Jump to content

madson_gr

New Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by madson_gr

    Localhost x Godaddy servers error

    in PHP Coding Help

    Posted

    when I type a code to return me the username at the top to confirm what user is logged in, I get no user/username

     

    this is profile.php

    <?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
 
sec_session_start();

?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Profile</title>

<link rel="stylesheet" type="text/css" href="styles/main.css">
    
<script src="js/valida_cpf_cnpj.js"></script>

</head>

<body>
<div class="main">

<header></header>

<p class="div_evento"> Hello, <?php echo htmlentities($_SESSION['username']); ?>!</p>
	
<div class="content">

<?php if (login_check($mysqli) == true) : ?>


	<form action="reg_profiles.php" method="post" class="registration" enctype="multipart/form-data">
    	<legend>Complete seu cadastro</legend>
        <fieldset>    
        <label>Nome</label><br/>
        <input type="text" name="nome" required /><br/>
        <label>Sobrenome</label><br/>
        <input type="text" name="sobrenome" required /><br/>
        <label>Telefone</label><br/>
        <input type="text" name="telefone" required /><br/>
        <label>Celular/Whatsapp</label><br/>
        <input type="text" name="cel_wts" required /><br/>
        <label>Rua</label><br/>
        <input type="text" name="rua" required /><br/>
        <label>Número</label><br/>
        <input type="text" name="numero" required /><br/>
        <label>Bairro</label><br/>
        <input type="text" name="bairro" required /><br/>
        <label>Cidade</label><br/>
        <input type="text" name="cidade" required /><br/>
        <label>Estado</label><br/>
        <input type="text" name="estado" required /><br/>
        <label>País</label><br/>
        <input type="text" name="pais" required /><br/>
        <label>CPF/CNPJ</label><br/>
        <input type="text" name="cpf_cnpj" onkeypress='mascaraMutuario(this,cpfCnpj)' onblur='clearTimeout()' required /><br/>
        <label>Casa de Eventos</label><br/>
        <input type="text" name="casa" required /><br/>
        <label>Cargo Administrativo</label><br/>
        <input type="text" name="cargo" /><br/>
        
        <input type="submit" name="Enviar" value="Enviar" class="registerBtn" />
        
        </fieldset>
    </form>


    </div> <!--end content-->

<?php else : ?>
	<p>
		<span class="error">You don´t have permission to see this page.</span> Please <a href="index.php">login</a>.
	</p>
<?php endif; ?>

<footer class="footer" id="footer">
	<span class="copyright">©Copyright 2015</span>
	<span class="linkHD">
    	<a href="http://www.habitodigital.com" title="Hábito Digital" target="_blank">www.habitodigital.com</a>
    </span>
	
</footer>


</div> <!--end main-->

</body>
</html>

    functions.php

    <?php
include_once 'psl-config.php';
 
function sec_session_start() {
    $session_name = 'sec_session_id';
    $secure = false;
    // stops JavaScript access.
    $httponly = true;
    // force cookies  
   if (ini_set('session.use_only_cookies', 1) === FALSE) {
        header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
        exit();
    }

    $cookieParams = session_get_cookie_params();
    session_set_cookie_params($cookieParams["lifetime"],
        $cookieParams["path"], 
        $cookieParams["domain"], 
        $secure,
        $httponly);

    session_name($session_name);
    session_start();            // init session 
    session_regenerate_id();    // recover session 
}

function login($email, $password, $mysqli) {
    if ($stmt = $mysqli->prepare("SELECT id, username, password, salt 
        FROM members
       WHERE email = ?
        LIMIT 1")) {
        $stmt->bind_param('s', $email);  // Relaciona  "$email" ao parâmetro.
        $stmt->execute();    // Executa a tarefa estabelecida.
        $stmt->store_result();
  
        $stmt->bind_result($user_id, $username, $db_password, $salt);
        $stmt->fetch();
 
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) { 
 
            if (checkbrute($user_id, $mysqli) == true) {
                return false;
            } else {
                if ($db_password == $password) {
                    // correct passwrd 
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                     
                    $username = preg_replace("/[^a-zA-Z0-9_\-]+/", 
                                                                "", 
                                                                $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', 
                              $password . $user_browser);
                    // login success
                    return true;
                } else {
                    // wrong passw
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)
                                    VALUES ('$user_id', '$now')");
                    return false;
                }
            }
        } else {
            // user does not exist
            return false;
        }
    }
}

function checkbrute($user_id, $mysqli) {
    $now = time();
  
    $valid_attempts = $now - (2 * 60 * 60);
 
    if ($stmt = $mysqli->prepare("SELECT time 
                             FROM login_attempts <code><pre>
                             WHERE user_id = ? 
                            AND time > '$valid_attempts'")) {
        $stmt->bind_param('i', $user_id);
  
        $stmt->execute();
        $stmt->store_result();
  
        if ($stmt->num_rows > 5) {
            return true;
        } else {
            return false;
        }
    }
}

function login_check($mysqli) { 
    if (isset($_SESSION['user_id'], 
                        $_SESSION['username'], 
                        $_SESSION['login_string'])) {
 
        $user_id = $_SESSION['user_id'];
        $login_string = $_SESSION['login_string'];
        $username = $_SESSION['username'];
 
        
        $user_browser = $_SERVER['HTTP_USER_AGENT'];
 
        if ($stmt = $mysqli->prepare("SELECT password 
                                      FROM members 
                                      WHERE id = ? LIMIT 1")) {
            // Atribui "$user_id" ao parâmetro. 
            $stmt->bind_param('i', $user_id);
            $stmt->execute();   // Execute the prepared query.
            $stmt->store_result();
 
            if ($stmt->num_rows == 1) {                 
		$stmt->bind_result($password);
                $stmt->fetch();
                $login_check = hash('sha512', $password . $user_browser);
 
                if ($login_check == $login_string) {
                    // loggin success
                    return true;
                } else {
                    // loggin failed 
                    return false;
                }
            } else {
                // loggin failed 
                return false;
            }
        } else {
            // loggin failed 
            return false;
        }
    } else {
        // loggin failed 
        return false;
    }
}

function esc_url($url) {
 
    if ('' == $url) {
        return $url;
    }
 
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
 
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $url = (string) $url;
 
    $count = 1;
    while ($count) {
        $url = str_replace($strip, '', $url, $count);
    }
 
    $url = str_replace(';//', '://', $url);
 
    $url = htmlentities($url);
 
    $url = str_replace('&', '&', $url);
    $url = str_replace("'", ''', $url);
 
    if ($url[0] !== '/') {
        
        return '';
    } else {
        return $url;
    }
}

?>

    Localhost x Godaddy servers error

    in PHP Coding Help

    Posted

    the most likely causes of the problem with the code is that your file(s) are outputting something to the browser before the session_start() statement (your localhost development system may have a setting turned on that allows the code to work under this condition) or that sessions are not configured correctly on the server.

     

    please post the first few lines of your code showing where and how you added the two lines that i suggested.

     

     

    I tried all files below.that make my register system:

     

    register.php -> register_success.php (include connection, functions and redirect user to log_register.php) ->

    log_register.php (same code of login.php but redirect user to complete his profile through process_login_completereg.php ):

     

    process_login_completereg.php:

    <?php
ini_set("display_errors", "1");
error_reporting(-1);

include_once 'db_connect.php';
include_once 'functions.php';
 
sec_session_start(); 
 
if (isset($_POST['email'], $_POST['p'])) {
    $email = $_POST['email'];
    $password = $_POST['p']; // The hashed password.
 
    if (login($email, $password, $mysqli) == true) {
        // Login com sucesso 
        header('Location: ../profile.php');
    } else {
        // Falha de login 
        header('Location: ../index.php?error=1');
    }
} else {
    echo 'Invalid Request';
}

?>

    after this the user is redirected to profile.php to complete his informations. This is the part where I get the message that "You don't have permission....", asking me to login (again).

    Localhost x Godaddy servers error

    in PHP Coding Help

    Posted

    if you were previously getting the -  Você não está autorizado a acessar essa página, favor fazer o login. message from your code, but now you are getting a http 500 error after adding the two error_reporting/display_error lines, that would indicate that you messed up the php source code somehow and it's likely producing a php syntax error. review where and how you added those two lines of code to make sure the php syntax is not broken.

     

    I did like you said...right after the first <?php ...

    Tried after connection too and I get the same error...

     

    The weird is that I´m not having any problems in my localhost (wamp server).

     

    My php version is 5.5 and godaddy´s version is 5.4...

     

    Is there any conflict?

    Localhost x Godaddy servers error

    in PHP Coding Help

    Posted

     

    you are likely having an error with the session_start(). for debugging purposes, add the following two lines of code immediately after the first opening <?php tag in your main files, i.e. the files that are being requested via a url, and see what sort of php errors there may be - 

    ini_set("display_errors", "1");
error_reporting(-1);

     

     

    I agree...

     

    I just get a 500 (internal server) error page...could not see session errors....Any idea of what changes I could write?

    Localhost x Godaddy servers error

    in PHP Coding Help

    Posted

    Hi, 

     

    I have a login/register system based on this tutorial: http://pt.wikihow.com/Criar-um-Script-de-Login-Seguro-em-PHP-e-MySQL

     

    In my localhost everything works fine. When I uploaded it to godaddy servers, I can register the new user but I cannot login into the users' pages. It looks like password or salt does not match, or after compare login data, it´s telling me the message: You don´t have permission to see this page, please login.  

     

    Do you have any idea of what might be? Godaddy support told me they cannot help. They just fix their own services.

     

    Thanks in advance.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.