Hi,
I'm using cookies and the $_SESSION global variable to create a login system. If visiting this newly enabled HTTPS site and you try to signup or login the content is somehow getting blocked. The signup and login scripts are attached and could hold the problem but I've found the fact that I required another file, AccountLinks.php(Which is the login form and logout link.) in my header file which is presenting the problem. If I comment out the require("AccountLinks.php"); than content is not blocked. I've attached header, AccountLinks, signup, and checkAuthentification(Login) below.
The site is https://www.theatlanticmint.com
header.php
<!DOCTYPE html 5>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link href="css/styleGrid.css" rel="stylesheet" />
<link href="../css/styleGrid.css" rel="stylesheet" />
<script src="js/addEventHandler.js"> </script>
<script src="js/script.js"> </script>
<title>The Atlantic Mint</title>
</head>
<body>
<header>
<span id="heading"><a href="index.php" class="homeLink">The Atlantic Mint</a>
<span id="siteseal"><script async type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=VtwWAF1HXegBhXVgpiNqX5tUMNCN55ELFrrGpiELL5T4Y0TtqLTmuAIG7ADT"></script></span>
<p id="saying">One TAM Digital Coin Is Equivalent To One Troy Ounce Silver</p>
</span>
<?php
if (isset($_SESSION['login']))
{
?>
<div id="splashImage">
<aside id="bear" class="item-one">
<video id="videoDean" controls height="80%" width="100%">
<source src="images/bears1.mp4" type="video/mp4">
Your browser doesn't support the HTML5 video tag.
</video>
<!--<img id="moneyPhoto" src="images/silverCoins.png" />-->
</aside>
</div>
<?php
}
require("php/AccountLinks.php");
?>
</header>
AccountLinks.php
<div id="accountLinks">
<span id="imageCoins"><img id="accountImages" src="../images/coin5.png" /></span>
<P>One TAM Silver In Physical Form</P>
<?php
session_start();
if (isset($_COOKIE['loggedIn']))
{
if (!isset($_SESSION['login']))
{
$_SESSION['login'] = $_COOKIE['loggedIn'];
}
}
if (isset($_SESSION['login']))
{
?>
<div id="accountHyperlinks">
<div id="logoutLink"><a href="php/logout.php" class="accountLink">LOGOUT</a></div>
<?php
echo "<span id=\"YouRLoggedIn\">You are logged in as:</span> <br />" . "<div id='loginResult'>" . $_SESSION['login'] . "</div>";
}
else
{
?>
<!--<a href="authenticate.php" class="accountLink">LOGIN</a><br />-->
<div class="forms">
<form method="post" action="php/checkAuthentification.php" id="loginForm">
<fieldset>
<legend>Please log in:</legend>
<div class="tblRow">
<label for="username">Username:</label>
<input class="frmInput" type="text" name="username" id="username" placeholder="Enter a valid username." required aria-required="true" value="<?php echo isset($_SESSION['signupUser']) ? $_SESSION['signupUser'] : '' ; ?>" /><br />
<!-- <a href="forgotLogin.php" id="usernameRecover" class="smallLinks" name="userRecover">Forgot Username >></a>
--> </div>
<div class="tblRow">
<label for="password">Password:</label>
<input class="frmInput" type="password" name="password" id="password" placeholder="Enter a valid password." required aria-required="true" /><br />
<!-- <a href="forgotLogin.php" id="passwordRecover" class="smallLinks" name="passRecover">Forgot Password >></a>
--> </div>
<div class="tblRow">
<input type="submit" name="login" id="login" value="Login" />
</div>
</fieldset>
</form>
</div>
<a href="php/signup.php" class="accountLink">SIGNUP</a>
</div>
<?php
}
?>
</div>
signup.php
<?php
session_start();
require("header.php");
require('credentials.php');
if (isset($_COOKIE['signedup']))
{
if (!isset($_SESSION['signupUser']))
{
$_SESSION['signupUser'] = $_COOKIE['signedup'];
}
}
if (isset($_SESSION['signupUser']))
{
echo "<div id='loginResult'>You are already signed up as: <br />" . $_SESSION['signupUser'] . ". You may now login.</div>";
}
?>
<a href="authenticate.php" class="accountLink">LOGIN </a>
<?php
if (isset($_POST['btnSignup']))
{
$conn = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME)or die("error with the connection");
$fname = mysqli_real_escape_string($conn, trim($_POST['fname']));
$lname = mysqli_real_escape_string($conn, trim($_POST['lname']));
$date = mysqli_real_escape_string($conn, trim($_POST['date']));
$street = mysqli_real_escape_string($conn, trim($_POST['street']));
$city = mysqli_real_escape_string($conn, trim($_POST['city']));
$state = mysqli_real_escape_string($conn, trim($_POST['state']));
$zip = mysqli_real_escape_string($conn, trim($_POST['zip']));
$email = mysqli_real_escape_string($conn, trim($_POST['email']));
$phone = mysqli_real_escape_string($conn, trim($_POST['phone']));
$username = mysqli_real_escape_string($conn, trim($_POST['username']));
$password = mysqli_real_escape_string($conn, trim($_POST['password']));
$query = "SELECT * FROM users WHERE email = '$email'";
$dataSet = mysqli_query($conn, $query) or die("Error with the signup email query.");
if (mysqli_num_rows($dataSet) === 0)
{
$row = mysqli_fetch_array($dataSet);
$_SESSION['signupUser'] = $username;
setcookie('signedup', 'allready', time() + 36 * 24);
$str = "INSERT INTO users (fname, lname, date, street, city, state, zip, email, phone, username, password) VALUES ('$fname', '$lname', '$date
', '$street', '$city', '$state', '$zip', '$email', '$phone', '$username', sha1('$password'))";
mysqli_query($conn, $str)or die('error with the signup query');
//gather the data
$str2 = "SELECT * FROM users WHERE email = '$email'";
$result = mysqli_query($conn, $str2) or die("Error with the signup email query.");
$row2 = mysqli_fetch_array($result);
echo "<div id=\"registerResults\">";
echo "<h3>Signup Results</h3>";
echo $row2['fname'] . "<br />";
echo $row2['lname'] . "<br />";
echo $row2['date'] . "<br />";
echo $row2['street'] . "<br />";
echo $row2['city'] . "<br />";
echo $row2['state'] . "<br />";
echo $row2['zip'] . "<br />";
echo $row2['email'] . "<br />";
echo $row2['phone'] . "<br />";
echo $row2['username'] . "<br />";
echo $row2['password'] . "<br />";
echo "<p>This user has successfully signed up and can now <a href=\"authenticate.php\" id=\"smLogin\">log in</a></p>";
$hideForm = true;
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/index.php';
header('Location: ' . $home_url);
echo "</div>";
}
else
{
echo '<p class="else">That email already exists. Please use a different email or log in.</p>';
}
}
if (!$hideForm)
{
?>
<section>
<article>
<div id="frmSignup" class="forms">
<fieldset>
<legend>Please Sign Up:</legend>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="frmSignup" id="frmSignup">
<h3 id="contactHeading">Signup Form:</h3>
<div class="frmRow"><label for="fname">First Name:</label><input type="text" id="fname" name="fname" value="<?php echo isset($fname) ? $fname : ''; ?>" placeholder="Enter First Name" autofocus></div>
<div class="frmRow"><label for="lname">Last Name:</label><input type="text" id="lname" name="lname" value="<?php echo isset($lname) ? $lname : ''; ?>" placeholder="Enter Last Name"></div>
<div class="frmRow"><label for="date">Today's Date:</label><input type="datetime" id="date" name="date" value="<?php echo isset($date) ? $date : ''; ?>" placeholder="Enter Today's Date"></div>
<div class="frmRow"><label for="street">Street:</label><input type="text" id="street" name="street" value="<?php echo isset($street) ? $street : ''; ?>" placeholder="Enter Street"></div>
<div class="frmRow"><label for="city">City/Town:</label><input type="text" id="city" name="city" value="<?php echo isset($city) ? $city : ''; ?>" placeholder="Enter City"></div>
<div class="frmRow"><label for="state">State:</label><input type="text" id="state" name="state" value="<?php echo isset($state) ? $state : ''; ?>" placeholder="Enter State" list="states"></div>
<datalist id="states">
<select>
<option value="AL">Alabama</option>
<option value="AK">Alaska</option>
<option value="AZ">Arizona</option>
<option value="AR">Arkansas</option>
<option value="CA">California</option>
<option value="CO">Colorado</option>
<option value="CT">Connecticut</option>
<option value="DE">Delaware</option>
<option value="DC">District Of Columbia</option>
<option value="FL">Florida</option>
<option value="GA">Georgia</option>
<option value="HI">Hawaii</option>
<option value="ID">Idaho</option>
<option value="IL">Illinois</option>
<option value="IN">Indiana</option>
<option value="IA">Iowa</option>
<option value="KS">Kansas</option>
<option value="KY">Kentucky</option>
<option value="LA">Louisiana</option>
<option value="ME">Maine</option>
<option value="MD">Maryland</option>
<option value="MA">Massachusetts</option>
<option value="MI">Michigan</option>
<option value="MN">Minnesota</option>
<option value="MS">Mississippi</option>
<option value="MO">Missouri</option>
<option value="MT">Montana</option>
<option value="NE">Nebraska</option>
<option value="NV">Nevada</option>
<option value="NH">New Hampshire</option>
<option value="NJ">New Jersey</option>
<option value="NM">New Mexico</option>
<option value="NY">New York</option>
<option value="NC">North Carolina</option>
<option value="ND">North Dakota</option>
<option value="OH">Ohio</option>
<option value="OK">Oklahoma</option>
<option value="OR">Oregon</option>
<option value="PA">Pennsylvania</option>
<option value="RI">Rhode Island</option>
<option value="SC">South Carolina</option>
<option value="SD">South Dakota</option>
<option value="TN">Tennessee</option>
<option value="TX">Texas</option>
<option value="UT">Utah</option>
<option value="VT">Vermont</option>
<option value="VA">Virginia</option>
<option value="WA">Washington</option>
<option value="WV">West Virginia</option>
<option value="WI">Wisconsin</option>
<option value="WY">Wyoming</option>
</select>
</datalist>
<div class="frmRow"><label for="zip">Zip Code:</label><input type="text" id="zip" name="zip" value="<?php echo isset($zip) ? $zip : ''; ?>" placeholder="Enter Zip Code"></div>
<div class="frmRow"><label for="email">Email:</label><input type="email" id="email" name="email" placeholder="Enter a valid Email"></div>
<div class="frmRow"><label id="phoneLabel" for="phone">Phone:</label><input type="tel" id="phone" name="phone" aria-required="true" required value="<?php echo isset($phone) ? $phone : ''; ?>" placeholder="Enter Phone Number" /></div>
<div class="frmRow"><label for="username">Username:</label><input type="username" id="username" name="username" placeholder="Enter a valid username" value="<?php echo isset($username) ? $username : ''?>"</div>
<div class="frmRow"><label for="password">Password:</label><input type="password" id="password" name="password" placeholder="Enter a valid password" value="<?php echo isset($password) ? $password : ''?>"</div>
<input type="submit" value="Sign Me Up" id="btnSignup" name="btnSignup">
</form>
</fieldset>
</div>
</article></section>
<?php
}
require('php/footer.php');
?>
and checkAuthentification.php
<?php
session_start();
require("header.php");
require('credentials.php');
if (isset($_POST['login']))
{
$connection = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME)or die('error with the connection');//DBHOST, DBUSER, DBPASS, DBNAME
$user = mysqli_real_escape_string($connection, trim($_POST['username']));
$password = mysqli_real_escape_string($connection, trim($_POST['password']));
$query = "SELECT * FROM users WHERE username = '$user' AND password = sha1('$password')";
$result = mysqli_query($connection, $query)or die('error with the login query');
while ($row = mysqli_fetch_array($result))
{
if ($user == $row['username'] && $password == $row['password'])
{
if (mysqli_num_rows($result) !== 0)
{
setcookie('loggedIn', 'allset', time()+60*60*24*30);
$_SESSION['login'] =
"<br /><span>". " " .
" <div class='resultRows'><span class=\"rowResults\">" . "Username:</span> <span class=\"fields\">" . $row['username'] . "</span></div>" .
" <div class='resultRows'><span class=\"rowResults\">" . "Full Name:</span> <span class=\"fields\">" . $row['fname'] . " " . $row['lname'] . "</span></div>" .
" <div class='resultRows'><span class=\"rowResults\">" . "Street:</span> <span class=\"fields\">" . $row['street']. "</span></div>" .
" <div class='resultRows'><span class=\"rowResults\">" . "City/Town:</span> <span class=\"fields\">" . $row['city'] . "</span></div>".
" <div class='resultRows'><span class=\"rowResults\">" . "State:</span> <span class=\"fields\">" . $row['state'] . "</span></div>" .
" <div class='resultRows'><span class=\"rowResults\">" . "Zip-Code:</span> <span class=\"fields\">" . $row['zip'] . "</span></div>".
" <div class='resultRows'><span class=\"rowResults\">" . "Email:</span> <span class=\"fields\">" . $row['email'] . "</span></div>" .
" <div class='resultRows'><span class=\"rowResults\">" . "Phone:</span> <span class=\"fields\">" . $row['phone'] . "</span></div>".
" <div class='resultRows'><span class=\"rowResults\">" . "Date:</span> <span class=\"fields\">" . $row['date'] . "</span></div>".
"</span>";
echo "<p></p>";
}
else
{
echo "No such record.";
}
}
}
}
//}
if (!isset($_SESSION['login']))
{
?>
<section>
<article>
<div class="forms">
<div id="login">
<h3>Log In:</h3>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="loginForm">
<fieldset>
<legend>Please log in:</legend>
<div class="tblRow">
<label for="username">Username:</label>
<input class="frmInput" type="text" name="username" id="username" placeholder="Enter a valid username." required aria-required="true" value="<?php echo isset($_SESSION['signupUser']) ? $_SESSION['signupUser'] : '' ; ?>" />
</div>
<div class="tblRow">
<label for="password">Password:</label>
<input class="frmInput" type="password" name="password" id="password" placeholder="Enter a valid password." required aria-required="true" />
</div>
<div class="tblRow">
<input type="submit" name="login" id="login" />
</div>
</fieldset>
</form>
</div><!--end login div-->
</div>
</article></section>
<?php
}
else
{
echo "You are now logged in " . $_SESSION['login'];
$home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/index.php';
header('Location: ' . $home_url);
}
?>