A problem with $_SESSION closing unexpectedly

Hi there
I have been working on a login PHP script and had it working until I made so change late at

night and forgot to back it up.
The script uses PHP and Javascript as well as a Mysql database.
The problem I am having is with the session closing unexpectedly when I go to enter the

profile (or any other button placed after the login). It is rather hard to explain so here

is the PHP code

<?php //login php script    
include_once 'rnfunctions.php';
$theaction='index14.php';
function destroySession()
{
$_SESSION=array();
if ((session_id() != '') || isset($_COOKIE[session_name()])){
setcookie(session_name(),'', time()-2592000,'/');
session_destroy();
}
}
function startsessions($user,$pass,$theaction)
{
session_start();
session_name($user);
$_SESSION['user'] = $user;
$_SESSION['pass'] = $pass;
$theuser =($_SESSION['user']);
echo "You are now logged in as $theuser";
}

function loggedin($theaction)
{
echo <<<_END
<table>
<tr>
<td>
<form name="myform" method='post' action='$theaction'>
<input type='hidden' name='logout'value='logout' />
<a href="#" onMouseDown="submitform(0);">logout</a> |
</form>
</td>
<td>
////////////////////here is the problem point////////////////////////////////////
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='profile'value='profile' />
<a href="#" onMouseDown="submitform(2);">profile</a> |
</form>
///////////////////////////////////////////////////////////////////////////////////
</td>
<td>
<form name="myform3" method='post' action='$theaction'>
<input type='hidden' name='unregister'value='unregister' />
<a href="#" onMouseDown="submitform(3);">unregister</a>
</form>
</td>
</tr>
</table>
_END;
}
function loginform($theaction)
{
echo <<<_END
<table border="0">
<tr>
<form name="myform" method='post' action='$theaction'>
<td>Username->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; 

font-size: 12px; background-color: #1BCE11;" id ='password' id='username' size='12' 

maxlength='16' name='user'
value='user' /></td>
</tr>
<tr>
<td>Password->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; 

font-size: 12px; background-color: #1BCE11;" id ='password' size='12' maxlength='16' 

name='pass'
value='pass' /></td>
</tr>
<tr>

<td colspan="2"><a href="#" onMouseDown="submitform(0);">login</a></td>
</form>
</tr><tr><td colspan="2">
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='register'value='register' />
<a href="#" onMouseDown="submitform(2);">register</a>
</form></td></tr>
<tr><td colspan="2">
<form name="myform3" method='post' action='$theaction'>
<input type='hidden' name='reset'value='reset' />
<a href="#" onMouseDown="submitform(3);">reset password</a></td>
</tr>
</table>
_END;
}
function regform($theaction)
{
echo <<<_END
<table border="0">
<tr>
<form name="myform" method='post' action='$theaction'>
<td>Username->    </td><td> <input type='text'STYLE="color: #FFFFFF; font-family: Verdana;  

font-size: 12px; background-color: #1BCE11;" size='12' maxlength='16' name='username'
value='username' onBlur='checkUser(this)'/></td>
</tr>
<tr>
<td>Password->    </td><td> <input type='password' STYLE="color: #FFFFFF; font-family: 

Verdana;  font-size: 12px; background-color: #1BCE11;" size='12' maxlength='16' 

name='password'
value='password' onBlur='checkpass(this)'/></td>
</tr>
<tr>
<td>Email->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; 

font-size: 12px; background-color: #1BCE11;"size='12' maxlength='30' name='email'
value='email' onBlur='checkEmail(this)'/></td>
</tr>
<tr>
<td colspan="2"><a href="#" onMouseDown="submitform(0);">register</a>
</form></td></tr><tr>
<td colspan="2">
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='login'value='login' />
<a href="#" onMouseDown="submitform(2);">login</a>
</form>
</td>
</tr>
</table>
<span id='logtext'></span>
_END;
}
function retlogin($theaction)
{
echo <<<_END
<form name="myform" method='post' action='$theaction'>
<input type='hidden' name='login'value='login' />
<a href="#" onMouseDown="submitform(0);">back to login</a>
</form>
_END;
}
function resetform($theaction)
{
echo <<<_END
<table border="0">
<tr>
<form name="myform" method='post' action='$theaction'>
<td>Enter New Password->    </td><td> <input type='password' STYLE="color: #FFFFFF; 

font-family: Verdana; font-size: 12px; background-color: #1BCE11;"size='12' maxlength='16' 

name='password1'
value='password1' onBlur='checkpass(this)'/></td>
</tr>
<tr>
<td>Email->    </td><td> <input type='text' STYLE="color: #FFFFFF; font-family: Verdana; 

font-size: 12px; background-color: #1BCE11;" id ='password' size='12' maxlength='30' 

name='email'
value='email'onBlur='checkreset(this)'/></td>
</tr>
<tr>
<td colspan="2"><a href="#" onMouseDown="submitform(0);">reset password</a>
</form></td></tr><tr>
<td colspan="2">
<form name="myform2" method='post' action='$theaction'>
<input type='hidden' name='login'value='login' />
<a href="#" onMouseDown="submitform(2);">back to login</a>
</form>
</td>
</tr>
</table>
<span id='logtext'></span>
_END;
}

if (isset($_POST['login']))
{
loginform($theaction);
}
elseif (isset($_POST['logout']))
{
echo "you have logged out";
destroySession();
loginform($theaction);
}
//recieve reset password call
elseif (isset($_POST['reset']))
{
resetform($theaction);
}
//recieve reset password info
elseif (isset($_POST['password1']))
{
$theemail =    $_POST['email'];
$newpass =    $_POST['password1'];
//salt hash password for replacement
$newpass = encriptpass($newpass);
$query = "SELECT * FROM users WHERE email='$theemail'";
if (mysql_num_rows(queryMysql($query)) == 0)
{
echo "Email invalid please register<br />";
regform($theaction);
}
else
{
        $message = validate_password($newpass);
        if ($message =="")
        {
        $regaddress = 

"http://www.imandanband.com.resetpass.php?newpass=".$newpass."&email=".$theemail; 
             $to = $theemail;
             $subject = "Reset password at Imandan";
             $body = "Hi there,\
\
You have requested to reset your password to 

$newpass.\
\
Please click the following link to validate your new password\
\
$regaddress or 

ignore this message if it has been sent in error";
             if (mail($to, $subject, $body)) {
                   echo("Message successfully sent! Go to your email to 

validate your new password");
            retlogin($theaction);
              } else {
              echo("Message delivery failed...You must enter a valid email 

address");
            }
        }

        }
}
elseif (isset($_POST['user']))
{
$user = sanitizeString($_POST['user']);
$pass = sanitizeString($_POST['pass']);
$pass = encriptpass($pass);
if ($user == "" || $pass == "")
{
$error = "Not all fields were entered<br />";
}
else
{
$query = "SELECT user, pass FROM users WHERE user='$user' AND pass ='$pass'";

if (mysql_num_rows(queryMysql($query)) == 0)
{
    echo "Username/Password invalid<br />";
    loginform($theaction);
}
else
{
startsessions($user,$pass,$theaction);
showprofile();

}
}
}
else{
loginform($theaction);
}

The code that is marked is where I have the problem. It calls a javascript function to submit the form.
The javascript function is as follows

function submitform(num)
{
if (num == 2)
{
document.myform2.submit();
return 1;
}
if (num == 3)
{
document.myform3.submit();
return 1;
}
if (num == 4)
{
document.myform4.submit();
return 1;
}
if (num == 5)
{
document.myform5.submit();
return 1;
}
if (num == 6)
{
document.myform6.submit();
return 1;
}
else
{
document.myform.submit();
return 1;
}
}

I can log in though when I go to enter the profile the $_SESSION[‘user’] is gone and I am logged out. I just can’t seem to track down the problem and it is frustrating the heck out of me.
If anyone has any ideas PLEASE help!

It looks to me, without actually running your code, that you aren’t starting the session unless you run the startsessions() function. If you don’t start the session on the new page, then there is no $_SESSION populated, so you wouldn’t appear to be logged in. I’m also guessing that your server is not auto starting the session each page.

Try just putting session_start() at the top of your page and taking it out of startsessions(). You will need session_start() in any page that you want to use session variables in.

Thanks Cute Tink
I have done just that and this works for my home server :slight_smile: though not for my online server :confused:.
In fact it seems that the online server starts sessions automatically as I receive an error if I put session_start() at the top of the page.
I can now enter the profile on my home server though I have the same problem with the online version.
Got any ideas?

Can you post the text of the error message you are getting?

The error message is as follows
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/f/i/r/firehawk777/html/index14.php:12) in /home/content/f/i/r/firehawk777/html/index14.php on line 236

That seems like the session_start() call is coming after you have echo’d something to the page. Are you sure you put it at the absolute top of the page? Including before any includes?

You are really good at this Cute Tink!
I did have some javascript before the session_start() and after fixing this as you said it all works fine!
Thank you for your help!
Hopefully this is a fixed problem now though I will do some testing before I say that.

I hope that works for you. I do ok at this. Mostly I have seen that error enough to know the problem.