session_start() Help.

PhPWhore

Okay, if this is a double post please forgive me :rolleyes:

But, this is the error I keep getting and Its raping me atm :3

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent

This is the line and got its getting the error from

Line 25 - function page_protect(){
session_start();

Thx, I will love you forever.

NogDog

You are getting the error because at the time session_start() is being executed, your script has already set output to the browsers, which means no more HTTP headers can be sent, since they must precede body output, which means session_start() can't do its thing, since it needs to send a cookie (which is a type of HTTP header). The fix is to make sure that session_start() is called before anything sends output, whether it be an echo command or simply text or white-space (even a bare newline) not within <?php...?> tags.

PhPWhore

NogDog;10981365 wrote:
You are getting the error because at the time session_start() is being executed, your script has already set output to the browsers, which means no more HTTP headers can be sent, since they must precede body output, which means session_start() can't do its thing, since it needs to send a cookie (which is a type of HTTP header). The fix is to make sure that session_start() is called before anything sends output, whether it be an echo command or simply text or white-space (even a bare newline) not within <?php...?> tags.

Okay so what I did i added the

ob_start() before session_start();

source and I now get this error

Parse error: syntax error, unexpected T_STRING in

Am I doing something wrong? I'm new to php.

NogDog

Don't know. Look at the line of code cited in the new error message and a few of the preceding lines. Most likely you left out a semi-colon, didn't close quote, forgot a closing parenthesis, etc. If you can't see it, post the line here with the error is along with a few lines before it (being sure to use this forum's [noparse]

...

[/noparse] BBCode tags).

PhPWhore

NogDog;10981369 wrote:
Don't know. Look at the line of code cited in the new error message and a few of the preceding lines. Most likely you left out a semi-colon, didn't close quote, forgot a closing parenthesis, etc. If you can't see it, post the line here with the error is along with a few lines before it (being sure to use this forum's [noparse]
...
[/noparse] BBCode tags).

Here is the source,
http://pastebin.com/AxkzmSpq

Thanks man, your really helping me 😃

PhPWhore

PhPWhore;10981373 wrote:
Here is the source,
http://pastebin.com/AxkzmSpq

Thanks man, your really helping me 😃

Better yet,

<?php
ob_start() before session_start();
define ("DB_HOST","localhost"); // set database host
define ("DB_USER","callofd4_storm"); // set database user
define ("DB_PASS","thuglife123"); // set database password
define ("DB_NAME","callofd4_shell"); // set database name

$shellRotation = 1;
$rotationAmount = 200;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");

$user_registration = 1;  

define("COOKIE_TIME_OUT", 10); 
define('SALT_LENGTH', 9); 

define ("ADMIN_LEVEL", 5);
define ("MOD_LEVEL", 4);
define ("USER_LEVEL", 1);
define ("GUEST_LEVEL", 0);

function page_protect() {
session_start();

global $db; 

if (isset($_SESSION['HTTP_USER_AGENT']))
{
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
    {
        logout();
        exit;
    }
}

if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) 
{
	if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){

$cookie_user_id  = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

	logout();
	}

 if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
 	  session_regenerate_id();

	  $_SESSION['user_id'] = $_COOKIE['user_id'];
	  $_SESSION['user_name'] = $_COOKIE['user_name'];
	  list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));

	  $_SESSION['user_level'] = $user_level;
	  $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

   } else {
   logout();
   }

  } else {
	header("Location: login.php");
	exit();
	}
}
}



function filter($data) {
	$data = trim(htmlentities(strip_tags($data)));

if (get_magic_quotes_gpc())
	$data = stripslashes($data);

$data = mysql_real_escape_string($data);

return $data;
}



function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}

function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}

function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;

$str = substr($str,0,$len);
if ($spc_pos = strrpos($str," "))
        $str = substr($str,0,$spc_pos);

return $str . "...";
}	

function isEmail($email){
  return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}

function isUserID($username)
{
	if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
		return true;
	} else {
		return false;
	}
 }	

function isURL($url) 
{
	if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
		return true;
	} else {
		return false;
	}
} 

function checkPwd($x,$y) 
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 4 || strlen($y) < 4) { return false; }

if (strcmp($x,$y) != 0) {
 return false;
 } 
return true;
}

function GenPwd($length = 7)
{
  $password = "";
  $possible = "0123456789bcdfghjkmnpqrstvwxyz"; 

  $i = 0; 

  while ($i < $length) { 


$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);


if (!strstr($password, $char)) { 
  $password .= $char;
  $i++;
}

  }

  return $password;

}

function GenKey($length = 7)
{
  $password = "";
  $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; 

  $i = 0; 

  while ($i < $length) { 


$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);


if (!strstr($password, $char)) { 
  $password .= $char;
  $i++;
}

  }

  return $password;

}


function logout()
{
global $db;
session_start();

if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) {
mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR  `id` = '$_COOKIE[user_id]'") or die(mysql_error());
}			

unset($_SESSION['user_id']);
unset($_SESSION['user_name']);
unset($_SESSION['user_level']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy(); 

setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");

header("Location: login.php");
}

function PwdHash($pwd, $salt = null)
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else     {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($pwd . $salt);
}

function checkAdmin() {
if($_SESSION['user_level'] == ADMIN_LEVEL) {
return 1;
} else {
    return 0 ;
}
}

function checkMod() {
if($_SESSION['user_level'] == MOD_LEVEL) {
return 1;
} else {
    return 0 ;
}
}
?>

PhPWhore

PhPWhore;10981374 wrote:

Better yet,

<?php
ob_start() before session_start();
define ("DB_HOST","localhost"); // set database host
define ("DB_USER","callofd4_storm"); // set database user
define ("DB_PASS","thuglife123"); // set database password
define ("DB_NAME","callofd4_shell"); // set database name

$shellRotation = 1;
$rotationAmount = 200;

$link = mysql_connect(DB_HOST, DB_USER, DB_PASS) or die("Couldn't make connection.");
$db = mysql_select_db(DB_NAME, $link) or die("Couldn't select database");

$user_registration = 1;  

define("COOKIE_TIME_OUT", 10); 
define('SALT_LENGTH', 9); 

define ("ADMIN_LEVEL", 5);
define ("MOD_LEVEL", 4);
define ("USER_LEVEL", 1);
define ("GUEST_LEVEL", 0);

function page_protect() {
session_start();

global $db; 

if (isset($_SESSION['HTTP_USER_AGENT']))
{
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
    {
        logout();
        exit;
    }
}

if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) 
{
	if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){

$cookie_user_id  = filter($_COOKIE['user_id']);
$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

	logout();
	}

 if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
 	  session_regenerate_id();

	  $_SESSION['user_id'] = $_COOKIE['user_id'];
	  $_SESSION['user_name'] = $_COOKIE['user_name'];
	  list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='$_SESSION[user_id]'"));

	  $_SESSION['user_level'] = $user_level;
	  $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);

   } else {
   logout();
   }

  } else {
	header("Location: login.php");
	exit();
	}
}
}



function filter($data) {
	$data = trim(htmlentities(strip_tags($data)));

if (get_magic_quotes_gpc())
	$data = stripslashes($data);

$data = mysql_real_escape_string($data);

return $data;
}



function EncodeURL($url)
{
$new = strtolower(ereg_replace(' ','_',$url));
return($new);
}

function DecodeURL($url)
{
$new = ucwords(ereg_replace('_',' ',$url));
return($new);
}

function ChopStr($str, $len) 
{
    if (strlen($str) < $len)
        return $str;

$str = substr($str,0,$len);
if ($spc_pos = strrpos($str," "))
        $str = substr($str,0,$spc_pos);

return $str . "...";
}	

function isEmail($email){
  return preg_match('/^\S+@[\w\d.-]{2,}\.[\w]{2,6}$/iU', $email) ? TRUE : FALSE;
}

function isUserID($username)
{
	if (preg_match('/^[a-z\d_]{5,20}$/i', $username)) {
		return true;
	} else {
		return false;
	}
 }	

function isURL($url) 
{
	if (preg_match('/^(http|https|ftp):\/\/([A-Z0-9][A-Z0-9_-]*(?:\.[A-Z0-9][A-Z0-9_-]*)+):?(\d+)?\/?/i', $url)) {
		return true;
	} else {
		return false;
	}
} 

function checkPwd($x,$y) 
{
if(empty($x) || empty($y) ) { return false; }
if (strlen($x) < 4 || strlen($y) < 4) { return false; }

if (strcmp($x,$y) != 0) {
 return false;
 } 
return true;
}

function GenPwd($length = 7)
{
  $password = "";
  $possible = "0123456789bcdfghjkmnpqrstvwxyz"; 

  $i = 0; 

  while ($i < $length) { 


$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);


if (!strstr($password, $char)) { 
  $password .= $char;
  $i++;
}

  }

  return $password;

}

function GenKey($length = 7)
{
  $password = "";
  $possible = "0123456789abcdefghijkmnopqrstuvwxyz"; 

  $i = 0; 

  while ($i < $length) { 


$char = substr($possible, mt_rand(0, strlen($possible)-1), 1);


if (!strstr($password, $char)) { 
  $password .= $char;
  $i++;
}

  }

  return $password;

}


function logout()
{
global $db;
session_start();

if(isset($_SESSION['user_id']) || isset($_COOKIE['user_id'])) {
mysql_query("update `users` set `ckey`= '', `ctime`= '' where `id`='$_SESSION[user_id]' OR  `id` = '$_COOKIE[user_id]'") or die(mysql_error());
}			

unset($_SESSION['user_id']);
unset($_SESSION['user_name']);
unset($_SESSION['user_level']);
unset($_SESSION['HTTP_USER_AGENT']);
session_unset();
session_destroy(); 

setcookie("user_id", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_name", '', time()-60*60*24*COOKIE_TIME_OUT, "/");
setcookie("user_key", '', time()-60*60*24*COOKIE_TIME_OUT, "/");

header("Location: login.php");
}

function PwdHash($pwd, $salt = null)
{
    if ($salt === null)     {
        $salt = substr(md5(uniqid(rand(), true)), 0, SALT_LENGTH);
    }
    else     {
        $salt = substr($salt, 0, SALT_LENGTH);
    }
    return $salt . sha1($pwd . $salt);
}

function checkAdmin() {
if($_SESSION['user_level'] == ADMIN_LEVEL) {
return 1;
} else {
    return 0 ;
}
}

function checkMod() {
if($_SESSION['user_level'] == MOD_LEVEL) {
return 1;
} else {
    return 0 ;
}
}
?>

& Don't worry that's a fake database 🙂

bradgrafelman

For one, "before session_start();" isn't PHP code, it's an English phrase that is describing where you should place the call to ob_start().

Second, IMHO throwing ob_start() into the code isn't fixing the problem, it's just utilizing (possibly) extra server resources to mask the sloppy coding that caused the issue. In other words, workaround != fix.

Ashley_Sheridan

The issue is most likely caused by whitespace before the PHP code. Make sure that this is before any kind of output or HTML content:

<?php
session_start();

If this file is part of a set of includes, make sure there is no output or HTML in anything preceeding it, because as soon as any output is sent to the browser, the headers are sent too, and you can only send one set of headers.

bradgrafelman

There's really no need to guess which output is causing the error... PHP tells you exactly where to look in the full error message (which was shortened in the OP's first post above).