Login works on Firefox, but not other browsers.

[-Karl-]

Well, my login works on Firefox, but not on IE, Safari, Opera, or Chrome.

 

I have my session start:

      function startSession()
      {
          session_start();
          
          $this->logged_in = $this->checkLogin();
          
          if (!$this->logged_in) {
              $this->username = $_SESSION['username'] = "Guest";
              $this->userlevel = 0;
              User::addActiveGuest($_SERVER['REMOTE_ADDR'], $this->time);
          } else {
              User::addActiveUser($this->username, $this->time);
          }
          
          User::removeInactiveUsers();
          User::removeInactiveGuests();
      }

 

Check Login:

      function checkLogin()
      {
          if (isset($_COOKIE['SITE_COOKIE']) && isset($_COOKIE['SITE_COOKIE_ID'])) {
              $this->username = $_SESSION['username'] = $_COOKIE['SITE_COOKIE'];
              $this->cookie_id = $_SESSION['cookie_id'] = $_COOKIE['SITE_COOKIE_ID'];
          }
          
          if (isset($_SESSION['username']) && isset($_SESSION['cookie_id']) && $_SESSION['username'] != "Guest") {
              if (User::confirmUserID($_SESSION['username'], $_SESSION['cookie_id']) != 0) {
                  unset($_SESSION['username']);
                  unset($_SESSION['cookie_id']);
                  return false;
              }
              
              $this->userinfo = User::getUserInfo($_SESSION['username']);
              $this->username = $this->userinfo['username'];
              $this->cookie_id = $this->userinfo['cookie_id'];
              $this->userlevel = $this->userinfo['userlevel'];
              return true;
          } else {
              return false;
          }
      }

 

Login:

      function login($uname, $upass, $uremember)
      {
          global $msgError;
          if (!$uname || strlen($uname = trim($uname)) == 0) {
              $msgError = "<span>Error!</span>Please enter valid username and password.";
          }
          
          if (!$upass) {
              $msgError = "<span>Error!</span>Please enter valid username and password.";
          }
          
          $uname = $this->sanitize($uname);
	  $upass = $this->sanitize($upass);
          $result = User::confirmUserPass($uname, $upass);
          
          
          if ($result == 0) {
              $msgError = "<span>Error!</span>Please enter valid username and password.";
          } elseif ($result == 2) {
              $msgError = "<span>Error!</span>Please enter valid username and password.";
          } elseif ($result == 3) {
              $msgError = "<span>Error!</span>Your user account has not been activated yet!";
          }
          
          if (empty($msgError)) {
		  $this->userinfo = User::getUserInfo($uname);
		  $this->id = $_SESSION['id'] = $this->userinfo['id'];
		  $this->username = $_SESSION['username'] = $this->userinfo['username'];
		  $this->cookie_id = $_SESSION['cookie_id'] = $this->generateRandID();
		  $this->userlevel = $this->userinfo['userlevel'];
              
		  User::updateUserField($this->username, "timestamp", $this->time);
              User::updateUserField($this->username, "cookie_id", $this->cookie_id);
              User::addActiveUser($this->username, $this->time);
              User::removeActiveGuest($_SERVER['REMOTE_ADDR']);
		  User::updateUserField($this->username, "ip", $_SERVER['REMOTE_ADDR']);
              
		  if ($uremember) {
			  setcookie("SITE_COOKIE", $this->username, time() + COOKIE_EXPIRE, COOKIE_PATH);
			  setcookie("SITE_COOKIE_ID", $this->cookie_id, time() + COOKIE_EXPIRE, COOKIE_PATH);
		  }
              return true;
          } else {
              return false;
          }
      }

 

 

This is in my Login.php:

  if ($session->logged_in)
      redirect("/admincp");
  
  if (isset($_POST['login']))
      : $result = $session->login($_POST['username'], $_POST['password'], isset($_POST['remember']));
  /* Login successful */
  if ($result)
      : redirect("/admincp");
  endif;
  endif;

 

And in the admin CP:

  if (!$session->logged_in)
      redirect("/admin");

 

 

This all works fine on Firefox, but when it comes to any other browser, no error is displayed, so it's definitely working. I think it's something to do with the sessions, but I have no idea what. I've been over and over the code and I can't figure it out. Perhaps a fresh set of eyes can help me out.

 

Any input is appreciated.

[premiso]

Generally speaking, when a login works on Firefox, but no others, it means your HTML form has errors. Firefox has a nasty habit of correcting these minor html tag problems, others do not.

 

Look at your html tags and make sure they are correct syntax and properly closed etc.

[-Karl-]

Umm, doubt it's the form, as it goes to the admin cp page, then gets redirected back to the login page. So my guess is the sessions are incorrectly set.

[-Karl-]

Here's my form:

      <form action="<?php htmlentities($_SERVER['PHP_SELF']);?>" name="lForm" id="lForm" method="post">
        <input type="hidden" name="login" value="1" />
        <table>
            <tr>
                  <td><label for="username">Username:</label></td><td><input name="username" type="text" class="inputbox" id="username" size="24" maxlength="20" /></td>
            </tr>
            <tr>      
                  <td><label for="username">Password:</label></td><td><input name="password" type="password" class="inputbox" id="password" size="24" maxlength="20" /></td>
            </tr>
        </table>
        <input name="remember" type="checkbox" class="checkbox" value="1" />
        Remember me<br />
        <button type="submit" class="button" id="submit" name="submit">Login</button>
        <br />
      </form>

 

Just tried this in login.php:

   if (isset($_POST['login']))
      echo '1';

 

And 1 does not get echoed.

[TeddyKiller]

if ($session->logged_in) redirect("/admincp");
      
if (isset($_POST['login'])) :
      echo '1'; // If this doesn't get shown when you dont get logged in, put exit; after the echo
      $result = $session->login($_POST['username'], $_POST['password'], isset($_POST['remember']));
      /* Login successful */
      if ($result) redirect("/admincp");
endif;

[premiso]

Karl,

 

It is your HTML form.

 

<button type="submit" class="button" id="submit" name="submit">Login</button>

 

I know has issues with IE etc. They do not like buttons nor do they recognize them. You have two choices. using the

 

<input type="submit" name="submit" class="button" value="Login" />  

 

Or by submitting the form with a "button" like design with Javascript. Also, you do not need to surround $_SERVER['PHP_SELF'] in the form action with the htmlentities, this is unnecessary.

[PFMaBiSmAd]

Did you develop your code using FF? If so, you probably already have a cookie set. Try it in FF after you delete any cookies that match your domain/localhost name.

 

Edit: Actually I tried the form in IE8 and it submitted the expected POST variables, though it is true that IE and buttons generally need some javascropt to submit forms.

[-Karl-]

Did you develop your code using FF? If so, you probably already have a cookie set. Try it in FF after you delete any cookies that match your domain/localhost name.

 

Fair point, I just cleared my cache and it doesn't log in using firefox.

 

Karl,

 

It is your HTML form.

 

<button type="submit" class="button" id="submit" name="submit">Login</button>

 

I know has issues with IE etc. They do not like buttons nor do they recognize them. You have two choices. using the

 

<input type="submit" name="submit" class="button" value="Login" />  

 

Or by submitting the form with a "button" like design with Javascript. Also, you do not need to surround $_SERVER['PHP_SELF'] in the form action with the htmlentities, this is unnecessary.

Made no difference.

[-Karl-]

I commented out

  /*if (!$session->logged_in)
      redirect("/rhnew/admin");*/

 

From admin CP.

 

This stopped it redirecting so the login works.

 

The problem is the checkLogin function. Not sure what though.

[Pikachu2000]

 

EDIT: I guess others noticed this as well while I was typing (or eating) 

 

Sort of a shot in the dark, but . . .  You may need to add a hidden field to validate form submission. I haven't tested this, but apparently IE and possibly some others interpret the value of buttons in a non-standard manner (big surprise, huh?). If that's what's happening, your if( isset($_POST['login']) ){ may be returning FALSE.

 

<button type ="submit" value="login" name="button">Press</button>
// Most browsers return "login" as the value, but apparently, IE would return "Press".

[-Karl-]

 

EDIT: I guess others noticed this as well while I was typing (or eating) 

 

Sort of a shot in the dark, but . . .  You may need to add a hidden field to validate form submission. I haven't tested this, but apparently IE and possibly some others interpret the value of buttons in a non-standard manner (big surprise, huh?). If that's what's happening, your if( isset($_POST['login']) ){ may be returning FALSE.

 

<button type ="submit" value="login" name="button">Press</button>
// Most browsers return "login" as the value, but apparently, IE would return "Press".

 

Well, after some testing. I've established it's not the form it's the checkLogin function that's causing it to redirect as it's returning false.

 

I know this because without the if (!$session->logged_in) redirect("/admin"); in admincp.php it will login and return to the control panel.

[PFMaBiSmAd]

You may need to add a hidden field to validate form submission.

 

^^^ He has that, though I didn't look to see if the code was testing that or the button name.

[Pikachu2000]

Oh, for cryin' out loud. It's right there on line 2. Off to the optometrist I go . . .

[-Karl-]

Login works now, but echo $session->username; keeps echoing Guest, not the username of my account. Can't figure out why.

[TeddyKiller]

Oh, for cryin' out loud. It's right there on line 2. Off to the optometrist I go . . .

Optomwhat? Don't you mean Opticians? o.O

[marcus]

Optometrists are doctors of optometry

Opticians are the ones who make the lenses.

[TeddyKiller]

Optometrists are doctors of optometry

Opticians are the ones who make the lenses.

Oh.. its jsut the place is called opticians, so i always thought.. they check if you are blind XD

[Pikachu2000]

Think of it this way . . . 

 

<?php
$Optometrist = 'eye doctor';
$Optician = 'eyeglass maker';

if( $visit == $Optician ) {
     if( empty($Optometrist) ) {
          die( "Must first visit $Optometrist for eye exam!" );
     } else {
     $glasses = array( 
     0 => 'Money',
     1 => 'prescription' );
     }
}
?>

[jcbones]

Notice: Undefined variable: visit in: Optometrist/lesson.php

[TeddyKiller]

The sessions and cookies aren't being set properly, by the looks of it. (I've been working on this aswell foreveryone elses notice)

 

session_start is definately used at the top of pages too.. anyone know of a fix? My guess is with php.ini, because with some echo's.. it does all the right echo's, like it should be setting the sessions etc... but it just doesn't pass the value of the session across.. it makes no sense.

[Pikachu2000]

Notice: Undefined variable: visit in: Optometrist/lesson.php

 

ini_set('display_errors', 0);

[TeddyKiller]

After a further test, of creating two pages.

test.php and test2.php, test2.php basically echo's the session. test.php sets it, and gives a link to test2.php, and this works.. O.O.

 

The only thing I can think of, is that its performaning an unexpected session_unset, or logout. - I's been changed so that it'll only go through checklogin if sessions are set. It doesn't go through the check login (we echo'd to test) and it doesn't. It is down to the sessions not being set. I don't get why. It's completely baffled us..