PHP Script works in Chrome, but not IE or Firefox?

[fRAiLtY-]

Hi guys,

 

I've got this login script I've used time and time again in the past. I'm developing on networked MySQL server, so it's in a cupboard in the other room connected to our network with an internal IP. This is the only thing I can think is causing a problem?

 

This is the index.php page, which deals with the login. In Chrome, I login and get redirected where I should. In the other browsers the page just refreshes. You'll see I change the $message variable depending on login status and this doesn't change either in FF/IE, however if I force a false login in Chrome I get the error message, as expected.

 

<?php

// Start session 
session_start();

// Include connection
require('includes/connect.php');

// Set default message
$message = "Please Login.";

// Check if form is submitted
if(isset($_POST['login'])) {

	$username = mysqli_real_escape_string($db,$_POST['username']);
	$password = mysqli_real_escape_string($db,md5($_POST['password']));

	// Set default session status
	$_SESSION['loggedIn'] = "false";

	// Execute query
	$login = "SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 1"; 
	if (!($result = mysqli_query($db,$login))) {
		die(mysqli_connect_error());
	}

	// Check for match if not display error message
	if (mysqli_num_rows($result) != 1) {
		$message = "<p class='error-msg'>Login Failed - Please try again!</p>";
	} else {

		// Build array of user data
		$userdata = mysqli_fetch_assoc($result);

		// Set sessions then redirect
		$_SESSION['loggedIn'] = "true";
		$_SESSION['user'] = $username;
		$_SESSION['name'] = $userdata['fullname'];
		$_SESSION['level'] = $userdata['level'];
		$_SESSION['code'] = $userdata['linkedcodes'];

		// Check user level and forward
		if($userdata['level'] == 1) {
			header("Location:/my/admin/");
		} else header("Location: /my/dashboard/");

		// Exit rest of script
		exit;
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
        
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>myblackwellprint.co.uk | Customer Portal</title>
<link rel="stylesheet" type="text/css" href="css/main.css" />
</head>
<body>
<div id="login-page">
	<p class="login-welcome-msg"><?php echo $message; ?></p>
		<form id="login-form" action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
			<p style="margin-left:80px;"><label for="login">Username: </label><input id="login" class="login-fields" type="text" name="username" /><br />
			<label for="password">Password:  </label><input id="password" class="login-fields" type="password" name="password" /><br /></p>
			<p style="margin-left:185px;"><input type="image" width="120" height="32" src="img/login_button.png" name="login" value="Login" /></p>
		</form>
</div>
</body>
</html>

 

It's very strange, naturally no errors seems to occur as to all intents and purposes the script works? Firebug reports no errors either, there's very little to the script to error!

[trq]

The Location header should be passed a url, not a relative path like it appears you are doing.

[fRAiLtY-]

Hi,

 

Thanks for that, I have updated my code as follows (as stated earlier 10.0.0.149 is the internal IP of the machine SQL is running on.

 

<?php

// Start session 
session_start();

// Include connection
require('includes/connect.php');

// Set default message to blank
$message = "Please Login.";

// Check if form is submitted
if(isset($_POST['login'])) {

	$username = mysqli_real_escape_string($db,$_POST['username']);
	$password = mysqli_real_escape_string($db,md5($_POST['password']));

	// Set default session status
	$_SESSION['loggedIn'] = "false";

	// Execute query
	$login = "SELECT * FROM users WHERE username = '$username' AND password = '$password' LIMIT 1"; 
	if (!($result = mysqli_query($db,$login))) {
		die(mysqli_connect_error());
	}

	// Check for match if not display error message
	if (mysqli_num_rows($result) != 1) {
		$message = "<p class='error-msg'>Login Failed - Please try again!</p>";
	} else {

		// Build array of user data
		$userdata = mysqli_fetch_assoc($result);

		// Set sessions then redirect
		$_SESSION['loggedIn'] = "true";
		$_SESSION['user'] = $username;
		$_SESSION['name'] = $userdata['fullname'];
		$_SESSION['level'] = $userdata['level'];
		$_SESSION['code'] = $userdata['linkedcodes'];

		// Check user level and forward
		if($userdata['level'] == 1) {
			header("Location: http://10.0.0.149/my/admin/");
		} else header("Location: http://10.0.0.149/my/dashboard/");

		// Exit rest of script
		exit;
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
        
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>myblackwellprint.co.uk | Customer Portal</title>
<link rel="stylesheet" type="text/css" href="css/main.css" />
</head>
<body>
<div id="login-page">
	<p class="login-welcome-msg"><?php echo $message; ?></p>
		<form id="login-form" action="http://10.0.0.149<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post">
			<p style="margin-left:80px;"><label for="login">Username: </label><input id="login" class="login-fields" type="text" name="username" /><br />
			<label for="password">Password:  </label><input id="password" class="login-fields" type="password" name="password" /><br /></p>
			<p style="margin-left:185px;"><input type="image" width="120" height="32" src="img/login_button.png" name="login" value="Login" /></p>
		</form>
</div>
</body>
</html>

 

No change in the outcome however, page appears to just refresh in FF/IE.

[EdwinPaul]

The correct way to check if a form is submitted is NOT:

// Check if form is submitted
if(isset($_POST['login'])) {

Some browsers do not sent the submit-button if you hit enter. You can check this by displaying the array $_POST before the line mentioned above.

Better is:

if ($_SERVER['REQUEST_METHOD'] == 'POST' ){

[fRAiLtY-]

That's worked a treat, thank you!