Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Login not working (php)

  • 15-05-2007 4:15pm
    #1
    Closed Accounts Posts: 8,866 ✭✭✭


    Hi all,

    I'm rather confused, this has never occurred before, I have a simple login script, which either pops up a javascript alert if there was an error or redirects to the relevant page otherwise. It works perfectly in FF but seems to do nothing in IE6 (and IE 7 I think). In IE the page reloads on clicking the submit button, and nothing else... Can anyone see why?? Here's the script:

    [php]
    <?

    include('db_connect.php');

    //if the login form is submitted
    if (isset($_POST)) {


    $sql="SELECT * FROM users_table WHERE username = \"{$_POST}\"";
    $result=mysql_query($sql) or die(mysql_error());
    $numrows = mysql_num_rows($result);
    $row = mysql_fetch_array($result);



    // makes sure they filled it in
    if(!$_POST | !$_POST) {

    ?>

    <script language="Javascript">
    <!--
    alert ("You did not fill in a required field.")
    //-->
    </script>

    <?

    } else {

    // checks it against the database
    //Gives error if user dosen't exist
    if ($numrows == 0) {

    ?>

    <script language="Javascript">
    <!--
    alert ("That user does not exist in our database.")
    //-->
    </script>

    <?

    } else {

    //gives error if the password is wrong
    if (md5($_POST) != $row) {

    ?>

    <script language="Javascript">
    <!--
    alert ("Incorrect details.")
    //-->
    </script>

    <?

    } else {

    session_register("user_id");
    session_register("user_fname");
    session_register("user_sname");
    session_register("admin");

    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;

    if($_SESSION == '1') {

    header("Location: admin/");
    die();

    } else {

    header("Location: client_home.php");
    die();

    }

    }

    }

    }

    }
    [/php]


    Thanks in advance!


Comments

  • Users Awaiting Email Confirmation Posts: 351 ✭✭ron_darrell


    Just to make sure it isn't a problem with your browser have you tried replacing the php redirect code with javascript redirect code ??
    window.location = "/admin";
    
    window.location = "client_page.php";
    


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Yes, I had been using javascript for both initially and thought that might have had something to do with the problem so I changed them for php headers. Both methods work in FF, neither work in IE, hence my confusion!


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    you make few mistakes there.
    first you check to is if the submit button has been pressed, then you query the database and then you look to see if the fields have any value in them (not blank).
    I will do that before accessing the database.

    Also this
    [php]
    //if(!$_POST | !$_POST) {

    //should be

    if(empty($_POST) || empty($_POST)) {//notice double ||
    [/php]

    I will avoid javascript for this or at least make use of it onsubmit='check form()', then use php to check values.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Ah yeah, the database query was initially down with the numrows check, I moved it up out of the way to try and figure out the problem here.

    The single | was just a typo, but what's the fundamental difference between

    [php]if(!$_POST)[/php]

    and

    [php]if(empty($_POST))[/php]


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    when you query a post like this:
    [php]
    if(empty($_POST)) ...
    [/php]

    it checks the field value > ""

    the long version to that is
    [php]
    if(isset($_POST) && $_POST != "")....
    [/php]

    i wouldn't use
    [php]
    if(!$_POST)
    [/php]
    cause this checks to see if is true or false.
    this type has better use when you return something from a function like:
    [php]
    function check_field($str){
    if(!empty($str)){
    return true;
    }else{
    return false;
    }
    }
    [/php]


  • Advertisement
  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Ok, the code now:

    [php]
    <?

    include('db_connect.php');

    //if the login form is submitted
    if (isset($_POST)) {

    // makes sure they filled it in
    if(empty($_POST) || empty($_POST)) {

    $error="You did not fill in a required field.";

    } else {

    // checks it against the database
    $sql="SELECT * FROM usersWHERE username = \"{$_POST}\"";
    $result=mysql_query($sql) or die(mysql_error());
    $numrows = mysql_num_rows($result);
    $row = mysql_fetch_array($result);
    //Gives error if user dosen't exist
    if ($numrows == 0) {

    $error="That user does not exist in our database.";

    } else {

    //gives error if the password is wrong
    if (md5($_POST) != $row) {

    $error="Incorrect details.";

    } else {

    session_register("user_id");
    session_register("user_fname");
    session_register("user_sname");
    session_register("admin");

    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;

    if($_SESSION == '1') {

    header("Location: admin/");
    die();

    } else {

    header("Location: user_home.php");
    die();

    }

    }

    }

    }

    }
    [/php]

    I can't for the life of me see why this won't work! It's not very different from other login scripts I would have written, which obviously all worked in IE...


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    ok it's a bit too much there and it can be simplified but give this code a go:
    [php]
    <? session_start();
    include('db_connect.php');
    $error = "";//set variable
    //if the login form is submitted
    if (isset($_POST)) {
    // makes sure they filled it in
    if(empty($_POST) || empty($_POST)) {
    $error="You did not fill in a required field.";
    } else {
    $un = trim($_POST);
    $pwd = $_POST;
    // checks it against the database
    $sql="SELECT * FROM users WHERE username = '".addslashes($un)."'";
    $result=mysql_query($sql) or die(mysql_error());
    $numrows = mysql_num_rows($result);
    $row = mysql_fetch_array($result);
    //Gives error if user dosen't exist
    if ($numrows == 0) {
    $error="That user does not exist in our database.";
    } else {
    //gives error if the password is wrong
    if ( strtolower(md5($_POST)) != strtolower($row) ) {
    $error="Incorrect details.";
    } else {
    /*session_register("user_id");
    session_register("user_fname");
    session_register("user_sname");
    session_register("admin");*/
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;

    if($_SESSION == '1') {
    header("Location: admin/");
    die();
    } else {
    header("Location: user_home.php");
    die();
    }

    }

    }

    }

    }
    ?>
    [/php]

    you can also add an echo statement as you go and see where it stops or where the code never gets executed.


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    there is a version that will help you debug your code:
    [php]
    <? session_start();//this needs to be at the top of your page - add // if you already have it
    include('db_connect.php');
    $error = "";//set variable
    //if the login form is submitted
    if (isset($_POST)) {
    echo "we have presed the submit button<br />";
    // makes sure they filled it in
    if(empty($_POST) || empty($_POST)) {
    $error="You did not fill in a required field.";
    echo "$error <br />";
    } else {
    $un = trim($_POST);
    $pwd = $_POST;
    // checks it against the database
    $sql="SELECT * FROM users WHERE username = '".addslashes($un)."'";
    $result=mysql_query($sql) or die(mysql_error());
    $numrows = mysql_num_rows($result);
    $row = mysql_fetch_array($result);
    //Gives error if user dosen't exist
    if ($numrows == 0) {
    $error="That user does not exist in our database.";
    echo "$error <br />";
    } else {
    //gives error if the password is wrong
    if ( strtolower(md5($_POST)) != strtolower($row) ) {
    $error="Incorrect details.";
    echo "$error <br />";
    } else {
    /*session_register("user_id");
    session_register("user_fname");
    session_register("user_sname");
    session_register("admin");*/
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    echo "we have set the sessions <br />";

    if($_SESSION == '1') {
    //header("Location: admin/");
    echo "we are redirecting to admin area <br />";
    die();
    } else {
    //header("Location: user_home.php");
    echo "we are redirecting to user area <br />";
    die();
    }

    }

    }

    }

    }
    if($error != ""){
    echo $error;
    $error = ""; //reset to blank
    }
    ?>
    [/php]


  • Users Awaiting Email Confirmation Posts: 5 declansnowden


    Also just to make sure that you check that the inputted username/passwords are both alphanumerical. You could inject an SQL command through the URL with the current code and mess things up!


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Thanks for the time and effort louie, but unfortunately we have the exact same results! I can't understand it... In IE it's as if I'm just hitting refresh!

    @declansnowden

    I was aware of SQL injection, thanks for the heads up though. Just wish I could figure this out before I beef it up!


  • Advertisement
  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Ok, even this won't work in IE:

    [php]
    if (isset($_POST)) {
    echo "we have presed the submit button<br />";
    }
    [/php]

    Perhaps there is something odd to do with the includes, though I'm pretty sure I've implemented this similarly before...

    As it stands, the login form is in a file called sidebar.php, I like to break up a site so that content which remains the same on each page only exists once. So index.php looks like this:

    [php]
    <?
    include('db_connect.php'); //includes session_start() and db connection, nothing more
    $error = "";//set variable
    //if the login form is submitted
    if (isset($_POST)) {
    echo "we have presed the submit button<br />";
    // makes sure they filled it in
    if(empty($_POST) || empty($_POST)) {
    $error="You did not fill in a required field.";
    echo "$error <br />";
    } else {
    $un = trim($_POST);
    $pwd = $_POST;
    // checks it against the database
    $sql="SELECT * FROM users WHERE username = '".addslashes($un)."'";
    $result=mysql_query($sql) or die(mysql_error());
    $numrows = mysql_num_rows($result);
    $row = mysql_fetch_array($result);
    //Gives error if user dosen't exist
    if ($numrows == 0) {
    $error="That user does not exist in our database.";
    echo "$error <br />";
    } else {
    //gives error if the password is wrong
    if ( strtolower(md5($_POST)) != strtolower($row) ) {
    $error="Incorrect details.";
    echo "$error <br />";
    } else {
    /*session_register("user_id");
    session_register("user_fname");
    session_register("user_sname");
    session_register("admin");*/
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    $_SESSION = $row;
    echo "we have set the sessions <br />";

    if($_SESSION == '1') {
    //header("Location: admin/");
    echo "we are redirecting to admin area <br />";
    die();
    } else {
    //header("Location: user_home.php");
    echo "we are redirecting to user area <br />";
    die();
    }

    }

    }

    }

    }
    if($error != ""){
    echo $error;
    $error = ""; //reset to blank
    }

    $title = 'Home';

    include('header.php');
    include('sidebar.php');

    ?>

    /* THE HTML OF THE BODY IS HERE */

    <?

    include('footer.php');

    ?>
    [/php]

    As I said, the login form is contained in sidebar.php and it's action is index.php. Now I could simply remove the login processing script to a seperate file but would it make a difference?

    EDIT: Ok, answered my own question, it didn't make a difference. I've ported the login processing script to a file named login.php, still no change. In IE the form is submitting to login.php but nothing is happening.

    Further debugging has shown that IE seems to have a problem with the following check:

    [php]if(isset($_POST)) {[/php]

    which is new to me... Thoughts?


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    ok few things you can do to get it sorted.
    1. make sure the form method=post
    2. add a hidden field to the form
    <input type='hidden' name='try_login' id='try_login' value='1' />
    
    3. change your code that looks for submit button to
    [php]
    //if(isset($_POST)) {
    if(isset($_POST) && $_POST == '1') {
    ......................
    [/php]
    4. make sure all your form element has a name and an id name='input' id='input' and the value is the same in both.

    This should work no matter if is on the left, on the login.php page or....

    Let me know.


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    It seems to just be the $_POST value that isn't detected in IE. The hidden input example worked, with a simple echo in the code block to show that, but...

    Ok it seems it's a problem with my submit button! I was using an image, here's the code:

    [php]<input type="image" src="<? echo $prefix; ?>images/login_submit.gif" name="submit" id="submit" value="Login">[/php]

    I just tried using a regular submit button and it worked in IE. So what's so wrong with my submit button??


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    change the form method to get and see what's coming up in the address bar

    you will get some sort of x= and y=
    check for submit=....


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    hmmm, in ff we get:
    login.php?try_login=1&username=&password=&submit.x=28&submit.y=20&submit=Login
    

    and in ie we get:
    login.php?try_login=1&username=&password=&submit.x=19&submit.y=14
    


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    the difference in browsers.
    You'll be better off looking for the hidden field as it is a standard input or change "submit" to "submit.x"


  • Closed Accounts Posts: 8,866 ✭✭✭Adam


    Yeah, I suppose so...

    Thanks for the help anyway!


  • Closed Accounts Posts: 1,200 ✭✭✭louie


    you welcome. If you would have given the facts from the start, it would have been solved long ago.


  • Registered Users, Registered Users 2 Posts: 7,314 ✭✭✭Nietzschean


    also in debugging stuff like this the fastest way in php to see what's going on is just have a phpinfo() in the target page and look at what the variables were that were passed into it....


Advertisement