Help with session_start();

spaceshiptrooper · July 11, 2019, 10:07pm

Where’s the whole .htaccess file?

If nothing is being displayed even the Array () output then there’s something wrong with the .htaccess file. Simply doing a print_r shouldn’t cause an error especially since there’s an exit() in there to stop the rest from executing.

ChrisjChrisj · July 11, 2019, 10:31pm

Thanks again for your message.

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} [R,L]



RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^$ index.php?link1=home [NC,QSA]
RewriteRule ^reset-password/([^\/]+)(\/|)$ index.php?link1=reset-password&code=$1 [NC,QSA]
RewriteRule ^confirm/(.*)/(.*)$ index.php?link1=confirm&code=$1&email=$2 [NC,QSA]
RewriteRule ^two_factor_login/$ index.php?link1=two_factor_login [NC,QSA]
RewriteRule ^two_factor_submit/$ index.php?link1=two_factor_submit [NC,QSA]

RewriteRule ^v/(.*)$ index.php?v=$1 [NC,QSA]

RewriteRule ^api/v(([0-9])([.][0-9]+))(\/|)$ api.php?v=$1 [QSA]


RewriteRule ^admin-cp$ admincp.php [NC,QSA]
RewriteRule ^admin-cp/(.*)$ admincp.php?page=$1 [NC,QSA]
RewriteRule ^admin-cdn/(.*)$ admin-panel/$1 [L]


RewriteRule ^videos/category/(.*)/rss(\/|)$ index.php?link1=videos&page=category&id=$1&feed=rss [NC,QSA]
RewriteRule ^videos/category/(.*)/(.*)$ index.php?link1=videos&page=category&id=$1&sub_id=$2 [NC,QSA]
RewriteRule ^videos/category/(.*)$ index.php?link1=videos&page=category&id=$1 [NC,QSA]
RewriteRule ^videos/(.*)/rss(\/|)$ index.php?link1=videos&page=$1&feed=rss [NC,QSA]
RewriteRule ^videos/(.*)$ index.php?link1=videos&page=$1 [NC,QSA]
RewriteRule ^articles(\/|)$ index.php?link1=articles [NC,QSA]
RewriteRule ^articles/category/(.*)(\/|)$ index.php?link1=articles&category_id=$1 [NC,QSA]
RewriteRule ^articles/read/(.*)(\/|)$ index.php?link1=read&id=$1 [NC,QSA]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^aj/([^/.]+)/?$ ajax.php?type=$1&first=$2 [L,QSA]
RewriteRule ^aj/([^/.]+)/([^/.]+)/?$ ajax.php?type=$1&first=$2 [L,QSA]
RewriteRule ^aj/([^/.]+)/([^/.]+)/([^/.]+)/?$ ajax.php?type=$1&first=$2&second=$3 [L,QSA]
RewriteRule ^edit-video/(.*)?$ index.php?link1=edit-video&id=$1 [L,QSA]
RewriteRule ^watch/([^\/]+)(\/|)?$ index.php?link1=watch&id=$1 [L,QSA]
RewriteRule ^watch/([^\/]+)/list/([^\/]+)(\/|)?$ index.php?link1=watch&id=$1&list=$2 [L,QSA]
RewriteRule ^embed/(.*)?$ index.php?link1=embed&id=$1 [L,QSA]
RewriteRule ^resend/(.*)/(.*)?$ index.php?link1=resend&id=$1&u_id=$2 [L,QSA]
RewriteRule ^redirect/(.*)?$ index.php?link1=redirect&id=$1 [L,QSA]
RewriteRule ^settings/(.*)/(.*)$ index.php?link1=settings&page=$1&user=$2 [NC,QSA]
RewriteRule ^settings/(.*)$ index.php?link1=settings&page=$1 [NC,QSA]
RewriteRule ^terms/([^\/]+)(\/|)$  index.php?link1=terms&type=$1 [QSA]
RewriteRule ^go_pro(\/|)$  index.php?link1=go_pro [QSA]
RewriteRule ^ads(\/|)$  index.php?link1=ads [QSA]
RewriteRule ^ads/create(\/|)$  index.php?link1=create_ads [QSA]
RewriteRule ^ads/edit/(\d+)(\/|)$  index.php?link1=edit_ads&id=$1 [QSA]
RewriteRule ^ads/analytics/(\d+)(\/|)$  index.php?link1=ads_analytics&id=$1 [QSA]
RewriteRule ^contact-us(\/|)$  index.php?link1=contact [QSA]
RewriteRule ^@([^\/]+)(\/|)$  index.php?link1=timeline&id=$1 [QSA]
RewriteRule ^messages/(.*)$ index.php?link1=messages&id=$1 [NC,QSA]
RewriteRule ^view_analytics/(.*)$ index.php?link1=view_analytics&id=$1 [NC,QSA]
RewriteRule ^video_studio/(.*)$ index.php?link1=video_studio [NC,QSA]
RewriteRule ^comments/$ index.php?link1=comments [NC,QSA]
RewriteRule ^dashboard/$ index.php?link1=dashboard [NC,QSA]
RewriteRule ^popular_channels/$ index.php?link1=popular_channels [NC,QSA]
RewriteRule ^create_article/$ index.php?link1=create_article [NC,QSA]
RewriteRule ^my_articles/$ index.php?link1=my_articles [NC,QSA]
RewriteRule ^edit_articles/(.*)?$ index.php?link1=edit_articles&id=$1 [NC,QSA]

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^([^\/]+)(\/|)$  index.php?link1=$1 [QSA]


<IfModule mod_deflate.c>
  AddOutputFilterByType DEFLATE text/html
  AddOutputFilterByType DEFLATE text/css
  AddOutputFilterByType DEFLATE text/javascript
  AddOutputFilterByType DEFLATE text/xml
  AddOutputFilterByType DEFLATE text/plain
  AddOutputFilterByType DEFLATE image/x-icon
  AddOutputFilterByType DEFLATE image/svg+xml
  AddOutputFilterByType DEFLATE application/rss+xml
  AddOutputFilterByType DEFLATE application/javascript
  AddOutputFilterByType DEFLATE application/x-javascript
  AddOutputFilterByType DEFLATE application/xml
  AddOutputFilterByType DEFLATE application/xhtml+xml
  AddOutputFilterByType DEFLATE application/x-font
  AddOutputFilterByType DEFLATE application/x-font-truetype
  AddOutputFilterByType DEFLATE application/x-font-ttf
  AddOutputFilterByType DEFLATE application/x-font-otf
  AddOutputFilterByType DEFLATE application/x-font-opentype
  AddOutputFilterByType DEFLATE application/vnd.ms-fontobject
  AddOutputFilterByType DEFLATE font/ttf
  AddOutputFilterByType DEFLATE font/otf
  AddOutputFilterByType DEFLATE font/opentype
  BrowserMatch ^Mozilla/4 gzip-only-text/html
  BrowserMatch ^Mozilla/4\.0[678] no-gzip
  BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
</IfModule>
<IfModule mod_security.c>
  SecFilterScanPOST Off
</IfModule>
## EXPIRES CACHING ##
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType image/jpg "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/pdf "access plus 1 month"
ExpiresByType text/x-javascript "access plus 1 month"
ExpiresByType application/x-shockwave-flash "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresDefault "access plus 190 days"
</IfModule>
## EXPIRES CACHING ##

# BEGIN cPanel-generated php ini directives, do not edit
# Manual editing of this file may result in unexpected behavior.
# To make changes to this file, use the cPanel MultiPHP INI Editor (Home >> Software >> MultiPHP INI Editor)
# For more information, read our documentation (https://go.cpanel.net/EA4ModifyINI)
<IfModule php7_module>
   php_value post_max_size 2024M
   php_value upload_max_filesize 2024M
   php_value output_buffering Off
   php_value max_execution_time 4000
   php_value max_input_vars 3000
   php_value max_input_time 5000
   php_flag zlib.output_compression Off
   php_flag log_errors On
   php_value error_reporting 32767
   php_value error_log "/home/.../public_html/error_log"
</IfModule>
<IfModule lsapi_module>
   php_value post_max_size 2024M
   php_value upload_max_filesize 2024M
   php_value output_buffering Off
   php_value max_execution_time 4000
   php_value max_input_vars 3000
   php_value max_input_time 5000
   php_flag zlib.output_compression Off
   php_flag log_errors On
   php_value error_reporting 32767
   php_value error_log "/home/.../public_html/error_log"
</IfModule>
# END cPanel-generated php ini directives, do not edit

I look forward to any additional guidance

droopsnoot · July 12, 2019, 8:56am

I’m guessing that this line:

RewriteRule ^@([^\/]+)(\/|)$  index.php?link1=timeline&id=$1 [QSA]

means that anything starting with an @ symbol is rewritten to redirect to index.php and supply the stuff after that symbol in $_GET['id'].

Yes, that is strange. Your code should dump the contents of the array and then immediately exit.

ChrisjChrisj · July 12, 2019, 3:04pm

Much thanks for your reply.
So, if it’s true that this line:

RewriteRule ^@([^\/]+)(\/|)$ index.php?link1=timeline&id=$1 [QSA]

means that anything starting with an @ symbol is rewritten to redirect to index.php and supply the stuff after that symbol in $_GET['id'] ,
can you think of a solution for my situation?

droopsnoot · July 12, 2019, 5:43pm

First, you need to figure out why you’ve changed the code to just dump the $_GET array and exit, but it is not doing that.

ChrisjChrisj · July 12, 2019, 5:53pm

Thanks again for your message.
I’m not clear on you question why I changed the code?
The only changes to this I have made are as directed within this thread.

spaceshiptrooper · July 12, 2019, 5:54pm

Oh, I told the OP to do that. It’s because I was trying to see what GET requests were being pulled in. My suspicion was that we didn’t really know what GET variables were being set, it might have triggered the if(empty($_GET['id'])) section. What is also making me curious is the header redirect in that section. Empty locations might actually cause the page to not redirect and if that section is being triggered, it would be a bit harder to find out if we don’t know what GET variables are being set. It may even cause a blank page if there is no redirect and that section also has an exit as well. So I instructed OP to output all GET variables to see what’s actually being pulled into the page.

droopsnoot · July 12, 2019, 6:07pm

Sorry, maybe I didn’t phrase it well. I wasn’t questioning why it was done - I was questioning why, as Chris had made the change as directed, it wasn’t actually showing the contents of the array and exiting, but:

DarthGuido · July 13, 2019, 12:32pm

Make that

print_r($_SESSION); exit() ;
If(!isset($_SESSION['username'])){ 
  header("Location:../login");
  exit(); 
}

Just for debugging. Once you’ve seen the content of $_SESSION you can eliminate the print_r and exit.

ChrisjChrisj · July 13, 2019, 5:00pm

Thanks for your reply.
I added your suggestion, but there is nothing to see when drop-down-menu > Profile is selected.

Any additional help is appreciated

droopsnoot · July 13, 2019, 5:18pm

Nothing to see in that the page does not open at all, or nothing to see in that the page displays exactly the same way as it normally does?

ChrisjChrisj · July 14, 2019, 10:23pm

Thanks again for all the replies.

with this current code

<?php

header('Content-Type: application/javascript;');
print_r($_GET);
exit();
//print_r($_SESSION); exit() ;
//session_start();

if(!isset($_SESSION['username'])){
   header("Location:../login");
   //print_r($_SESSION);
   exit();
}

if (empty($_GET['id'])) {
    header("Location: " . PT_Link(''));
    exit();
}
$username = PT_Secure($_GET['id']);
$user_id  = $db->where('username', $username)->getOne(T_USERS);

$lists    = false;
if (empty($user_id)) {
    header("Location: " . PT_Link(''));
    exit();
}
$pt->page_url_ = $pt->config->site_url.'/@'.$username ;
$pt->second_page = 'videos';
if (!empty($_GET['page'])) {
    switch ($_GET['page']) {
        case 'liked-videos':
            $pt->second_page = 'liked-videos';
            break;
        case 'about':
            $pt->second_page = 'about';
            break;
        case 'play-lists':
            $pt->second_page = 'play-lists';
            $lists           = true;
            break;

    }
    $pt->page_url_ = $pt->config->site_url.'/@'.$username."?page=".$pt->second_page;
}

$user_data   = PT_UserData($user_id, array(
    'data' => true
));

the developer tools > console shows this:

Uncaught Error: Syntax error, unrecognized expression: Array

(
    
[link1] => timeline
    
[id] => chrisj
    
[page] => about
    
[hash] => cdc4a83ae484cf1e0aec7b86c9dc6660a6eeea83
   
[_] => 1563141463670

)
   
 at Function.ga.error (jquery-3.min.js:2)
    
at ga.tokenize (jquery-3.min.js:2)
    
at ga.select (jquery-3.min.js:2)
    
at Function.ga [as find] (jquery-3.min.js:2)
    
at r.fn.init.find (jquery-3.min.js:2)
    
at new r.fn.init (jquery-3.min.js:2)
    
at r (jquery-3.min.js:2)
    
at Object.<anonymous> ((index):109)
    
at i (jquery-3.min.js:2)
    
at Object.fireWith [as resolveWith] (jquery-3.min.js:2)

but that console error disappears when I block this php:

<head>
//<?php
//if ($pt->second_page == 'about')
//echo "<meta name='robots' content='noindex'>";
//?>
</head>

(that noindex php code was suggested from another posting where I had asked how to block the profile page from being displayed in web searches).

and when that’s blocked and I refresh, I see this:

Array
(
    [link1] => timeline
    [id] => chrisj
)

and then when I unblock this line:

session_start();

like so:

<?php

header('Content-Type: application/javascript;');
print_r($_GET);
exit();
//print_r($_SESSION); exit() ;
session_start();

if(!isset($_SESSION['username'])){
   header("Location:../login");
   //print_r($_SESSION);
   exit();
}

and refresh, I see this:

Array ( [lang] => english [uploads] => Array ( [videos] => Array ( ) [images] => Array ( ) ) [main_hash_id] => cd55da83ea484fc1e0aec7b86c9dc6660a6eeea83 [finger] => 6fbd390dba196cb78cf92e3839bf4e3811ba334e [user_id] => 793826d8769483a5780bd7f8e21580311ef939011563141354fd21f08e6c78bd331a726e0b2fd977dd [session_key] => 1d66594c28e40c1315ac55be504d6340 [active_time] => 1563141725 )

does this shed some light?

I look forward to any comments/suggestions
thanks again

DarthGuido · July 15, 2019, 4:50am

Looks like there’s no username in $_SESSION.

John_Betong · July 15, 2019, 6:53am

[off-topic]

Try the following to display arrays because linefeeds are added and makes the array far easier to read;

<?php 
//
//

$array = Array ('One' => 001, 'two' => array('aaa' => 'AAA', 'bbb' => 'BBB'), 'three' => 003);

print_r($array);

echo '<hr>';

echo '<pre>' .print_r($array, TRUE), '</pre>';

//

Results:

[/off-topic]

droopsnoot · July 15, 2019, 8:43am

By “refresh”, are you hitting the browser refresh button, or opening the page via the same method (a link) as you did before?

If you look at the array contents in your final example, you can see that all of a sudden, the array element id is no longer present, where it is present the first few times.

That shouldn’t make any difference, because the line immediately before it is exit() which cancels operation of the script after displaying the array contents.

spaceshiptrooper · July 15, 2019, 11:37am

I think the problem wasn’t as we expected. Since Chris didn’t tell us exactly what was happening on the page, we could only assume the pages were displaying completely blank pages. What we really need is exact errors and what isn’t showing and what is showing. Dancing around the problem won’t lead us to the solution.

So far, we know there’s something in that file that isn’t allowing the page to display. However, we don’t know if it’s the parent file that’s including it or we don’t know if there is a syntactical error. What doesn’t make a lot of sense is that changing any line below the exit(); lines shouldn’t be effecting any outputs. So it doesn’t make sense to be seeing different outputs if the line I requested was only supposed to be showing GET requests unless that line was removed and the line @DarthGuido requested was put in its place. That’s fine, but we need to know what exact modifications was done on that file. It makes sense now looking at the request Guido asked for, but we need to know which person’s request you are going to do so we don’t get confused at why there’s odd results.

You can remove the lines I requested now. We can see what the GET requests are and they do line up with your .htaccess.

droopsnoot · July 15, 2019, 11:47am

What I’d like to know is, in the debug information suggested earlier on in post #19, what is the need for this line?

header('Content-Type: application/javascript;');

As we’re only outputting the contents of an array, does this tell the browser something “special”?

spaceshiptrooper · July 15, 2019, 12:02pm

It’s just to make the output more “prettier”. Instead of doing

print ‘<pre>’;
print_r($_GET);
print ‘</pre>’;

Or if you’d like, replace the print statements with echo (doesn’t really make a difference). But it pretty much tells the browser that this file is a JavaScript file. Which in turn “pretties” the array output since the output itself is actually well formatted. Just not on the actual browser. If you open up View Page Source, you see it well formatted, but if you view the results in the browser like a normal webpage, it’s not really that well formatted.

So header(‘Content-Type: application/javascript;’); is just a shorter way to make the results pretty. Only do it when there isn’t HTML elements on the page by the way. It’ll convert the entire page to have that header. I typically only do this if I’m debugging GET and POST requests.

ChrisjChrisj · July 15, 2019, 4:32pm

Thanks again for the replies.

Regarding “By “refresh”, are you hitting the browser refresh button, or opening the page via the same method (a link) as you did before?”

sorry for any confusion, when I said ‘refresh’ I mean that I select the ‘Profile’ (page) link, the outcome is that the main page that I’m on simply refreshes, rather than redirects to the ‘Profile’ Page. But when this is removed it redirects successfully:

if(!isset($_SESSION['username'])){
   header("Location:../login");
  exit();
}

But when that code is present (not removed) and I manually add …/@chrisj to the browser, I see this on that page:

Array ( [lang] => english [uploads] => Array ( [videos] => Array ( ) [images] => Array ( ) ) [main_hash_id] => cd55da83ea484fc1e0aec7b86c9dc6660a6eeea83 [finger] => 6fbd390dba196cb78cf92e3839bf4e3811ba334e [user_id] => 793826d8769483a5780bd7f8e21580311ef939011563141354fd21f08e6c78bd331a726e0b2fd977dd [session_key] => 1d66594c28e40c1315ac55be504d6340 [active_time] => 1563141725 )

I’m guessing that maybe the main page that I’m on simply refreshes (rather than redirect to the ‘Profile’ Page) is because am logged in:

if(!isset($_SESSION['username'])){
   header("Location:../login");

So, is there a solution that might instruct to say 'if already logged in go to @ the username’s profile page? like:

if (IS_LOGGED == true) {

any additional suggestions are welcomed

droopsnoot · July 15, 2019, 5:37pm

When your user logs on, does that set your $_SESSION['username'] variable? If it does, then that’s the solution, and all you need to do is debug exactly why it’s not quite working for you.