I have a fire reporting app that I've been working on for a while now, everything works perfectly on my localhost, but when I upload it to the server I keep getting this error:
Warning: session_start(): open(/usr/home/fsufpchbfz/.tmp/sess_5d8ce18ae85247a63f62cbd63bee7f35, O_RDWR) failed: No such file or directory (2) in /usr/www/users/fsufpchbfz/process-login.php on line 2
Warning: session_start(): Failed to read session data: files (path: /usr/home/fsufpchbfz/.tmp) in /usr/www/users/fsufpchbfz/process-login.php on line 2
Warning: session_regenerate_id(): Cannot regenerate session id - session is not active in /usr/www/users/fsufpchbfz/process-login.php on line 70
Warning: Cannot modify header information - headers already sent by (output started at /usr/www/users/fsufpchbfz/process-login.php:2) in /usr/www/users/fsufpchbfz/process-login.php on line 77
This is my code:
<?php
session_start();
require_once("connection/connection.php");
if (mysqli_connect_errno() ) {
// If there is an error with the connection, stop the script and display the error.
exit('Failed to connect to MySQL: ' . mysqli_connect_error());
}
$email = $_POST['loginEmail'];
$password = $_POST['loginPassword'];
$sanitize_email = filter_var($email, FILTER_SANITIZE_EMAIL);
$sanitize_password = filter_var($password, FILTER_SANITIZE_STRING);
if (!isset($sanitize_email, $sanitize_password)) {
// Could not get the data that should have been sent.
header("Location:login.php?login=empty");
exit();
}
if (empty($sanitize_email || $sanitize_password) ) {
// Could not get the data that should have been sent.
header("Location:login.php?login=empty");
exit();
}
if (!empty($sanitize_email || $sanitize_password)) {
if (!filter_var($sanitize_email, FILTER_VALIDATE_EMAIL)) {
header("Location:login.php?login=false");
exit;
}
if (strlen($sanitize_password) > 20 || strlen($sanitize_password) < 5) {
header("Location:login.php?login=false");
exit;
}
if (!preg_match('@[A-Z]@', $sanitize_password) || !preg_match('@[a-z]@', $sanitize_password)) {
header("Location:login.php?login=false");
exit;
}
if (!preg_match('@[0-9]@', $sanitize_password)) {
header("Location:login.php?login=false");
exit;
}
if (!preg_match('@[^\w]@', $sanitize_password)) {
header("Location:login.php?login=false");
exit;
}
}
// Prepare our SQL, preparing the SQL statement will prevent SQL injection.
if ($stmt = $con->prepare('SELECT id, fullname, password, permission FROM accounts WHERE email = ?')) {
// Bind parameters (s = string, i = int, b = blob, etc), in our case the username is a string so we use "s"
$stmt->bind_param('s', $sanitize_email);
$stmt->execute();
// Store the result so we can check if the account exists in the database.
$stmt->store_result();
if ($stmt->num_rows > -1) {
$stmt->bind_result($id, $fullname, $password, $permission);
$stmt->fetch();
// Account exists, now we verify the password.
// Note: remember to use password_hash in your registration file to store the hashed passwords.
if (password_verify($sanitize_password, $password)) {
// Verification success! User has logged-in!
// Create sessions, so we know the user is logged in, they basically act like cookies but remember the data on the server.
session_regenerate_id();
$_SESSION['loggedin'] = TRUE;
$_SESSION['fullname'] = $fullname;
$_SESSION['permission'] = $permission;
$_SESSION['id'] = $id;
if ($_SESSION['permission'] == 'admin') {
header('Location: fire-reporter/fire-reporter-form.php');
}
} else {
header("Location:login.php?login=false");
exit;
}
} else {
header("Location:login.php?login=false");
exit;
}
$stmt->close();
}
?>
I've tried putting the header redirect in an if statement, checking to make sure it was in the right place, etc. I cannot find the problem. No matter what I change the error is always the same.
