Member Avatar for vishalonne

After lots of home work I came here for support and help.
Please see the siteClick Here on home page I have menu Computer Science and sub menu XI which open XICS.php on this page threr are few links. From those links few must work if user already logged in like (Upload, Solved Materials, Forum) else move to login page or show a message "Login Required". Here are code with which I am fighting since 2 days.

Problem is I don't want to hide entire page without login but some specific links should not work. And if come in with login then all links will work.

Right Now with following code if I try to access directly entering the url of page XICS.php Half page is displayed warnings, notices, and finally Fatal Error

Notice: Use of undefined constant HOST - assumed 'HOST' in C:\xampp\htdocs\secure\XICS.php on line 2
Notice: Use of undefined constant USER - assumed 'USER' in C:\xampp\htdocs\secure\XICS.php on line 2
Notice: Use of undefined constant PASSWORD - assumed 'PASSWORD' in C:\xampp\htdocs\secure\XICS.php on line 2
Notice: Use of undefined constant DATABASE - assumed 'DATABASE' in C:\xampp\htdocs\secure\XICS.php on line 2
Warning: mysqli::mysqli() [mysqli.mysqli]: php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2
Warning: mysqli::mysqli() [mysqli.mysqli]: [2002] php_network_getaddresses: getaddrinfo failed: No such host is known. (trying to connect via tcp://HOST:3306) in C:\xampp\htdocs\secure\XICS.php on line 2
Warning: mysqli::mysqli() [mysqli.mysqli]: (HY000/2002): php_network_getaddresses: getaddrinfo failed: No such host is known. in C:\xampp\htdocs\secure\XICS.php on line 2

Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on line 94

XICS.PHP

<?php
  $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
  sec_session_start(); ?>
some other HTML code lines.....

if(login_check($mysqli) == true){ ?>
    <div id="nav" class="image002-03">
     <span id="smalltext" style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
    <ul id="ul1" class="serviceul">
        <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
        <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
        <li class="serviceli"><a href="#">Notes</a></li>
        <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
        <li class="serviceli"><a href="#">Presentations</a></li>
        <li class="serviceli"><a href="#">Uploads</a></li>
        <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
        <li class="serviceli"><a href="forum.php">Forum</a></li>
        <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
  </div>
  <?php
   }
    else{   ?>
  <div id="nav" class="image002-03">
    <span id="smalltext" 
        style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
    <ul id="ul1" class="serviceul">
       <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
       <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
        <li class="serviceli"><a href="#">Notes</a></li>
        <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
        <li class="serviceli"><a href="#">Presentations</a></li>
        <li class="serviceli"><a href="login.php">Uploads</a></li>
        <li class="serviceli"><a href="login.php">Solved Materials</a></li>
        <li class="serviceli"><a href="login.php">Forum</a></li>
        <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
   </div>
  <?php } ?>

process_login.php

<?php
 define("HOST", "localhost"); // The host you want to connect to.
 define("USER", "root"); // The database username.
 define("PASSWORD", ""); // The database password. 
 define("DATABASE", "check1"); // The database name.
 $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
 echo "Process Login";
 include 'functions.php';
 sec_session_start(); // Our custom secure way of starting a php session. 
 if(isset($_POST['email'], $_POST['p'])) { 
 $email = $_POST['email'];
 $password = $_POST['p']; // The hashed password.
    if(login($email, $password, $mysqli) == true)
    {
        // Login success
        include("XICS.php");
     } else {
     // Login failed
     header('Location: ./login.php?error=1');
    }
    } else { 
  // The correct POST variables were not sent to this page.
  echo 'Invalid Request';
}
?>
  • 4 Contributors
  • 34 Replies
  • 519 Views
  • 13 Hours Discussion Span
  • Latest Post Latest Post by diafol
Member Avatar for phorce

On the first line of XICS.php you have this line:

<?php
  $mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);
  sec_session_start(); 
 ?>

Well, you're defining the constant "HOST", "USER", "PASSWORD", "DATABASE" in the file, process_login.php - So it looks, from looking at the code it doesn't know where it is.. So in that case, you need to include CICS.php in the process_login.php..

Alternatively, why not have just a file that connects to the database itself, and, everytime you want to connect to the database, just include/require this file?

You could have a file that JUST has the DATABASE CONNECTION details in and then require it.. Either way, you need a way of making sure the server knows where HOST and other credentials is.

Edited by phorce
Member Avatar for vishalonne

Thank you Phorce for looking into my problem
Yes I am doing same thing creating a dbconnection.php and using it where ever required. But by this also my problem will not solved. Finally all the warnings and notices gone but
FATAL ERROR still standing
Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on line 92
Now delete all php code fromm top and just added on top the NAV just take look into code

<?php
include 'dbconnection.php';
sec_session_start();
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php
}
else{        ?>

<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>

guide me please

Member Avatar for diafol

sec_session_start() is not defined. The usual function is session_start(). Do you have a user-defined function called sec_session_start()?

Member Avatar for vishalonne

YES Here it is -

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}

defined in functions.php and this file is include in process_login.php

Member Avatar for vishalonne

If I include functions.php in XICS.php like this -

<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start();
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">

then again I get these warnings
Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\secure\XICS.php:90) in C:\xampp\htdocs\secure\functions.php on line 13

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in C:\xampp\htdocs\secure\functions.php on line 14

But I can see the links also

Member Avatar for phorce

@vishalonne

In that file, are you including/requring where the function is? For example, you use the function in XICS.php but I can't see where you include "functions.php". Is the function inside dbconnect.php OR a reference to the function?

Member Avatar for vishalonne

Thank you for giving your time
Here is the full code of XICS.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
        <meta name="description" content="Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
        <meta name="keywords" content="cbse cs and ip,11 cbse,11 cbse sample papers," />

        <link href="css/other.css" rel="stylesheet" type="text/css" />  
        <link href="css/other2.css" rel="stylesheet" type="text/css" />
        <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
        <script type="text/javascript" src="csshorizontalmenu.js"></script>
        <script type="text/javascript">
            var _gaq = _gaq || [];
            _gaq.push(['_setAccount', 'UA-34001071-1']);
            _gaq.push(['_trackPageview']);
            (function() {
                var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
                ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
                var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
            })();
        </script>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
    <script type="text/javascript">
     /*$(document).ready(function() {
      $('#ul1 li a').click(function(e) {
       e.preventDefault();
       $('#content').load($(this).attr('href'));
      });
     });*/
     $(function(){
        $('#ul1 li a').on('click', function(e){
            e.preventDefault();
            var page_url=$(this).prop('href');
            $('#content').load(page_url);
        });
    });
    </script>
    <body>
        <div id="main_container">
            <div id="container">
                <div id="banner_container">
                    <div id="login_container">
                        <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
                <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="#">Informatics Practices</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Software</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Register</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                    </ul>
                    <br style="clear: left;" />
               </div>
              </div>   
            </div>
            <div class="panel_container">

   ** <?php
    include 'dbconnection.php';
    include 'functions.php';
    sec_session_start();
    if(login_check($mysqli) == true){ ?>**
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>

    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>
Member Avatar for phorce 
<?php
include "functions.php";
sec_session_start();
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
        <meta name="description" content="Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
        <meta name="keywords" content="cbse cs and ip,11 cbse,11 cbse sample papers," />

        <link href="css/other.css" rel="stylesheet" type="text/css" />  
        <link href="css/other2.css" rel="stylesheet" type="text/css" />
        <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
        <script type="text/javascript" src="csshorizontalmenu.js"></script>
        <script type="text/javascript">
            var _gaq = _gaq || [];
            _gaq.push(['_setAccount', 'UA-34001071-1']);
            _gaq.push(['_trackPageview']);
            (function() {
                var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
                ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
                var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
            })();
        </script>
        <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
    <script type="text/javascript">
     /*$(document).ready(function() {
      $('#ul1 li a').click(function(e) {
       e.preventDefault();
       $('#content').load($(this).attr('href'));
      });
     });*/
     $(function(){
        $('#ul1 li a').on('click', function(e){
            e.preventDefault();
            var page_url=$(this).prop('href');
            $('#content').load(page_url);
        });
    });
    </script>
    <body>
        <div id="main_container">
            <div id="container">
                <div id="banner_container">
                    <div id="login_container">
                        <span class="style1" >Email or Phonee</span>                                    <span class="style1" >Password</span>  <br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
                <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="#">Informatics Practices</a>                        
    <ul>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
    <li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
    </ul>                    
    </li>                    
    <li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Software</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Register</a></li>                    
    <li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                    </ul>
                    <br style="clear: left;" />
               </div>
              </div>   
            </div>
            <div class="panel_container">

   ** <?php
    include 'dbconnection.php';
    if(login_check($mysqli) == true){ ?>**
    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="#">Uploads</a></li>
                <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
                <li class="serviceli"><a href="forum.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php
    }
    else{        ?>

    <div id="nav" class="image002-03">
            <span id="smalltext" 
                style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
            <ul id="ul1" class="serviceul">
                <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
                <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
                <li class="serviceli"><a href="#">Notes</a></li>
                <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
                <li class="serviceli"><a href="#">Presentations</a></li>
                <li class="serviceli"><a href="login.php">Uploads</a></li>
                <li class="serviceli"><a href="login.php">Solved Materials</a></li>
                <li class="serviceli"><a href="login.php">Forum</a></li>
                <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
    </div>
    <?php } ?>

Dunno if that will help; I always initalise sessions before any code, solves problems with headers etc..

Member Avatar for vishalonne

???? What you want to say I can't get it

Member Avatar for phorce

Pardon?

Ok, to me you have included the "functions.php" file and initalised the sessions in the wrong place.. It needs to be delcared at the top of the script, before anything else.. So, the code I posted, should now work?

commented: 3 +2
Member Avatar for Squidge

I thought session_start() had to be the first line before any output?

**Note:

To use cookie-based sessions, session_start() must be called before outputing anything to the browser. **

PHP.net

Member Avatar for vishalonne

Great Superb Fantastic
Thank you
Phorce
This is silly mistake
But you point my sillyness, and rctified it. Thank you. Its working
A personal request can I get your help in future, if you can then how can I contact you.

Member Avatar for vishalonne

OOOOOOOOOOOOFFFFFFFFF....! Now again a new problem
IF I come through proper way means entering valid id and password in it started giving FATAL Error
Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}
Member Avatar for phorce

Are you re-delcaring the function and including "functions.php"?

Please post the script in which you get this problem on.. I don't see the problem in the script you've just posted above..

Member Avatar for vishalonne

this is complete code of process_login.php

<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a php session. 

if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   } else {
      // Login failed
      header('Location: login.php?error=1');
   }
} else { 
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request';
}

?>

And the above function is a small part of functions.php

Member Avatar for vishalonne

I think this error

Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15

is coming due to this liine of function.php

session_regenerate_id(true); // regenerated the session, delete the old one.

entire function is posted in my post no. 109

Member Avatar for vishalonne

Yes somthing I found if I remove include 'function.php' line from XICS.php and try to get XICS.php by login process
then it displays the XICS.php page with these message

Notice: A session had already been started - ignoring session_start() in C:\xampp\htdocs\secure\functions.php on line 13
Notice: Constant HOST already defined in C:\xampp\htdocs\secure\dbconnection.php on line 2
Notice: Constant USER already defined in C:\xampp\htdocs\secure\dbconnection.php on line 3
Notice: Constant PASSWORD already defined in C:\xampp\htdocs\secure\dbconnection.php on line 4
Notice: Constant DATABASE already defined in C:\xampp\htdocs\secure\dbconnection.php on line 5

and if I directly hit the XICS.php url then this is the problem
Fatal error: Call to undefined function sec_session_start() in C:\xampp\htdocs\secure\XICS.php on

Edited by vishalonne
Member Avatar for phorce

Please re-post XICS.php again, with the fixes, exactly how it is with the error :)

Member Avatar for vishalonne

OK

Member Avatar for vishalonne

XICS.php

<?php
include "functions.php";
sec_session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
    <meta name="description" content="Portal For CBSE India, CBSE Guess Sample Questions Papers" />
    <meta name="keywords" content="cbse cs and ip,11 cbse,11 cbse sample papers" />

    <link href="css/other.css" rel="stylesheet" type="text/css" />  
    <link href="css/other2.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
    <script type="text/javascript" src="csshorizontalmenu.js"></script>
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-34001071-1']);
        _gaq.push(['_trackPageview']);
        (function() {
            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    </script>
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
 /*$(document).ready(function() {
  $('#ul1 li a').click(function(e) {
   e.preventDefault();
   $('#content').load($(this).attr('href'));
  });
 });*/
 $(function(){
    $('#ul1 li a').on('click', function(e){
        e.preventDefault();
        var page_url=$(this).prop('href');
        $('#content').load(page_url);
    });
});
</script>
    <style type="text/css">
        .style1
        {
            color: #FFFF99;
        }                        
        .ul
        {
            margin-left: 15px;
        }                        
    </style>
    </head>
<body>
    <div id="main_container">
        <div id="container">
            <div id="banner_container">    
                <div id="login_container>    
                    <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
            <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="#">Informatics Practices</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
<li><a href="http://www.cbsecsnip.in">Software</a></li>                    
<li><a href="http://www.cbsecsnip.in">Register</a></li>                    
<li><a href="http://www.cbsecsnip.in">Get Together</a></li>    
                </ul>    
                <br style="clear: left;" />
            </div>
        </div>   
        </div>
        <div class="panel_container">        
<?php
include 'dbconnection.php';
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="downloads.php">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php
}
else{        ?>

<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php } ?>

    <div class="image002-07">
        Site Map</div>
    <div class="image002-08">
        Advertisement
        </div>
    <div class="image002-09">
        Advertisement</div>
    <div id="content" class="image002-10">
    </div>
    <div class="image002-11">
    Advertisement
        </div>
    <div class="image002-13">
        Footer</div>
      </div>
    </div>

</body>    
</html>

If I try to see this page after login then this is displayed
Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15
And url in address bar is

http://localhost/secure/process_login.php

And if I directly give page URL in address bar

http://localhost/secure/XICS.php

Then every thing work fine till now.

Member Avatar for phorce

Aha, please forgive me.. If everything is working fine when you access XICS.php then the problem isn't there ;) post process_login.php! Apologies :)

Member Avatar for vishalonne

process_login.php

<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start(); // Our custom secure way of starting a php session. 

if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   } else {
      // Login failed
      header('Location: login.php?error=1');
   }
} else { 
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request';
}

?>
Edited by vishalonne
Member Avatar for vishalonne

Dear Phorce
Is it possible to send all files to you so you can test it on your local server.

Member Avatar for diafol

sounds as though you have function sec_session_start() twice in functions.php (lines 5 and 15?)

Member Avatar for vishalonne

No... Diafol
Just see the code in last 2 post actually function.php is include in process_login.php and in process_login.php, XICS.php is included, something happeninh in this chain only.
Here I'm including function.php code for your reference.

<?php
//Secure Session Start Function:Securely start a PHP session.

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}


  //Secure Login Function:
function login($email, $password, $mysqli) {
   // Using prepared Statements means that SQL injection is not possible. 
   if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { 
      $stmt->bind_param('s', $email); // Bind "$email" to parameter.
      $stmt->execute(); // Execute the prepared query.
      $stmt->store_result();
      $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
      $stmt->fetch();
      $password = hash('sha512', $password.$salt); // hash the password with the unique salt.

      if($stmt->num_rows == 1) { // If the user exists
         // We check if the account is locked from too many login attempts
         if(checkbrute($user_id, $mysqli) == true) { 
            // Account is locked
            // Send an email to user saying their account is locked
            return false;
         } else {
         if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
            // Password is correct!

               $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
               $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

               $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
               $_SESSION['user_id'] = $user_id; 
               $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
               $_SESSION['username'] = $username;
               $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser);
               // Login successful.
               return true;    
         } else {
            // Password is not correct
            // We record this attempt in the database
            $now = time();
            $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
            return false;
         }
      }
      } else {
         // No user exists. 
         return false;
      }
   }
}


//Create login_check function:Brute Force Function

function checkbrute($user_id, $mysqli) {
   // Get timestamp of current time
   $now = time();
   // All login attempts are counted from the past 2 hours. 
   $valid_attempts = $now - (2 * 60 * 60); 

   if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts WHERE user_id = ? AND time > '$valid_attempts'")) { 
      $stmt->bind_param('i', $user_id); 
      // Execute the prepared query.
      $stmt->execute();
      $stmt->store_result();
      // If there has been more than 5 failed logins
      if($stmt->num_rows > 5) {
         return true;
      } else {
         return false;
      }
   }
}


//Create login_check function:Check logged in status.

function login_check($mysqli) {
   // Check if all session variables are set
   if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
     $user_id = $_SESSION['user_id'];
     $login_string = $_SESSION['login_string'];
     $username = $_SESSION['username'];
     $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
     $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

     if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { 
        $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
        $stmt->execute(); // Execute the prepared query.
        $stmt->store_result();

        if($stmt->num_rows == 1) { // If the user exists
           $stmt->bind_result($password); // get variables from result.
           $stmt->fetch();
           $login_check = hash('sha512', $password.$ip_address.$user_browser);
           if($login_check == $login_string) {
              // Logged In!!!!
              return true;
           } else {
              // Not logged in
              return false;
           }
        } else {
            // Not logged in
            return false;
        }
     } else {
        // Not logged in
        return false;
     }
   } else {
     // Not logged in
     return false;
   }
}

?>
Member Avatar for diafol

OK, sorry, missed that. Lot of code to peruse. :)

Member Avatar for vishalonne

Thanks for coming back and botheration...! I have made lots of change in between but Issue is same when I logged in with valid id and password I am getting same error fatal error I removed sec_session_start(); from process.php and XICS.php then also it is giving same error.

Fatal error: Cannot redeclare sec_session_start() (previously declared in C:\xampp\htdocs\secure\functions.php:5) in C:\xampp\htdocs\secure\functions.php on line 15

IF possible then please just take a look. And guide me. Now I am posting updated code of all files -
Login.php

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<script type="text/javascript" src="sha512.js"></script>
<script type="text/javascript" src="forms.js"></script>

<script type="text/javascript">
function formhash(form, password) {

   // Create a new element input, this will be out hashed password field.
   var p = document.createElement("input");
   // Add the new element to our form.

   p.name = "p";
   p.type = "hidden"
   p.value = hex_sha512(password.value);
   // Make sure the plaintext password doesn't get sent.
   password.value = "";
   // Finally submit the form.
   form.appendChild(p);
   form.submit();

}
</script>
<?php
if(isset($_GET['error'])) { 
   echo 'Error Logging In!';
}
?>

</head>

<body><form action="process_login.php" method="post" name="login_form">
   Email: <input type="text" name="email" /><br />
   Password: <input type="password" name="password" id="password"/><br />
   <input type="button" value="Login" onclick="formhash(this.form, this.form.password);" />
</form>
</body>
</html>

Process_login.php

<?php
include 'dbconnection.php';
include 'functions.php';
//sec_session_start(); // Our custom secure way of starting a php session. 

if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   } else {
      // Login failed
      header('Location: login.php?error=1');
   }
} else { 
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request';
}

?>

XICS.php

<?php
include "functions.php";
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />    <title>cbse cs n ip - Anything regarding CBSE XI and XII Computer Subjects</title>
    <meta name="description" content="DOWNLOAD LATEST PROJECTS FOR CBSE CLASS XII INFORMATICS PRACTICES and Computer Science,Latest IP NOTES,SAMPLE PAPERS,PRACTICAL & Project FILE OF IP" />
    <meta name="keywords" content="cbse cs and ip,xi science syllabus,xi syllabus,xii cbse syllabus,xii computer science,xii computer science question paper,xii question papers" />

    <link href="css/other.css" rel="stylesheet" type="text/css" />  
    <link href="css/other2.css" rel="stylesheet" type="text/css" />
    <link rel="stylesheet" type="text/css" href="csshorizontalmenu.css" />
    <script type="text/javascript" src="csshorizontalmenu.js"></script>
    <script type="text/javascript">
        var _gaq = _gaq || [];
        _gaq.push(['_setAccount', 'UA-34001071-1']);
        _gaq.push(['_trackPageview']);
        (function() {
            var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
            ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
            var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
        })();
    </script>
    <script src="//ajax.googleapis.com/ajax/libs/jquery/1.7.0/jquery.min.js" type="text/javascript"></script>
<script type="text/javascript">
 /*$(document).ready(function() {
  $('#ul1 li a').click(function(e) {
   e.preventDefault();
   $('#content').load($(this).attr('href'));
  });
 });*/
 $(function(){
    $('#ul1 li a').on('click', function(e){
        e.preventDefault();
        var page_url=$(this).prop('href');
        $('#content').load(page_url);
    });
});
</script>
    <style type="text/css">
        .style1
        {
            color: #FFFF99;
        }
        .ul
        {
            margin-left: 15px;
        }
    </style>
    </head>
<body>
    <div id="main_container">
        <div id="container">
            <div id="banner_container">
                <div id="login_container">
       <span class="style1" >Email or Phonee</span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;                    <span class="style1" >Password</span>&nbsp;&nbsp;<br />                    <input type="text" id="Text1" class="box" />                    <input type="password" id="Password1" class="box" />                    <input id="Submit1" type="submit" value="Log In" /><br />                    <span class="style1" >Forgot your password?</span>                </div>
     <div class="horizontalcssmenu">                <ul id="cssmenu1">                    <li style="border-left: 1px solid #202020;"><a href="http://www.cbsecsnip.in">Home</a></li>                    <li><a href="#">Computer Science</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XICS.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIICS.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="#">Informatics Practices</a>                        
<ul>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIP.php">XI</a></li>                            
<li><a href="http://www.cbsecsnip.in/csnip/XIIIP.php">XII</a></li>                        
</ul>                    
</li>                    
<li><a href="http://www.cbsecsnip.in">Take Test</a></li>                    
<li><a href="http://www.cbsecsnip.in">Software</a></li>                    
<li><a href="http://www.cbsecsnip.in">Register</a></li>                    
<li><a href="http://www.cbsecsnip.in">Get Together</a></li>
                </ul>
                <br style="clear: left;" />
            </div>
          </div>   
        </div>
        <div class="panel_container">

<?php
include 'dbconnection.php';
if(login_check($mysqli) == true){ ?>
<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="#">Uploads</a></li>
            <li class="serviceli"><a href="#">Solved Materials</a></li>
            <li class="serviceli"><a href="forum.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php
}
else{        ?>

<div id="nav" class="image002-03">
        <span id="smalltext" 
            style="bottom: 0px; margin-bottom: 0px; padding-bottom: 0px; font-family: Calibri; font-size: large; text-align: center;">Service Menu</span>
        <ul id="ul1" class="serviceul">
            <li class="serviceli"><a href="unsolvedCSQPXI.php">Unsolved Question Papers</a></li>
            <li class="serviceli"><a href="unsolvedCSSPXI.php">Unsolved Sample Paper</a></li>
            <li class="serviceli"><a href="#">Notes</a></li>
            <li class="serviceli"><a href="prosamCSXI.php">Projects Samples</a></li>
            <li class="serviceli"><a href="#">Presentations</a></li>
            <li class="serviceli"><a href="login.php">Uploads</a></li>
            <li class="serviceli"><a href="login.php">Solved Materials</a></li>
            <li class="serviceli"><a href="login.php">Forum</a></li>
            <li class="serviceli"><a href="#">Live Chat</a></li>        </ul>
</div>
<?php } ?>

    <div class="image002-07">
        Site Map</div>
    <div class="image002-08">
        Advertisement
        </div>
    <div class="image002-09">
        Advertisement</div>
    <div id="content" class="image002-10">
    </div>
    <div class="image002-11">
    Advertisement
        </div>
    <div class="image002-13">
        Footer</div>
      </div>
    </div>    
</body>    
</html>

Functions.php

<?php
//Secure Session Start Function:Securely start a PHP session.

function sec_session_start() {
        $session_name = 'sec_session_id'; // Set a custom session name
        $secure = false; // Set to true if using https.
        $httponly = true; // This stops javascript being able to access the session id. 

        ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies. 
        $cookieParams = session_get_cookie_params(); // Gets current cookies params.
        session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); 
        session_name($session_name); // Sets the session name to the one set above.
        session_start(); // Start the php session
        session_regenerate_id(true); // regenerated the session, delete the old one.     
}


  //Secure Login Function:
function login($email, $password, $mysqli) {
   // Using prepared Statements means that SQL injection is not possible. 
   if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { 
      $stmt->bind_param('s', $email); // Bind "$email" to parameter.
      $stmt->execute(); // Execute the prepared query.
      $stmt->store_result();
      $stmt->bind_result($user_id, $username, $db_password, $salt); // get variables from result.
      $stmt->fetch();
      $password = hash('sha512', $password.$salt); // hash the password with the unique salt.

      if($stmt->num_rows == 1) { // If the user exists
         // We check if the account is locked from too many login attempts
         if(checkbrute($user_id, $mysqli) == true) { 
            // Account is locked
            // Send an email to user saying their account is locked
            return false;
         } else {
         if($db_password == $password) { // Check if the password in the database matches the password the user submitted. 
            // Password is correct!

               $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
               $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

               $user_id = preg_replace("/[^0-9]+/", "", $user_id); // XSS protection as we might print this value
               $_SESSION['user_id'] = $user_id; 
               $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); // XSS protection as we might print this value
               $_SESSION['username'] = $username;
               $_SESSION['login_string'] = hash('sha512', $password.$ip_address.$user_browser);
               // Login successful.
               return true;    
         } else {
            // Password is not correct
            // We record this attempt in the database
            $now = time();
            $mysqli->query("INSERT INTO login_attempts (user_id, time) VALUES ('$user_id', '$now')");
            return false;
         }
      }
      } else {
         // No user exists. 
         return false;
      }
   }
}
//Create login_check function:Check logged in status.

function login_check($mysqli) {
   // Check if all session variables are set
   if(isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) {
     $user_id = $_SESSION['user_id'];
     $login_string = $_SESSION['login_string'];
     $username = $_SESSION['username'];
     $ip_address = $_SERVER['REMOTE_ADDR']; // Get the IP address of the user. 
     $user_browser = $_SERVER['HTTP_USER_AGENT']; // Get the user-agent string of the user.

     if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { 
        $stmt->bind_param('i', $user_id); // Bind "$user_id" to parameter.
        $stmt->execute(); // Execute the prepared query.
        $stmt->store_result();

        if($stmt->num_rows == 1) { // If the user exists
           $stmt->bind_result($password); // get variables from result.
           $stmt->fetch();
           $login_check = hash('sha512', $password.$ip_address.$user_browser);
           if($login_check == $login_string) {
              // Logged In!!!!
              return true;
           } else {
              // Not logged in
              return false;
           }
        } else {
            // Not logged in
            return false;
        }
     } else {
        // Not logged in
        return false;
     }
   } else {
     // Not logged in
     return false;
   }
}

?>
Member Avatar for diafol

AHA!

<?php
include 'dbconnection.php';
include 'functions.php';
//sec_session_start(); // Our custom secure way of starting a php session. 
if(isset($_POST['email']) && isset($_POST['p'])) { 
   $email = $_POST['email'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
      // Login success
      include("XICS.php");
   ...

You include function.php in line 3, but then it's included again when you include XICS.php on line 10. So the server has to deal with declaring the function sec_session_start() twice. This is regardless of wether you call the function.

Edited by diafol
Member Avatar for vishalonne

So what you suggest how can go on the PAge XICS.php where my links are. Or advice what should I do now? Should I remove functions.php from XICS.php

Edited by vishalonne
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.