Hi, guys.
Sorry this got so long – please bear with me…
I have a session/login scripting setup that has been working fine for two clients’ folders, but I added the script to a new client and it’s not working for them.
Each of the clients sites have a header.php page, which has at the very top this code:
[code=php]<?
session_start();
// The included script checks the client IP address and if it is an allowed list the session variable will be set to the directory
// that the user tried to access
include(‘../scripts/checkIP.php’);
?>
The rest of the header.php file has the typical web page’s doctype declaration, the entire HEAD tag, and part of the body tag down to the menu.
This header.php file is itself included in each page on the clients Web site:
[code=php]<?php
$page_title = ‘Student Feedback’;
include(‘includes/header.php’);
?>
<h1>Home Page</h1>
<!– the rest of the page content below… –>
The checkIP script checks the client’s IP address and if it matches certain addresses, then the script sets a session variable and the client is allowed access to the folder without logging in. If the IP address doesn’t match then the client is redirected to login page. This allows me to access the folders from my computers without having to login. Pretty slick, if I may say so myself! :p
Here’s the checkIP script:
[code=php] // Get the client IP address
$ip = $_SERVER[‘REMOTE_ADDR’];
// Set this for testing logins, etc.
//$ip = ‘111.111.111.111’;
// echo ‘Client IP Address: <b>’ . $ip . ‘</b><br />’;
// Get the document’s folder name, which is the project folder for the user’s login
// $currentFolder = substr(dirname($_SERVER[‘PHP_SELF’]),1);
// echo ‘<br />$currentFolder variable is the folder this script is running from.<br />
// It was called by the user and is set to : <b>’ . $currentFolder . ‘</b><br />’;
// For testing/troubleshooting get the session variable being passed to the page
// $originalSessionValue = $_SESSION[‘folder’];
// echo ‘<br />Original session value: <b>’ . $originalSessionValue . ‘</b><br />’;
function CheckIP ($ip) {
if (($ip == ‘209.181.196.25’) || ($ip == ‘71.55.157.61’)) {
// The client IP address is in the list of allowed IPs
return true;
}
else {
return false;
}
}
if (CheckIP($ip)) {
// The function determined that the client IP address is allowed, so we’ll set the session variable to the document’s folder
// Which effectively bypasses having to log in
// echo ‘<br />This is echoed from the “if CheckIP is True” check,<br />
// The IP is allowed, so this block is setting SESSION folder to current folder: <b>’ . $currentFolder . ‘</b><br />’;
$_SESSION[‘folder’] = $currentFolder;
// $sessionFolderAfterIpCheck = $_SESSION[‘folder’];
// echo ‘$sessionFolderAfterIpCheck variable is set to: <b>’ . $sessionFolderAfterIpCheck . ‘</b> after being set to the modified SESSION folder value.<br />’;
}
// Find out if the session variable was changed in the function call from what it was originally
// $sessionFolder = $_SESSION[‘folder’];
// echo ‘<br />SESSION folder value after the “if CheckIP is True” check: <b>’ . $sessionFolder . ‘</b><br />’;
// If the IP address is not allowed, then either the session variable has already been set,
// or the user will be redirected to the login
if (($_SESSION[‘folder’] == ”) || ($_SESSION[‘folder’] != $currentFolder)) {
header(“Location: ../login.php”);
// $sessionFolderInRedirectCheck = $_SESSION[‘folder’];
// echo ‘<br />$sessionFolderInRedirectCheck: <b>’ . $sessionFolderInRedirectCheck . ‘</b><br />’;
// echo ‘<br />SESSION “folder” variable is empty or is not equal to $currentFolder (which would would be populated if
// IP address passed), so redirect to login page.<br />’;
}
It looks like a lot at first glance, but the majority of it is commented out. I’m using the commented code for troubleshooting. The amount of functional code is quite small in the script if you look closely.
As I said before, this checkIP/login setup works great for two existing client folders, but I just added a new client and it’s not working for the new folder. I’m getting these session errors:
[QUOTE]
Warning: session_start() [function.session-start]: Cannot send session cookie – headers already sent by (output started at […]/index.php:1) in […]/includes/header.php on line 2
Warning: session_start() [function.session-start]: Cannot send session cache limiter – headers already sent (output started at […]/index.php:1) in […]/includes/header.php on line 2
Warning: Cannot modify header information – headers already sent by (output started at […]/index.php:1) in […]/scripts/checkIP.php on line 48
I know these messages happen when content is being output to the browser before setting a session (or something like that). I’ve gone over my code a bunch of time trying to find if I’m writing to the browser before the session, but I’m almost positive I’m not (but if not, then why would I be getting those errors?!).
The only difference between the new client and the previous, working client’s setup is the new client just has one web page, so I’m not using any includes except for the session start & checkIP.php include. I’ve event set up the new client’s page so that it was including a separate header page – to mimic the working clients’ setup, but I still got the error messages.
I don’t understand how I can get the errors from the one folder/page, but not from other folder/page paths even though they all call the same script file!
I’d really appreciate it if someone could offer some suggestions on how I can solve this.