Blank screen on successful login

[strawbshaker]

Hi everyone,

I am having trouble with a snipet of login code that I am working on. most of it seems to be working fine as all the following work:
- The login failed screen comes up when the username and password are entered incorrectly and don't match what is held in the database.
- When login is successful the database is updated accordingly with the date/time of last login.

What doesn't happen though is the login successful screen appearing. I think it might have something to do with the following line of code:
[code]header("Location: /loggedin.php");[/code]

Can anyone help? The full code for my login.php is below:

[code]
<?php
include $_SERVER['DOCUMENT_ROOT'].'/common.php';
include $_SERVER['DOCUMENT_ROOT'].'/layout.php';

$req = (!isset($_REQUEST['req'])) ? 'default' : $_REQUEST['req'];
switch($req){
   
case "validate":
   $validate = mysql_query("SELECT * FROM dbtable
                           WHERE username='{$_POST['username']}'
                           AND password = md5('{$_POST['password']}')
                           AND verified='1'
                           ") or die (mysql_error());
                           
   if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
         $_SESSION['login'] = true;
         $_SESSION['userid'] = $row['id'];
         $_SESSION['first_name'] = $row['first_name'];
         $_SESSION['last_name']  = $row['last_name'];
         $_SESSION['email_address'] = $row['email_address'];
         setcookie('userid', $unique_userid, time()+24*3600*60);
         
         if($row['admin_access'] == 1){
            $_SESSION['admin'] = true;
         }
         $login_time = mysql_query("UPDATE dbtable
                       SET last_login=now()
                       WHERE id='{$row['id']}'");
       }
       session_write_close();
       header("Location: http://www.mydomain.com/loggedin.php");
   } else {
      myheader("Login Failed!");
      echo '<p align="center">Login Failed</p>';
      echo '<p align="center">Your user name or password '.
           'is incorrect. Passwords are case sensitive. '.
           'Please check and try again.';
      myfooter();
   }
break;

default:
   myheader("Login!");
      include $_SERVER['DOCUMENT_ROOT'].
              '/html/forms/login_form.htm';
   myfooter();
break;
}

?>
[/code]

[mainewoods]

before you do a [code]header("Location:???"); [/code] you should use [code]session_write_close(); [/code] to make sure that the session variables are actually updated.  I assume loggedin.php accesses the session variables for security.

[strawbshaker]

I have tried inserting the following as suggested:
[code]$login_time = mysql_query("UPDATE dbtable
                      SET last_login=now()
                      WHERE id='{$row['id']}'");
      }
      session_write_close();
      header("Location: /loggedin.php");[/code]

I have tried using set cookie recommended in anther thread and that hasn't worked either.

[strawbshaker]

Is ther a better line of code that I can use instead of:

[code]header("Location: /loggedin.php");[/code]

[mainewoods]

Sometimes the [code]header("Location:???"); [/code] requires a fully qualified url: 'http://???', it does on my system.

[redarrow]

Try this when you login should goto google ok.
[code]
<?php
include $_SERVER['DOCUMENT_ROOT'].'/common.php';
include $_SERVER['DOCUMENT_ROOT'].'/layout.php';

$req = (!isset($_REQUEST['req'])) ? 'default' : $_REQUEST['req'];
switch($req){
 
case "validate":
  $validate = mysql_query("SELECT * FROM dbtable
                          WHERE username='{$_POST['username']}'
                          AND password = md5('{$_POST['password']}')
                          AND verified='1'
                          ") or die (mysql_error());
                         
  if(mysql_num_rows($validate) == 1){
      while($row = mysql_fetch_assoc($validate)){
        $_SESSION['login'] = true;
        $_SESSION['userid'] = $row['id'];
        $_SESSION['first_name'] = $row['first_name'];
        $_SESSION['last_name']  = $row['last_name'];
        $_SESSION['email_address'] = $row['email_address'];
       
        if($row['admin_access'] == 1){
            $_SESSION['admin'] = true;
        }
        $login_time = mysql_query("UPDATE dbtable
                      SET last_login=now()
                      WHERE id='{$row['id']}'");
     
      header("Location: http://www.google.com");
}
  } else {
      myheader("Login Failed!");
      echo '<p align="center">Login Failed</p>';
      echo '<p align="center">Your user name or password '.
          'is incorrect. Passwords are case sensitive. '.
          'Please check and try again.';
      myfooter();
  }
break;

default:
  myheader("Login!");
      include $_SERVER['DOCUMENT_ROOT'].
              '/html/forms/login_form.htm';
  myfooter();
break;
}

?>
[/code]

[strawbshaker]

I have added/updated the following code in my mai script and still no joy:

[code]setcookie('userid', $unique_userid, time()+24*3600*60);[/code]

[code]session_write_close();
header("Location: http://www.mydomain.com/loggedin.php");[/code]

Any other advise? Thank you to those who have already contributed.

[redarrow]

did you try my code you goto use a header the close of the if statement try it ok.

[mainewoods]

Try putting this code:

[code]<?php
    echo "made it here!";
    exit; //no more code executed
?>[/code]at the top of your 'loggedin.php' page.  Maybe that page has an error in it.  Maybe a syntax error, try calling the page directly from the address field of your browser with the code above in it.

[para11ax]

Can you post the login form?  I'm used to login forms sending $_POST variables.  Could that be the problem, or does your login form process itself and then send the user to this validation page with the  POST variables as REQUEST variables?

Though, if this is the case it should still go to default, but it seems like it's worth a shot.

[strawbshaker]

I have moved the header() as suggested by redarrow and changed to content of my loggedin.php fole to check if the error is there. I have combed through every possible connecting script to check for errors and I can't find any thing wrong. I feel like crying as I got stuck on this when I went to bed last night and have been working on it all day so far and haven't got any where. AAAGGGHHH!!!

Thanks for trying to help though and keep the suggestions coming! i really appreciate any help.

[strawbshaker]

here's the login_form.htm:

[code]<div align="center">Please Login</div>

<form action="/login.php" method="post">
  <table width="30%" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
      <td width="19%">Username:</td>
      <td width="81%"><input name="username" type="text" id="username" value="<?=$_POST['username'];?>" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><div align="center">
          <input type="hidden" name="req" value="validate" />
          <input type="submit" name="Submit" value="Submit" />
        </div></td>
    </tr>
  </table>
</form>
[/code]

[mainewoods]

did you just try entering ' http://www.mydomain.com/loggedin.php' directly into the browser address field to try to bring up that page by itself and make sure there is nothing wrong with that page?

[strawbshaker]

I tried that and the loggedin.php page came up no problem.

Have I missed a slash, colon or anything like that anywhere that might be causing this error?

[redarrow]

POST upercase in the form ok.

[mainewoods]

I don't see [code]session_start(); [/code] in your code, is it in one of the 'includes' above?

[para11ax]

Correct me if I'm wrong, but post variables go into the $_POST array, so you should change the line:

[code]
$req = (!isset($_REQUEST['req'])) ? 'default' : $_REQUEST['req'];
[/code]

to:

[code=php]
$req = (!isset($_POST['req'])) ? 'default' : $_POST['req'];
[/code]

[strawbshaker]

I ahve just noticed that when I get the blank screen the web address bar says I an still on login.php and not loggedin.php.

[redarrow]

[code]
<div align="center">Please Login</div>

<form action="/loggedin.php" method="POST">
  <table width="30%" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
      <td width="19%">Username:</td>
      <td width="81%"><input name="username" type="text" id="username" value="<?=$_POST['username'];?>" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><div align="center">
          <input type="hidden" name="req" value="validate" />
          <input type="submit" name="Submit" value="Submit" />
        </div></td>
    </tr>
  </table>
</form>

[/code]

[strawbshaker]

session_start(); is in the one of the includes. The code used looks like this:

[code]session_start();
session_name('ClientLogin');
header("Cache-control: private"); //Fix for IE[/code]

I have tried replacing $_REQUEST with $_POST and I am still getting the same result. Should the form method for the form in login_form.htm not be $_POST instead of just POST maybe?

[strawbshaker]

[color=red][size=18pt]REDARROW IS INDEED A PHP GURU! [/size] [/color]

A true superstar! Thanks dude. Changing the form action to loggedin.php from login.php solved the problem. I can't believe I have spent ALL DAY (from 10am to 18:16pm UK time) trying to solve this silly mistake. Thanks again. I'm not sure I would ever have thought to revisit that part of my code.

Thanks to everyone else for helping, you're all true gems!

[strawbshaker]

[color=blue][b]Last question:[/b][/color]

Is it possible to have the form action set to 2 pages?

For example:
[code]<form action="login.php,loggedin.php" method="POST">[/code]

The reason I want to do this is because:
a) when it is set to login.php it updates things like the hyperlink box to display the right section of hyper link but then I get the blank screen on successful login.
b) when it is set to loggedin.php I get to the page I want to be at but it doesn't update the hyperlinks box.

Any advice?

[redarrow]

from your login result send them to a update page to update the information then send then to the home page ok.

on login_result.php add this so the user goes to update and back agin ok.

you add this on the page that the form post to ok.
[code]

if($_GET['redirect']=="user"){
header("location: update.php?cmd=update");
}
[/code]


add this to the form already done ok.
[code]
<div align="center">Please Login</div>

<form action="/loggedin.php?redirect=user" method="POST">
  <table width="30%" border="0" align="center" cellpadding="0" cellspacing="0">
    <tr>
      <td width="19%">Username:</td>
      <td width="81%"><input name="username" type="text" id="username" value="<?=$_POST['username'];?>" /></td>
    </tr>
    <tr>
      <td>Password:</td>
      <td><input name="password" type="password" id="password" /></td>
    </tr>
    <tr>
      <td>&nbsp;</td>
      <td><div align="center">
          <input type="hidden" name="req" value="validate" />
          <input type="submit" name="Submit" value="Submit" />
        </div></td>
    </tr>
  </table>
</form>
[/code]

fill in what needs to be filled in ok.

copy and past call it update.php

update.php

[code]

<?php session_start();

// database connection.

$db=mysql_connect("xxx","xxx","xxx");
mysql_select_db("xxxxxxxxx",$db);


// from a link if cmd == update

if($_GET['cmd']=="update"){


$query_update="update xxx set xxx=xxx where xxx=xxx and xxx=xxx ";
$result_query=mysql_query($query_update);

header("location: index.php");

}
?>

[/code]

i hope you can work on this ok good luck.