php 远程站点上的会话错误,但不是本地的

php session errors on remote site, but not local

我在本地 (lamp) 构建了一个镜像我的远程主机的 Web 环境,LAMP 具有相同版本的 PHP 和 MYSQL。我已按照此处概述的说明... http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL 创建安全登录。这在我的本地网络设置上一直运行良好,但是,一旦我将站点上传到远程服务,我收到以下错误....

Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/...../public_html/rc4/includes/connectuser.php:18) in /home/...../public_html/rc4/includes/funcs_login.php on line 27

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/...../public_html/rc4/includes/connectuser.php:18) in /home/...../public_html/rc4/includes/funcs_login.php on line 27

Warning: session_regenerate_id(): Cannot regenerate session id - headers already sent in /home/...../public_html/rc4/includes/funcs_login.php on line 28

Warning: Cannot modify header information - headers already sent by (output started at /home/...../public_html/rc4/includes/connectuser.php:18) in /home/...../public_html/rc4/includes/process_login.php on line 15

为什么我会在远程主机而不是我自己的设置上收到这些错误?

connectuser.php 页面是...

<?php
/**
 * These are the database login details
 */  
define("HOST", "....");    
define("USER", "....");   
define("PASSWORD", "....");   
define("DATABASE", "....");    

define("CAN_REGISTER", "any");
define("DEFAULT_ROLE", "member");

define("SECURE", FALSE);    // FOR DEVELOPMENT ONLY!!!!

?>

里面连第18行都没有?而 funcs_login.php

<?php

ini_set('display_errors',1); 
 error_reporting(E_ALL);

include_once 'connectuser.php';

function sec_session_start() {
    $session_name = 'sec_session_id';   // Set a custom session name
    $secure = SECURE;
    // This stops JavaScript being able to access the session id.
    $httponly = true;
    // Forces sessions to only use cookies.
    if (ini_set('session.use_only_cookies', 1) === FALSE) {
        header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
        exit();
    }
    // Gets current cookies params.
    $cookieParams = session_get_cookie_params();
    session_set_cookie_params($cookieParams["lifetime"],
        $cookieParams["path"], 
        $cookieParams["domain"], 
        $secure,
        $httponly);
    // Sets the session name to the one set above.
    session_name($session_name);
    session_start();            // Start the PHP session 
    session_regenerate_id(true);    // regenerated the session, delete the old one. 
}

function login($email, $password, $mysqli) {
    // Using prepared statements means that SQL injection is not possible. 
    if ($stmt = $mysqli->prepare("SELECT id, compid, first, last, password, salt 
        FROM members
       WHERE email = ?
        LIMIT 1")) {
        $stmt->bind_param('s', $email);  // Bind "$email" to parameter.
        $stmt->execute();    // Execute the prepared query.
        $stmt->store_result();

        // get variables from result.
        $stmt->bind_result($user_id, $compid, $first, $last, $db_password, $salt);
        $stmt->fetch();

        $username = $first.$last;

        // hash the password with the unique salt.
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) {
            // If the user exists we check if the account is locked
            // from too many login attempts 

            if (checkbrute($user_id, $mysqli) == true) {
                // Account is locked 
                // Send an email to user saying their account is locked
                return false;
            } else {
                // Check if the password in the database matches
                // the password the user submitted.
                if ($db_password == $password) {
                    // Password is correct!
                    // Get the user-agent string of the user.
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    // XSS protection as we might print this value
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                    // XSS protection as we might print this value
                    $username = preg_replace("/[^a-zA-Z0-9_\-]+/", 
                                                                "", 
                                                                $username);
                    $_SESSION['email'] = $email;
                    $_SESSION['compid'] = $compid;
                    $_SESSION['name'] = $first . " " . "$last";
                    $_SESSION['login_string'] = hash('sha512', 
                              $password . $user_browser);

                    $mysqli->query("UPDATE members SET `ison` = '1' WHERE `email` = '$email'");
                    // Login successful.
                    return true;
                } else {
                    // Password is not correct
                    // We record this attempt in the database
                    $now = time();

                    $mysqli->query("INSERT INTO attempts(user_id, time)
                                    VALUES ('$user_id', '$now')");
                    return false;
                }
            }
        } else {
            // No user exists.
            return false;
        }
    }
}

function checkbrute($user_id, $mysqli) {
    // Get timestamp of current time 
    $now = time();

    // All login attempts are counted from the past 2 hours. 
    $valid_attempts = $now - (2 * 60 * 60);

    if ($stmt = $mysqli->prepare("SELECT time 
                             FROM login_attempts 
                             WHERE user_id = ? 
                            AND time > '$valid_attempts'")) {
        $stmt->bind_param('i', $user_id);

        // Execute the prepared query. 
        $stmt->execute();
        $stmt->store_result();

        // If there have been more than 5 failed logins 
        if ($stmt->num_rows > 5) {
            return true;
        } else {
            return false;
        }
    }
}

function login_check($mysqli) {
    // Check if all session variables are set 
    if (isset($_SESSION['user_id'], 
                        $_SESSION['login_string'])) {

        $user_id = $_SESSION['user_id'];
        $login_string = $_SESSION['login_string'];

        // Get the user-agent string of the user.
        $user_browser = $_SERVER['HTTP_USER_AGENT'];

        if ($stmt = $mysqli->prepare("SELECT password 
                                      FROM members 
                                      WHERE id = ? LIMIT 1")) {
            // Bind "$user_id" to parameter. 
            $stmt->bind_param('i', $user_id);
            $stmt->execute();   // Execute the prepared query.
            $stmt->store_result();

            if ($stmt->num_rows == 1) {
                // If the user exists get variables from result.
                $stmt->bind_result($password);
                $stmt->fetch();
                $login_check = hash('sha512', $password . $user_browser);

                if ($login_check == $login_string) {
                    // Logged In!!!! 
                    return true;
                } else {
                    // Not logged in 
                    return false;
                }
            } else {
                // Not logged in 
                return false;
            }
        } else {
            // Not logged in 
            return false;
        }
    } else {
        // Not logged in 
        return false;
    }
}

function esc_url($url) {

    if ('' == $url) {
        return $url;
    }

    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\x80-\xff]|i', '', $url);

    $strip = array('%0d', '%0a', '%0D', '%0A');
    $url = (string) $url;

    $count = 1;
    while ($count) {
        $url = str_replace($strip, '', $url, $count);
    }

    $url = str_replace(';//', '://', $url);

    $url = htmlentities($url);

    $url = str_replace('&amp;', '&#038;', $url);
    $url = str_replace("'", '&#039;', $url);

    if ($url[0] !== '/') {
        // We're only interested in relative links from $_SERVER['PHP_SELF']
        return '';
    } else {
        return $url;
    }
}

这些是警告,不是错误。 您的本地设置可能处于不同的错误设置中。 完全隐藏警告或错误。

参见:http://php.net/manual/en/errorfunc.configuration.php#ini.error-reporting

至于错误本身,headers already sent 意味着在会话开始之前发送了一个字符(可能是 space)。 检查代码中 ?> 标签后的 spaces/characters、session_start() 前的回显和 php 标签前的字符。