Login script problems in IE

[james g]

Hi All

 

I'm trying to get my login script to work with IE (I used firefox when developing it and everything works fine in this).

 

The problem is that when I try and login with IE, rather than redirecting me to the user area, IE loops back and redisplays the login script. I've so far worked out that IE isn't picking up the action == login bit that I try to post back to the same page to perform the login.

 

Does anyone have any pointers as to why this causes IE to loop, rather than login? Interestingly, it seems to pick up the user id when it loops back to itself (i.e. displays the user post value back in the username login box).

 

Here is the code of the page (i've intentionally blanked out the d/b host information)

<?php
// these are the database settings
$cfg['host']		= "xxx";
$cfg['user']		= "xxx";
$cfg['pass']		= "xxx";
$cfg['database']	= "xxx";                             
// This is the location to send the user after successfully login
$cfg['onSuccess'] = "./secure.php";
// This is the location to send the user after clicking cancel
$cfg['onCancel'] = "./index.php";
// starts the session to track the user variables.
session_start();
// the name of the users table
$cfg['usersTable']  = "users";
// Connect and select the database
mysql_connect($cfg['host'],$cfg['user'],$cfg['pass']) or die ('Could not connect to localhost');
mysql_select_db($cfg['database']);
// process the login request
if($_POST['action'] == "login")
{
// check to see if the user field or pass field is empty. if so set message.
if(empty($_POST['user']) || empty($_POST['pass']))
	{
	// user or pass was empty. set the message text
	$message = "You must enter a valid username and password!";
	}
else
	{
	$_POST['pass'] = md5($_POST['pass']);
	// query the users table
	$query = mysql_query("SELECT * FROM ".$cfg['usersTable']." WHERE u_mobile='".$_POST['user']."' AND u_pass='".$_POST['pass']."' LIMIT 1") or die('query failed!');
	// did the query return a user
	if(mysql_num_rows($query) == 1)
		{
		// set the session variables with the user data
		while($row = mysql_fetch_assoc($query))
			{
			$_SESSION['auth']['ID']				= $row['u_id'];
			$_SESSION['auth']['mobile']		    = $row['u_mobile'];
			$_SESSION['auth']['forename']		= $row['u_forename'];
			$_SESSION['auth']['surname']		= $row['u_surname'];
			$_SESSION['auth']['title']		    = $row['u_title'];
			$_SESSION['auth']['password']		= $row['u_password'];
			$_SESSION['auth']['email']			= $row['u_email'];
			$_SESSION['auth']['class']	        = $row['u_class'];
			$_SESSION['auth']['status']			= 1;
			}
		// login was successfull. redirect to the onSuccess location
		header("Location: ".$cfg['onSuccess']);
		exit();
		}
	else
		{
			// user did not exist. set the message text
			$message = "<B>User does not exist.</B><br>Check your username and password.".$query."";
		}
	}

// do this if the logout command is set (action=logout)
}

elseif($_GET['action'] == "logout")
{
	// unset the authentication session variable
	unset($_SESSION['auth']);
	// redirect to the onCancel location
	header("Location: ".$cfg['onCancel']);
	exit();
}

if($_SESSION['auth']['status'] != 1)
{

//display login form if the user isn't logged in
//was $_SERVER['PHP_SELF']
Echo"<form method='post' action='login.inc.php'";
Echo"<input type='hidden' name='action' value='login'>";
Echo"<table align='center'>";
Echo"<tr>";
Echo"<td style='text-align:center;'>";
Echo"<table width='250'>";
if(isset($message))
	{		
		echo "<tr><td colspan='2'>" . $message . "</td></tr>";
	}
Echo"<tr>";
Echo"<td colspan='2' align='center'>Login Here</td>";
Echo"</tr>";
Echo"<tr>";
Echo"<td width='50%'>Mobile:</td>";
Echo"<td width='50%'><input type='text' name='user' value= " . $_POST['user'] . "></td>";
Echo"</tr>";
Echo"<tr>";
Echo"<td width='50%'>Password:</td>";
Echo"<td width='50%'><input type='password' name='pass'><td>";
Echo"</tr>";
Echo"<tr>";
Echo"<td colspan=2 align=center>";
Echo"<input type='submit' value='login'>";
//Echo"<input type='button' value='Cancel' onClick='window.location=" . $cfg['onCancel'] . ">";
Echo"</td>";
Echo"</tr>";
Echo"</table>";
Echo"</form>";
exit;
}
?>

 

Any help getting this to work would be greatly appreciated - i've spent hours reading up (on forms, post, headers, actions etc..) and haven't found a good reason why firefox is cool with this code and IE isn't.

[tmbrown]

looks like a typo

 

here

if($_POST['action'] == "login")

Should it be

if($_GET['action'] == "login")

?

[james g]

Hi tmbrown

 

Thanks for the suggestion - i've tried your idea but unfortunately it still doesn't work (I get exactly the same problem) - also, your method leads to firefox doing the same thing (i.e. not logging in, but looping around to the login page again).

 

I'm sure it has something to do with the statement

 

if($_POST['action'] == "login")

 

- i've tried using

 

if(isset($_POST['action']))

 

instead but this doesn't work either.

 

Do you have any further suggestions ? I appreciate your time.

 

 

[tmbrown]

well you else if statement is looking for a $_GET['action'] var, you should keep it uniform, make it either $_GET or $_POST. As you know $_GET is pulling from the url, therefore if it is looking for a $_POST var you should be submitting a form to get there.  Some code to try:

<?php
if(isset($_GET['action']) && $_GFET['action'] == "login"){
//Execute Code
}
else if(isset($_GET['action']) && $_GFET['action'] == "logout"){
//Execute Code
}
?>

 

You could even go so far as cases:

 

<?php
if(isset($_GET['action'])){
     switch($_GET['action]){
         case "login"   : /* Execute Code */ ; break ;
         case "logout" : /* Execute Code */ ; break ;
         default : header("location:  index.php") ; break ; 
     }
}
?>

[james g]

Hi again tmbrown. I've tried both of your suggestions - they work flawlessly in Firefox, but in IE it doesn't actually pick up the isset / action = login bit and just displays the html form I echo at the bottom of the page.

 

Any other ideas? If it helps, I include the login authentication page on the homepage, rather than calling it directly.

[tmbrown]

how are you getting to this page?  Are you submitting a form with a input field with the action as a value or are you submitting the form to the url:  yourpage.php?action=login ?

[james g]

This page is included in the homepage, so that when a user first visits the page, the login.php file will display the form - when they click login it should then send the variables to the login.php page, process these and redirect the user to the 'logged in' area, presuming they've supplied the correct username / password.

 

I use

 

Echo"<form method='post' action='login.inc.php'";

Echo"<input type='hidden' name='action' value='login'>";

 

to specify the login action.

[revraz]

You don't have a closing > in your FORM tag

 

Echo"<form method='post' action='login.inc.php'";

 

[tmbrown]

okay you can do this many ways I will show you the easiest.

 

<?php
//discover whether the form has been submitted or not
if(isset($_POST['action'])){
   //We now want to process the login info
   require_once("login.inc.php");

}
//Display the form
else{
   echo("<form action=\"".$_SERVER['PHP_SELF']."\" method=\"post\">");
       echo("<input type=\"hidden\" name=\"action\" value=\"login\" />");
       //Any other inputs you may neeed
   echo("</form>");
}
?>

What this does is makes sure the action is set BEFORE it processes anything, therefore when we get to the processor we only have the validate the info, not check for it.

[james g]

Excellent! It's working now!

 

Thanks, tmbrown and revraz.

[tmbrown]

no prooblemo