DScarlatella Posted August 27, 2008 Share Posted August 27, 2008 Hello, hopefully you can help me with this problem I'm having. All of my pages use essentially the same login/out code so the user can log in no matter what page they are on. When they insert bad information, the page just reloads with a message that the information that their was a login error. If the user is accepted then a message displays their name and tells them they are logged in. I wanted to make it so the login wasn't something that took you away from what you were looking at and for the most part this works. However, when pages that I upload (the php files) are larger then 12KB the login part no longer works. Example: Working page has 12KB I can login fine Change the working page to make it 13KB, it no longer works Non-working page has 13KB, login doesn't work Take out text on the page to make it less then 12KB nonworking page now works I'm not exactly sure why this is happening. I called up my hosting company (IIS) and they told me that it had to be a coding error. Here is the php code I am using on every page. (only changes are redirect urls depending on which section it is) <?php require_once('Connections/connttc.php'); ?> <?php if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']); } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } ?> <?php // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session variables $_SESSION['MM_Username'] = NULL; $_SESSION['MM_UserGroup'] = NULL; $_SESSION['PrevUrl'] = NULL; unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); unset($_SESSION['PrevUrl']); $logoutGoTo = "index.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; } } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['pwd']; $MM_fldUserAuthorization = "access_level"; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginfail.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_connttc, $connttc); $LoginRS__query=sprintf("SELECT username, pwd, access_level FROM ttc_users WHERE username=%s AND pwd=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $connttc) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'access_level'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess); } else { $message = "Login error. Please try again.<br />"; /*header("Location: ". $MM_redirectLoginFailed );*/ } } $colname_getName = "-1"; if (isset($_SESSION['MM_Username'])) { $colname_getName = $_SESSION['MM_Username']; } mysql_select_db($database_connttc, $connttc); $query_getName = sprintf("SELECT first_name, family_name FROM ttc_users WHERE username = %s", GetSQLValueString($colname_getName, "text")); $getName = mysql_query($query_getName, $connttc) or die(mysql_error()); $row_getName = mysql_fetch_assoc($getName); $totalRows_getName = mysql_num_rows($getName); $_SESSION['first_name'] = $row_getName['first_name']; $_SESSION['family_name'] = $row_getName['family_name']; ?> Just one more note. If the user logs in on any other page (one that's smaller then 12KB php file size) they stay logged in. Also if the login information is incorrect it still displays the error. However when the page is larger it will simply appear to reload like nothing happened. Let me know if you have any suggestions or advice. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 27, 2008 Share Posted August 27, 2008 When the post_max_size setting is exceeded the $_POST array is empty. Create a .php script with a phpinfo(); statement and browse to this file. Find the line showing what post_max_size is and post exactly what it shows. Either it has been deliberately set to a small value or a syntax error in the value has caused it to be treated as a small value. Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 My php.ini currently says it has a post_max_size of 8M. *Edit* Just tried changing this to 50M to see if it would resolve my problem. The phpinfo reported the change, but the behavior remained the same. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 27, 2008 Share Posted August 27, 2008 After re-reading your first post, I suspect the file is being cut off or corrupted during the up load to the server. Download the file to a different name and see if it is complete and matches exactly the source file. Also, check the web server error log file to see if any php generated errors are occurring. Is the php code you posted a working file (smaller than 12kb size) or a non-working file? If that is just the login portion, we would need to see the whole actual code to be able to provide any assistance with what your code is specifically doing or not doing. I'm going to take a guess that you are exceeding the available memory and getting a runtime error. Add the following lines immediately after your first opening <?php tag - ini_set ("display_errors", "1"); error_reporting(E_ALL); Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 Here is a line where the page in question is accepting a post command: 208.55.254.110 - ttcdas [27/Aug/2008:15:29:39 +0000] "POST /ttc_redesign/products/index.php HTTP/1.1" 302 1198 "http://207.56.112.30/ttc_redesign/products/index.php" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.15) Gecko/20080623 Firefox/2.0.0.15" and here is this pages code. <?php require_once('../Connections/connttc.php'); if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']); } if (!function_exists("GetSQLValueString")) { function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") { $theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue; $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) { case "text": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "long": case "int": $theValue = ($theValue != "") ? intval($theValue) : "NULL"; break; case "double": $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL"; break; case "date": $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL"; break; case "defined": $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue; break; } return $theValue; } } // *** Validate request to login to this site. if (!isset($_SESSION)) { session_start(); } $loginFormAction = $_SERVER['PHP_SELF']; if (isset($_GET['accesscheck'])) { $_SESSION['PrevUrl'] = $_GET['accesscheck']; } if (isset($_POST['username'])) { $loginUsername=$_POST['username']; $password=$_POST['pwd']; $MM_fldUserAuthorization = "access_level"; $MM_redirectLoginSuccess = "index.php"; $MM_redirectLoginFailed = "loginfail.php"; $MM_redirecttoReferrer = false; mysql_select_db($database_connttc, $connttc); $LoginRS__query=sprintf("SELECT username, pwd, access_level FROM ttc_users WHERE username=%s AND pwd=%s", GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text")); $LoginRS = mysql_query($LoginRS__query, $connttc) or die(mysql_error()); $loginFoundUser = mysql_num_rows($LoginRS); if ($loginFoundUser) { $loginStrGroup = mysql_result($LoginRS,0,'access_level'); //declare two session variables and assign them $_SESSION['MM_Username'] = $loginUsername; $_SESSION['MM_UserGroup'] = $loginStrGroup; if (isset($_SESSION['PrevUrl']) && false) { $MM_redirectLoginSuccess = $_SESSION['PrevUrl']; } header("Location: " . $MM_redirectLoginSuccess); } else { $message = "Login error. Please try again.<br />"; /*header("Location: ". $MM_redirectLoginFailed );*/ } } // ** Logout the current user. ** $logoutAction = $_SERVER['PHP_SELF']."?doLogout=true"; if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){ $logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']); } if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){ //to fully log out a visitor we need to clear the session variables $_SESSION['MM_Username'] = NULL; $_SESSION['MM_UserGroup'] = NULL; $_SESSION['PrevUrl'] = NULL; unset($_SESSION['MM_Username']); unset($_SESSION['MM_UserGroup']); unset($_SESSION['PrevUrl']); $logoutGoTo = "index.php"; if ($logoutGoTo) { header("Location: $logoutGoTo"); exit; } } $colname_getName = "-1"; if (isset($_SESSION['MM_Username'])) { $colname_getName = $_SESSION['MM_Username']; } mysql_select_db($database_connttc, $connttc); $query_getName = sprintf("SELECT first_name, family_name FROM ttc_users WHERE username = %s", GetSQLValueString($colname_getName, "text")); $getName = mysql_query($query_getName, $connttc) or die(mysql_error()); $row_getName = mysql_fetch_assoc($getName); $totalRows_getName = mysql_num_rows($getName); $_SESSION['first_name'] = $row_getName['first_name']; $_SESSION['family_name'] = $row_getName['family_name']; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <title>Teletronics Technology Corporation's Product Families</title> <!--[if IE 5]> <style type="text/css"> /* place css box model fixes for IE 5* in this conditional comment */ .twoColFixLtHdr #sidebar1 { width: 230px; } </style> <![endif]--> <!--[if IE]> <style type="text/css"> /* place css fixes for all versions of IE in this conditional comment */ .twoColFixLtHdr #sidebar1 { padding-top: 30px; } .twoColFixLtHdr #mainContent { zoom: 1; } /* the above proprietary zoom property gives IE the hasLayout it needs to avoid several bugs */ </style> <![endif]--> <link href="../css/test/layout.css" rel="stylesheet" type="text/css" media="screen" /> <script src="../Scripts/AC_RunActiveContent.js" type="text/javascript"></script> <script src="../Scripts/swffix_modified.js" type="text/javascript"></script> <link href="../css/products.css" rel="stylesheet" type="text/css" media="screen" /> <link href="../css/_print_about.css" rel="stylesheet" type="text/css" media="print" /> </head> <body class="twoColFixLtHdr"> <div id="container"> <div id="header"> <div id="logo"><h1><a href="../index.php">Teletronics Technology Corporation</a></h1></div> <div id="header_navigation"> <form method="post" action="../future_search.php"><div id="nav_images"> <input type="image" src="../images/test/header_search.jpg" alt="submit button" /> <a href="../sitemap.php"><img src="../images/test/header_sitemap.jpg" border="0" alt="sitemap navigation button" /></a></div><input name="textfield" type="text" id="textfield" size="21" style="line-height:22px;"/> </form> </div> </div> <div id="cap"></div> <div id="mainContent"> <div id="sidebar1"> <div id="navigation"> <ul><li><a href="../index.php" class="corporate">HOME</a></li><li><a href="../corporate/about_TTC/index.php" class="corporate">ABOUT TTC</a></li><li><a href="index.php" class="corporate">PRODUCTS</a></li><li><a href="daus_encoders/index.php" class="dau"> DAUs & Encoders</a></li><li><a href="rec_mux/index.php" class="recMux"> Recorders & Mux</a></li><li><a href="network_products/index.php" class="netProd"> Network Products</a></li><li><a href="rf_products/index.php" class="rfWir"> RF Products</a></li><li><a href="rf_networks/index.php" class="rfNet"> RF Networks</a></li><li><a href="ground/index.php" class="ground"> Ground Systems</a></li><li><a href="../corporate/solutions/index.php" class="corporate">SOLUTIONS</a></li><li><a href="../corporate/newsroom/index.php" class="corporate">NEWSROOM</a></li><li><a href="../corporate/careers/index.php" class="corporate">CAREERS</a></li><li><a href="../corporate/sales/index.php" class="corporate">SALES</a></li><li><a href="../corporate/support/index.php" class="corporate">SUPPORT</a></li><li><a href="../corporate/contact/index.php" class="corporate">CONTACT</a></li></ul> </div> <div id="login"> <?php if (($_SESSION['MM_UserGroup'] == 'admin') || ($_SESSION['MM_UserGroup'] == 'employee') || ($_SESSION['MM_UserGroup'] == 'member')) { ?> <p class="login_error">Hello <span class="username"><?php echo $row_getName['first_name']; ?></span>, you are logged in.<br /> <br /> When finished please remember to <a href="<?php echo $logoutAction ?>">Log out</a></p> <?php } else { ?> <?php if (!empty($message)) { echo "<p class=\"login_error\">" . $message . "</p>"; } ?> <form id="form1" name="form1" method="post" action="<?php echo $loginFormAction; ?>"> <p><strong class="login">Username:</strong> <input name="username" type="text" id="username" size="15" /> </p> <p><strong class="login">Password:</strong> <input name="pwd" type="password" id="pwd" size="15" /> </p> <p> <input type="submit" name="doLogin" id="doLogin" value="Log in" /> </p> </form> <p class="login_error">Not yet registered?<br /> <a href="../users/register_user.php">Click Here</a></p> <?php } ?> </div> </div> <div id="test_wrapper"> <div id="content"> <div id="topline"><h1>TELETRONICS PRODUCT FAMILIES</h1></div> <div id="text_goes_here"> <p>TTC offers a range of products including data acquisition systems (bussed and networked), signal conditioners, data encoders, high-speed data multiplexers, solid-state & hard drive data recorders, instrumentation power systems, fiber optic-based avionics bus monitors, telemetry products, ground support products, avionics display and control units, and commercial communications equipment. <br /> <br /> A number of these solutions are available in miniaturized versions for space-limited applications, and highly ruggedized and sealed packaging options are also available.</p> <br /> <div> <p> <object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="420" height="300" id="FlashID" title="Product Categories Navigation"> <param name="movie" value="../images/resources/navtest.swf" /> <!-- Next object tag is for non-IE browsers. So hide it from IE using IECC. --> <!--[if !IE]>--> <object type="application/x-shockwave-flash" data="../images/resources/navtest.swf" width="420" height="300"> <!--<![endif]--> <param name="quality" value="high" /> <param name="wmode" value="opaque" /> <param name="swfversion" value="9.0.45.0" /> <!-- This param tag prompts users with Flash Player 6.0 r65 and higher to download the latest version of Flash Player. Delete it if you don’t want users to see the prompt. --> <param name="expressinstall" value="../Scripts/expressInstall.swf" /> <!-- The browser displays the following alternative content for users with Flash Player 6.0 and older. --> <div> <h4>Content on this page requires a newer version of Adobe Flash Player.</h4> <p><a href="http://www.adobe.com/go/getflashplayer"><img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" width="112" height="33" /></a></p> </div> <!--[if !IE]>--> </object> <!--<![endif]--> </object> <br /> </p> </div> </div> </div><div id="special_features"> <div id="featured_image"></div> <div id="featured_box"><h2><a href="../products/network_products/featured_nrec4000.php">nREC-4000</a></h2> <em>Airborne Network Flight Recorder</em><br /> <br /> <h2><a href="../products/ground/featured_gsu2020.php">GSU-2020</a></h2> <em>Ground Station Unit</em><br /><br /> <div class="view_more"><a href="../corporate/featured_items/future_featured.php">view more</a></div> </div> <div id="events_image"></div> <div id="events_box"><h2><a href="../corporate/newsroom/events.php#AUVSI">AUVSI</a></h2> <em>June 10-12, 2008</em><br /> <br /> <h2><a href="../corporate/newsroom/events.php#ITC">ITC</a></h2> <em>October 27-30, 2008</em><br /><br /> <div class="view_more"><a href="../corporate/newsroom/events.php">view more</a></div> </div> <div id="downloads_image"></div> <div id="downloads_box"><h2><a href="../corporate/newsroom/marketing_brochures/AboutTTC_brochure.pdf" target="_blank">About Teletronics Technology Corporation</a></h2> <em>Marketing Brochure</em><br /> <br /> <h2><a href="../corporate/featured_items/as9100b.pdf" target="_blank">AS9100B</a></h2> <span class="Side_Description">Kema Certificate</span><br /><br /> <div class="view_more"><a href="../corporate/featured_items/downloads.php">view more</a></div> </div> </div> </div> <br class="clearfloat" /> <!-- end #mainContent --> </div> <!-- This clearing element should immediately follow the #mainContent div in order to force the #container div to contain all child floats --> <div id="footer"> <br /> <h2>©2008 Teletronics Technology Corporation • 15 Terry Drive, Newtown PA, 18940 • 267.352.2020 phone • 267.352.2021 fax</h2><br /> <!-- end #footer --></div> <!-- end #container --></div> <script type="text/javascript"> <!-- SWFFix.registerObject("FlashID"); //--> </script> </body> </html> to test the code you can use a dummy membership: Username: jackblack Password: password Hopefully you can help me out. Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 Just wanted to add that this is a page that currently does not log in the user. If the user is already logged in then they will stay logged in. If the information is not valid an error message will display, and if the information is valid the page simply reloads. I have added in the error_reporting code and will continue to check my logs. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 27, 2008 Share Posted August 27, 2008 In the posted code, when login is successful, the code attempts to perform the following (line 66 in the posted code) - header("Location: " . $MM_redirectLoginSuccess); Which should redirect to index.php. The code needs an exit; statement after the header redirect so that all the remaining code on the page is not executed. However, the redirect is not working (unless that page is index.php), probably because some content is being output prior to the header() statement. Adding the two lines of code I gave above should point out what is preventing the header() redirect from working. Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 This page is index.php I can add in a exit; on the next line though and see what that does. Quote Link to comment Share on other sites More sharing options...
discomatt Posted August 27, 2008 Share Posted August 27, 2008 The exit is more for security purposes. Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 hmmm well I just added exit afte rthe header redirect header("Location: " . $MM_redirectLoginSuccess); exit; to 3 pages and it seemed to do the trick. Thanks a lot for the help Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 27, 2008 Share Posted August 27, 2008 The exit prevents the remainder of the code/html on the page from being executed and output, in this case making it appear that the page just reloaded, while the browser performs the redirect. Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 So out of curiosity was the problem that the page was adding the rest of the content after the redirect to the POST data and exceeding my max limit? Don't get me wrong, I'm happy this appears to be an easy fix. But I am rather curious what happened. Thanks again for the help though. I am still very new to web development in general let alone php and this was causing me such a headache. *Edit* I tried rereading what you posted. So are you saying that the page did get the information but because it kept outputting code simply didn't redirect? If this is the case I wonder why some pages worked while others did not. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted August 27, 2008 Share Posted August 27, 2008 The remainder of the code on the page is identical to what would be executed if you are logged in and reached the page through the redirect. What exactly is different in the resultant page without the exit and with it? My guess is that because a longer page is still being output to the browser that it interferes with if or how the redirect page is requested. A shorter page "works" because it has been completely output to the browser and the redirect/request for the page is performed correctly. Quote Link to comment Share on other sites More sharing options...
DScarlatella Posted August 27, 2008 Author Share Posted August 27, 2008 The only difference for a lot of pages is that the login box now doesn't have a form, but instead just has a message letting the user know that they are logged in and should log out when finished. On other pages different user groups have access to different information and this was just written out as and if else statements. If the user has the proper access they will see this information, else they will see this information. Thanks again for your time. I'm very glad that this issue has be resolved. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.