grahamgr3 Posted April 13, 2014 Share Posted April 13, 2014 Here is the problem I have been having. I have tried numerous things to resolve it. Nothing seems to work. I have my login script from this book and I put it on a live domain to test it. And I can login fine with Internet explorer and Safari. But with Chrome and Firefox. It always fails to log me in on the first attempt, it takes 2 or sometimes 3 attempts. I am thinking of using the code from this book to build a website but I am completely clueless as to why it is doing this. I have triple-checked my code and it is like in the book. Could it be my SQL table that has a problem. I tested the query in phpmyadmin in the SQL form, and it always returns the user_id. When I try to login the page kind of jumps and it redirects me to index.php without logging me in. I have been at this for 3 days, any help would be HIGHLY appreciated. Link to comment Share on other sites More sharing options...
HartleySan Posted April 13, 2014 Share Posted April 13, 2014 The browser you use has no connection to back-end code, which is browser-agnostic. I seem to recall you bringing up this issue in another thread the other day, and you never really did answer the questions that me and Larry had. Did you trying running the queries directly on the DB? Did you turn error reporting on? What steps have you taken to pinpoint the problem? Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 13, 2014 Author Share Posted April 13, 2014 Yes I ran the queries directly in phpmyadmin, in the SQL query box I typed out the query several times in a row and each time it returns the userid like it should. Yes I turned error reporting on. I also put echo statements on my index page to see if the $_session variable was set, it doesn't get set the first time around, it takes on the second or third attempt. I have tried numerous things like flushing my dns, and clearing my cache and cookies. Those are the steps I have taken, I don't know what else to do. I have sincerely been trying VERY hard to make this code work, I did my best to do what you and Larry suggested, but I am a beginner. Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 13, 2014 Author Share Posted April 13, 2014 does anybody know what could be causing this Link to comment Share on other sites More sharing options...
HartleySan Posted April 14, 2014 Share Posted April 14, 2014 Please show us the relevant parts of your code. Thanks. Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 Here is the relevant part of my code like you asked. if ($e && $p){ $q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1){ $_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; ob_end_clean(); header("Location: $url"); exit(); Link to comment Share on other sites More sharing options...
HartleySan Posted April 14, 2014 Share Posted April 14, 2014 Where's the session_start function? Link to comment Share on other sites More sharing options...
Antonio Conte Posted April 14, 2014 Share Posted April 14, 2014 Assign values to the super globals by key. I.e $_SESSION['user'] = $var. you also need to call session_start() before the session is available. Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 Hi Well you said to post the relevant part of my code, so that is why I only gave you the snippet of code. Here is my whole login.php page. The session_start() is in the header.html included file. <?php include ('includes/header.html'); include ('includes/config.inc.php'); $page_title = 'Login'; if ($_SERVER['REQUEST_METHOD'] == 'POST'){ require (MYSQL); $trimmed = array_map('trim', $_POST); if (!empty($trimmed['Email']) && filter_var($trimmed['Email'], FILTER_VALIDATE_EMAIL, FILTER_SANITIZE_EMAIL)){ $e = mysqli_real_escape_string($dbc, $_POST['Email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address, or the email you entered is invalid.</p>'; } if (!empty($trimmed['Pass']) && (preg_match ('/^\w{4,20}$/', $trimmed['Pass']))){ $p = mysqli_real_escape_string($dbc, $_POST['Pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password, or the password you entered is invalid.</p>'; } if ($e && $p){ $q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1){ $_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; ob_end_clean(); header("Location: $url"); exit(); } else { echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } //end of submit conditional ?> <div class="text"> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email: <input type="text" name="Email" size="20" maxlength="60" value="<?php if(isset($trimmed['Email']))echo $trimmed['Email']; ?>"/></b></p> <p><b>Password: <input type="password" name="Pass" size="20" maxlength="20" value="<?php if(isset($trimmed['Email']))echo $trimmed['Email']; ?>"/></b></p> <input type="submit" name="submit" value="Login!" /> </fieldset> </form> </div> <? include ('includes/footer.html'); ?> Link to comment Share on other sites More sharing options...
HartleySan Posted April 14, 2014 Share Posted April 14, 2014 Copy and paste the following three lines of code into various spots in your script to see what the $_SESSION superglobal is set to at those points: echo '<pre>'; print_r($_SESSION); echo '</pre>'; From there, you can hopefully debug everything. Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 Ok I did that, the result is that I try to login and it fails the first time and it prints this out on my index.php page Array () I placed the code you gave me twice on my login.php page and once on my index.php page. After trying to login 2 or 3 times it succeeds and then it prints this out. Array([userID] => 268[Fname] => Graham) Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 I am including my header.html file, maybe the problem is in there. <?php ob_start(); session_start(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script> <link rel="stylesheet" type="text/css" href="css/styles.css" /> <title><?php if (isset($page_title)) echo $page_title; ?></title> <meta name="description" content="<?php if (isset($description)){ echo $description; }?>"> <meta name="keywords" content="<?php if (isset($keywords)){echo $keywords; }?>"> <script type="text/javascript"> $(document).ready(function(){ $("#menu li").hover(function(){ $(this).children(":hidden").slideDown(); },function(){ $(this).parent().find("ul").slideUp(); }); }); </script> </head> <body> <div id="container"> <div id="logo"> <img src="images/invisible.jpg" border="0" alt="Invisible"> </div> <div id="menu"> <ul> <li><a href="http://www.invisible.com">Home</a></li> <li><a href="#">About</a> <ul> <li class="sub"><a href="how_it_works.php">How It Works</a></li> <li class="sub"><a href="link_placement.php">Link Placement</a></li> <li class="sub"><a href="verifying_your_links.php">Verifying Links</a></li> <li class="sub"><a href="link_partners.php">Link Partners</a></li> <li class="sub"><a href="terms.php">Terms and Conditions</a></li> </ul> </li> <li><a href="#">Account Management</a> <ul> <?php if (isset($_SESSION['UserID'])){ echo '<li class="sub"><a href="logout.php">Logout</a></li>'; echo '<li class="sub"><a href="add_url.php?id=' . $_SESSION['UserID'] . '">Add Your Url</a></li>'; echo '<li class="sub"><a href="directory.php">Directory of Sites</a></li>'; echo '<li class="sub"><a href="view_sites.php?id=' . $_SESSION['UserID'] . '">View/Edit Urls</a></li>'; echo '<li class="sub"><a href="edit_account.php?id=' . $_SESSION['UserID'] . '">Edit Account</a></li>'; echo '<li class="sub"><a href="change_password.php">Change Password</a></li>'; } else { echo '<li class="sub"><a href="login.php">Login</a></li>'; echo '<li class="sub"><a href="register.php">Register</a></li>'; } ?> <li class="sub"><a href="forgot_password.php">Forgot Password</a></li> </ul> </li> <li><a href="register.php">Register</a></li> <li><a href="contact.php">Contact Us</a></li> </ul> <div align="center" id="sidebar"> <?php include('includes/ads.php'); ?> </div> </div> Link to comment Share on other sites More sharing options...
HartleySan Posted April 14, 2014 Share Posted April 14, 2014 Does the login.php script you're submitting the form to redirect the user back to the page above upon a successful (or failed) login? Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 When there is a failed login attempt it redirects the user to index.php. The page kind of jumps when the redirect happens, it looks peculiar, not a normal redirect. When there is a successful login the user is also redirected to index.php, but this time without the page kind of jumping. Link to comment Share on other sites More sharing options...
HartleySan Posted April 14, 2014 Share Posted April 14, 2014 Well, I can tell you for sure that the first time someone logs in, the $_SESSION variable is not being properly set. That's the only explanation. I would guess that the issue is in login.php, but I can't say for sure. I'd maybe temporarily remove the redirect from the login.php script, post to it, and then use the three lines of code I recommended above to check the status of the $_SESSION variable throughout the script. Hopefully, you can get it from there. Link to comment Share on other sites More sharing options...
Larry Posted April 14, 2014 Share Posted April 14, 2014 Is the URL in the browser changing at all, like from http to https or www.something.com to just something.com? Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 Hi, Yes the url changes after the login attempt. If I type thisistheurl.com in the browser and login the page jumps and redirects to www.thisistheurl.com with a successful login. I tried modifying the BASEURL to http://thisistheurl.com. And now if I type thisistheurl.com in the browser and login, it always works on the first attempt. But if I type www.thisistheurl.com it doesn't work. How can I fix this so it works either way. Link to comment Share on other sites More sharing options...
Larry Posted April 14, 2014 Share Posted April 14, 2014 That's your problem then. The cookie isn't being maintained from thisistheurl.com to www.thisistheurl.com or vice versa. Now you need to figure out what your server or code is doing that it keeps changing the URL. Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 To solve the problem I had to add some code to my .htaccess file. The base url I am using to redirect users to my index.php page when they login is http://www.thisistheurl.com . When users type variations of this to get to my site before logging in, my login script doesn't work correctly on Chrome and Firefox. The code I had to add forces the url to change to www.thisistheurl.com even if someone gets to the website by typing in http://thisistheurl.com or thisistheurl.com. The code I had to add was #Force www: RewriteEngine on RewriteCond %{HTTP_HOST} ^exampleurl.com [NC] RewriteRule ^(.*)$ http://www.exampleurl.com/$1 [L,R=301,NC] Without this code my login script doesn't work correctly. My login.php script is pretty much copied out of this book. I am hoping that this post is helpful to others who build a live site with the code that is provided in the book. Thanks to the Admin Administrators who helped me solve this, without your help I don't think I would of been able. thank you Link to comment Share on other sites More sharing options...
Larry Posted April 14, 2014 Share Posted April 14, 2014 That would makes sense. Thanks for sharing what you learned. Link to comment Share on other sites More sharing options...
grahamgr3 Posted April 14, 2014 Author Share Posted April 14, 2014 I also just learned that you can type define('BASE_URL', "http://".$_SERVER['HTTP_HOST'].'/'); as the base url and that short bit of code can replace having to put extra code in your .htaccess file. Link to comment Share on other sites More sharing options...
Recommended Posts