe I can do all of this in one function? Check(), should look to see if the form information is correct. If so, then it should start the session and proceed to the output.php page. The other thing I'm trying to figure out is how to block public view of output.php if you havent logged in. Hello all, I am at a complete loss. For the past months I am developing a web site. I have the web site running at my Windows pc at home (where I mainly develop it and run it on Apache 2 with PHP (i think 5.3.x or 5.2.x) ) and I have it running live at the web server. I also have a macbook that I develop the same web site occasionally. I am using XAMPP and php 5.3.1 in this case. I keep the code between my two computers (Mac and Windows) up to the same level using SVN (which runs on a linux machine). What I have done a billion times before and in this case also is having the basic libraries included with require_once in one file called "baseincs.php" and then at each file I only include with require_once this one php file. This has been working for years perfectly and in this particular case has been working for months on the exact same code. Yesterday I wrote some (completely irrelevant, HTML GUI mostly) code on the Windows pc and uploaded it to the SVN. Today being at work I downloaded the SVN update to my mac and out of the sudden I get redeclaration errors on every page (beginning with the index.php). I cannot figure this out. I am positive I have not changed anything(!!!) on the index.php or the baseincs.php. I know that these error will manifest if you use include or require instead of include_once and require_once and you include the same file in multiple places in your code. This has not happened. Here is the code from the baseincs.php require_once 'config.php'; //sets various defined parameters application-wide require_once('session.inc'); require_once('errors.inc'); require_once('bootstrap.php'); require_once('usermanager.inc'); require_once('loginproc.inc'); // sets g_loggedInUID /** * If you don't actually generate any UI in your page, then * just don't instantiate the HtmlGenerator class .... */ require_once('htmlgen.php'); and here is the beginning of the index.php file ob_start(); require_once 'libraries/coreincs.php'; require_once 'libraries/utilitymanager.php'; //global $g_loggedInUID; if($g_loggedInUID !=-1) { $name = Users::fullNameFromUserID($g_loggedInUID); } Finally the code where I get the first error is the session.inc file and it follows <?php //only comments above here /** *=-----------------------------------------------------------= * nuke_session *=-----------------------------------------------------------= * This function completely destroys a session and all of its * data after we have logged a user out of our system. In * addition to destroying the session data, we destroy the session * cookie and also make sure that $_SESSION is unset. */ function nuke_session() { session_destroy(); setcookie(session_name(), '', time() - 3600); $_SESSION[] = array(); } /** * One of these sessions can last 60 minutes */ ini_set('session.gc_maxlifetime', 3600); session_start(); /** * Try to prevent session fixation by ensuring that we created * the session id. */ if (!isset($_SESSION['created'])) { session_regenerate_id(); $_SESSION['created'] = TRUE; } /** * Try to limit the damage from a compromised session id by * saving a hash of the User-Agent: string with another * value. */ if (!isset($_SESSION['user_agent'])) { /** * create a hash user agent and a string to store in session * data and user cookies */ $_SESSION['user_agent'] = md5($_SERVER['HTTP_USER_AGENT'] . USER_AGENT_SALT); setcookie('ag', $_SESSION['user_agent'], 0); } else { /** * verify the user agent matches the session data and * cookies. */ if ($_SESSION['user_agent'] != md5($_SERVER['HTTP_USER_AGENT'] . USER_AGENT_SALT) or (isset($_COOKIE['ag']) and $_COOKIE['ag'] != $_SESSION['user_agent'])) { /** * Possible Security Violation. Tell the user what * happened and refuse to continue. */ throw new SessionCompromisedException(); } } ?> Fatal error: Cannot redeclare nuke_session() (previously declared in /Users/andreass/MySites/projectoarc/oarc/libraries/session.inc:35) in /Users/andreass/MySites/projectOarc/oarc/libraries/session.inc on line 38 As you can see this is not true for session.inc Please note that the exact same code works on my Windows PC. Any help will be much appreciated!!!! Regards, menwn |
|||||||