headers sent before sessions???
01-15-2009, 09:29 PM
|
headers sent before sessions???
|
Posts: 340
Name: Jon
Location: New York
|
Okay here is the deal I am using CI, and well they utilize sessions. Well what happens is they create a session, put all the data from the session in a serialized and encrypted cookie, gets written, then gets read and decrypted & deserialized. So when using there sessions you are in essence witting a cookie that links to a php session.
Well I am getting the Headers already started issue. Now I swear that I have made sure that there is NO output to the browser before any SESSION calls. (since it acts like a normal session). Now for the life of me, I have been racking my brain for the past week trying to figure out this stupid problem.
So here is the source.
UserMgmt.php
PHP Code:
<?php if ( ! defined('BASEPATH')) exit('No direct script access allowed');
class UserMgmt extends Model {
function __construct(){
parent::model();
$this->load->library('parser');
$this->load->helper('url');
$this->load->library('user_agent');
$this->load->library('validation');
$this->load->library('encrypt');
$this->load->library('email');
//$this->load->library('themechooser');
$this->load->helper(array('form', 'url'));
}
// Auth Segments
function doLogin(){
$rules['username'] = "callback_isreg|required|xss_clean";
$rules['password'] = "required";
$fields['username'] = "Username";
$fields['password'] = "Password";
$this->validation->set_fields($fields);
$this->validation->set_rules($rules);
$this->validation->set_error_delimiters('<div id="error" class="error">', '</div>');
if($this->validation->run() == FALSE ){
if($this->config->item('debug') == TRUE){
echo "Debug: Location, Auth / UserMgmt / Do Login -> Validation == FALSE<br />";
}
$this->load->view('global/auth/login_form');
}
else{
if($this->config->item('debug') == TRUE){
echo "Debug: Location, Auth / UserMgmt / Do Login -> Validation == TRUE<br />";
}
$this->VerifyAuth();
}
}
function VerifyAuth(){
if($this->config->item('debug') == TRUE){
echo "Debug: Location, Auth / UserMgmt / Verify Login No Real Out Put Yet.<br />";
}
$post_array = array(
'username' => $this->input->post('username', TRUE),
'password' => md5($this->input->post('password')),
);
$query = $this->db->query("SELECT * FROM users WHERE username='". $post_array['username'] ."'");
$row = $query->row_array();
if($row['password'] !== $post_array['password']){
/*
This is/was for debugging to find out why passwords were not set right
if($this->config->item('debug') == TRUE){
echo "PWD in DB = ". $row['password'] ."\n";
echo "PWD Received is ". $post_array['password'] ."\n";
}
else{ */
//show_error('Incorrect Password Try again');
$data['strike'] = 0;
$data['limit'] = 0;
echo $this->parser->parse("auth/invalid",$data,true);
// }
}
elseif($row['active'] == 'no'){
show_error('Your account is currently disabled, Please contact the site Admin by <a href="'. site_url('messaging/unreg/admin') .'">Clicking here</a>');
}
else{
$logged_array = array(
"username" => $row['username'],
"lvl" => $row['lvl'],
'uid' => $row['id'],
'loggedin' => TRUE,
);
return $logged_array;
//$this->session->set_userdata($logged_array);
redirect('/members', 'refresh');
}
}
private function isreg($str){
$query = $this->db->query("SELECT * FROM users WHERE username='". $str ."'");
if(!$query->num_rows()){
$this->validation->set_message('username', 'Username is not registered');
return FALSE;
}
else{
return TRUE;
}
}
function doLogout(){
$logged_array = array(
"username" => '',
"lvl" => '',
'uid' => '',
'loggedin' => FALSE,
);
return $logged_array;//$this->session->unset_userdata($logged_array);
redirect('', 'refresh');
}
function forgot_pwd(){
$rules['email'] = "callback_email|required|xss_clean";
$fields['email'] = "Email Should be filled in";
if($this->config->item('debug') == TRUE){
$this->validation->set_rules($rules);
$this->validation->set_fields($fields);
$data['captcha'] = 'not required';
}
else{
$rules['recaptcha_response_field'] = 'required|callback_check_captcha';
$fields['recaptcha_response_field'] = "Captcha Image Verification";
$this->validation->set_fields($fields);
$this->load->library('recaptcha');
$data = array(
'captcha' => $this->recaptcha->recaptcha_get_html()
);
$this->validation->set_rules($rules);
}
$this->validation->set_error_delimiters('<div class="error" id="error" align="center">', '</div>');
if($this->validation->run() == FALSE ){
$this->load->view('global/auth/forgot',$data);
}
else{
$this->SendNewPwd();
}
}
// Function to check to see if captcha is correctly submitted
private function check_captcha($val) {
$this->recaptcha->recaptcha_check_answer($_SERVER["REMOTE_ADDR"],$this->input->post('recaptcha_challenge_field'),$val);
if ($this->recaptcha->is_valid) {
return true;
} else {
$this->validation->set_message('check_captcha','Incorrect Security Image Response');
return false;
}
}
private function email($str){
$query = $this->db->query("SELECT * FROM users WHERE email='". $str ."'");
if(!$query->num_rows()){
$this->validation->set_message('email', 'The Email address you provided is not on file');
return FALSE;
}
else{
return TRUE;
}
}
function SendNewPwd(){
$this->load->library('email');
$hash = $this->encrypt->get_rand_id(8);
$post_array = array(
'email' => $this->input->post('email', TRUE),
);
$data = array(
'reg_hash' => $hash,
);
$this->db->where('email', $post_array['email']);
$this->db->update('users', $data);
$query = $this->db->query("SELECT * FROM users WHERE email='". $post_array['email'] ."'");
$row = $query->row_array();
$data['base'] = base_url();
$data['email'] = $post_array['email'];
$link = site_url("auth/setnew_pwd/". $row['id'] ."/". $row['reg_hash']);
$data = array(
'link' => $link,
'site' => $this->config->item('site'),
'usr' => $row['username'],
'pwd' => $this->input->post('password'),
);
if($this->config->item('debug') == TRUE){
$this->parser->parse('emails/forgot_pwd', $data);
}
else{
$msg = $this->parser->parse('emails/forgot_pwd', $data,TRUE);
$this->email->from("no-reply@".$this->config->item('domain'), "NO-REPLY - ". $this->config->item('domain'));
$this->email->to($array['email']);
$this->email->subject('Registration');
$this->email->message($msg);
$this->email->send();
}
}
function setnew_pwd(){
$uid = $this->uri->segment(3);
$hash = $this->uri->segment(4);
$query = $this->db->query("SELECT * FROM users WHERE id='". $uid ."' AND reg_hash='". $hash ."'");
if($query->num_rows() !== 1){
show_error("Sorry no this information provided is invalid");
}
else{
$row = $query->row_array();
$rules['username'] = "callback_isreg|required|xss_clean";
$rules['password'] = "required|match[password2]|min_length[5]|max_legnth[12]|md5";
$rules['password2'] = "required";
$fields['username'] = "Username";
$fields['password'] = "Password";
$fields['password2'] = "Retype Password";
if($this->config->item('debug') == TRUE){
$this->validation->set_rules($rules);
$this->validation->set_fields($fields);
$data['captcha'] = 'not required';
}
else{
$rules['recaptcha_response_field'] = 'required|callback_check_captcha';
$fields['recaptcha_response_field'] = "Captcha Image Verification";
$this->validation->set_fields($fields);
$this->load->library('recaptcha');
$data = array(
'captcha' => $this->recaptcha->recaptcha_get_html()
);
$this->validation->set_rules($rules);
}
$this->validation->set_error_delimiters('<div class="error" id="error" align="center">', '</div>');
if($this->validation->run() == FALSE ){
//$this->themechooser->getTheme();
$this->load->view('global/auth/set_pwd',$data);
//$view = 'global/auth/set_pwd';
}
else{
$this->AddPwd($row['id']);
}
}
}
private function AddPwd($str){
$post_array = array(
'password' => $this->input->post('password', TRUE),
);
$this->db->where('id',$str);
$query = $this->db->update('users',$post_array);
if(!$query){
show_error("Something Happend please contact the site admin");
}
else{
$this->load->view('global/auth/complete');
}
}
}
?>
what happens is when I go to index.php/auth/doLogin I get the
Code:
A PHP Error was encountered
Severity: Warning
Message: Cannot modify header information - headers already sent by (output started at D:\WebServer\htdocs\xterm\system\application\main_site\controllers\auth.php:17)
Filename: libraries/Session.php
Line Number: 315
And Line 19 of auth.php is ?>
Auth.php
PHP Code:
<?php
class Auth extends Controller{
function Auth(){
parent::Controller();
$this->load->library('session');
$this->load->model('UserMgmt');
//$this->load->library('ShowContent');
}
function doLogin(){
$logged_status = $this->UserMgmt->doLogin();
}
function forgot_pwd(){
}
}
?>
Thanks for the help in advanced
__________________
AMW_Drizz
Dev Machine:: Apache 2.2.6 PHP 5.2.6 MySQL 5.1
|
|
|
|
|
01-16-2009, 12:22 AM
|
Re: headers sent before sessions???
|
Posts: 116
Name: Michele T.
Location: Ny, Ny
|
Can you post index.php and session.php please? I don't see where session_start() is and that makes the problem a bit hard to solve xD
__________________
Freelance web+graphic designer and PHP developer.
Please login or register to view this content. Registration is FREE
|
|
|
|
|
01-16-2009, 12:39 PM
|
Re: headers sent before sessions???
|
Posts: 340
Name: Jon
Location: New York
|
index.php is irrelevant as it just locates paths for the CI framework and loads either the Selected Controller Passed by var in the URL or just the default controller if not specified.
I dont have access to sessions.php right now (at school) will have to wait until I get home, But sessions.php is called before any out put and it did work...
Okay I got Home and I am now going to put the sessions.php file as requested, and I also added the index.php file for you as well
PHP Code:
<?php
/*
|---------------------------------------------------------------
| PHP ERROR REPORTING LEVEL
|---------------------------------------------------------------
|
| By default CI runs with error reporting set to ALL. For security
| reasons you are encouraged to change this when your site goes live.
| For more info visit: http://www.php.net/error_reporting
|
*/
error_reporting(E_ALL);
/*
|---------------------------------------------------------------
| SYSTEM FOLDER NAME
|---------------------------------------------------------------
|
| This variable must contain the name of your "system" folder.
| Include the path if the folder is not in the same directory
| as this file.
|
| NO TRAILING SLASH!
|
*/
$system_folder = "system";
/*
|---------------------------------------------------------------
| APPLICATION FOLDER NAME
|---------------------------------------------------------------
|
| If you want this front controller to use a different "application"
| folder then the default one you can set its name here. The folder
| can also be renamed or relocated anywhere on your server.
| For more info please see the user guide:
| http://codeigniter.com/user_guide/general/managing_apps.html
|
|
| NO TRAILING SLASH!
|
*/
$application_folder = "application/main_site";
/*
|===============================================================
| END OF USER CONFIGURABLE SETTINGS
|===============================================================
*/
/*
|---------------------------------------------------------------
| SET THE SERVER PATH
|---------------------------------------------------------------
|
| Let's attempt to determine the full-server path to the "system"
| folder in order to reduce the possibility of path problems.
| Note: We only attempt this if the user hasn't specified a
| full server path.
|
*/
if (strpos($system_folder, '/') === FALSE)
{
if (function_exists('realpath') AND @realpath(dirname(__FILE__)) !== FALSE)
{
$system_folder = realpath(dirname(__FILE__)).'/'.$system_folder;
}
}
else
{
// Swap directory separators to Unix style for consistency
$system_folder = str_replace("\\", "/", $system_folder);
}
/*
|---------------------------------------------------------------
| DEFINE APPLICATION CONSTANTS
|---------------------------------------------------------------
|
| EXT - The file extension. Typically ".php"
| FCPATH - The full server path to THIS file
| SELF - The name of THIS file (typically "index.php")
| BASEPATH - The full server path to the "system" folder
| APPPATH - The full server path to the "application" folder
|
*/
define('EXT', '.'.pathinfo(__FILE__, PATHINFO_EXTENSION));
define('FCPATH', __FILE__);
define('SELF', pathinfo(__FILE__, PATHINFO_BASENAME));
define('BASEPATH', $system_folder.'/');
if (is_dir($application_folder))
{
define('APPPATH', $application_folder.'/');
}
else
{
if ($application_folder == '')
{
$application_folder = 'application';
}
define('APPPATH', BASEPATH.$application_folder.'/');
}
/*
|---------------------------------------------------------------
| LOAD THE FRONT CONTROLLER
|---------------------------------------------------------------
|
| And away we go...
|
*/
require_once BASEPATH.'codeigniter/CodeIgniter'.EXT;
/* End of file index.php */
/* Location: ./index.php */
I don't think you want to see all 600+ lines of code here, so I attached it.
__________________
AMW_Drizz
Dev Machine:: Apache 2.2.6 PHP 5.2.6 MySQL 5.1
Last edited by amw_drizz; 01-16-2009 at 04:51 PM..
|
|
|
|
|
01-18-2009, 07:22 PM
|
Re: headers sent before sessions???
|
Posts: 253
Location: Constanta,Romania
|
try changing error_reporting to 0 in index.php  |
|
|
|
|
01-18-2009, 08:26 PM
|
Re: headers sent before sessions???
|
Posts: 116
Name: Michele T.
Location: Ny, Ny
|
Changing error_reporting won't change the error. For testing purposes, E_ALL is best and for running a site E_NOTICE is generally best.
And your problems aren't sessions, as you site actually uses cookies. I still don't have the complete picture (as I don't see where the sess_create(); function is called etc...) but it looks like there's something going to the browser before the cookie is set. Those are MUCH more sensitive than sessions. Are there any intermediate files? I just don't see any of the functions in session.php called in any of the other code you gave us.
__________________
Freelance web+graphic designer and PHP developer.
Please login or register to view this content. Registration is FREE
|
|
|
|
|
01-18-2009, 09:59 PM
|
Re: headers sent before sessions???
|
Posts: 340
Name: Jon
Location: New York
|
Okay Normally I don't do this but I would love the help on getting this sorted out
I have compressed the entire site, CI and my App you can click here to download it
For those who are not familar with CI it is a Controller / model / view type of a framework.
If you plan on running this you will have to comment out the database library and any & all db calls in the auth controller and UserMngt Model
Hopefully this can prove some insight and to locate the output to the browser that is screwing me around...
Thanks
__________________
AMW_Drizz
Dev Machine:: Apache 2.2.6 PHP 5.2.6 MySQL 5.1
|
|
|
|
|
01-19-2009, 08:21 PM
|
Re: headers sent before sessions???
|
Posts: 2,898
Name: Keith Marshall
Location: Connecticut
|
Try to eliminate any ending ?> tags from all the included scripts that is parsed before the time of output. Funny enough that an extra new line at the end of the script may be the killer, some text-editors will append the new lines automatically.
__________________
<mgraphic /> - I don't have a solution but I admire the problem.
|
|
|
|
|
01-21-2009, 01:47 PM
|
Re: headers sent before sessions???
|
Posts: 340
Name: Jon
Location: New York
|
yup removed all the closing tags for php in my controllers and models and still get the same error. I think the issue is in that somewhere CI is getting a signal to output something to the browser...
__________________
AMW_Drizz
Dev Machine:: Apache 2.2.6 PHP 5.2.6 MySQL 5.1
|
|
|
|
|
« Reply to headers sent before sessions???
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
