POST in PHP misbehaving - head and wall damaged :)

[tork]

Hi:

Basically, when the data I enter into the form is not valid, then the form action script statement "if (isset($_POST['submitted']))" works upon submitting. However, if the data is valid, then the form action is ignored and the index file is actioned. Eh .. see what I mean? Honestly, I'm taking my pills   This is either so obvious or a secret only deep specialists know, methinks.

You should know that there is an .htaccess redirection for the index file only, and that it's on the same shared server within the same root directory tree. For all my years of developing, I'm stumped! Attached is what I believe to be the relevant scripting.

 

The directory tree..

 

root (.htaccess)

|

nm_app (nm_mysqli_connect where MYSQLI is defined)

|

htdocs (index.php; nm_login.php)

|

includes (nm_config.inc.php; nm_header.php; nm_footer.php)

 

nm_app_php_post_issue.php

[mac_gyver]

your form processing code is redirecting, likely to index.php, upon a successful login. i would say it is probably doing what it was written to do.

[tork]

Yes, it's redirecting to index.php. It was not written to do this since the only action is to the nm_login.php script. The question is, why is it redirecting with a change in data values?

Edited October 11, 2013 by tork

[mac_gyver]

this is from line 14 of your pseudo code -

 

            // Register the values & redirect:

 

 

the form is submitting to the nm_login.php page. when the code on that page is successful, it is intentionally redirecting somewhere besides the nm_login.php page. the code is doing what it was written to do.

[tork]

I tested to see if it arrived at the nm_login.php script, but it didn't. That's where the validation tests are conducted and the outputs confirming success are. So the redirection is taking place before this. What could redirect the submission before testing the data?

[mac_gyver]

it would take having your actual and complete code, less any database credentials, to help you.

 

there is no magic involved in programming. if that's your complete and actual form and you only have the one opening <form > tag on that page, it will submit to the page in the action=' ... ' attribute. the only way it would not is if you had another opening <form > tag earlier on that page and the form you showed us is inside of the first form or the code is actually going to the nm_login.php page and being redirected from that page to the index.php page.

 

any chance you are doing url rewriting in your .htaccess file?

Edited October 11, 2013 by mac_gyver

[tork]

Here's the actual code (less credentials), and the .htaccess rewrite & redirect. The redirect forces a slight change in the nm_header and nm_footer menu hrefs, so I created nm_header_for_index.php and nm_footer_for_index to accommodate this. Here's the .htaccess .. I don't know if this code could screw the forum server, so I've prefixed each command with 'copy' .. and it starts with the rewrite engine ON.

 

copy# Rewrite the URL for index.php with no path showing
copyRewriteCond %{REQUEST_URI}  ^/?$        [NC]
copyRewriteCond %{REQUEST_URI}  !index\.php [NC]
copyRewriteRule .*  /nm_app/htdocs/index.php  [NC,L]

copy## Redirect the user to the index.php file but with the path showing
copyRedirect /index.php http://www.site_name.com/nm_app/htdocs/index.php

.. the missing parts to the above link: .com/nm_app/h

 

index.php

nm_config.inc-copy-without-real-IDs.php

nm_header_for_index.php

nm_footer_for_index.php

nm_login.php

nm_header.php

nm_mysqli_connect-copy-without-real-IDs.php

nm_footer.php

 

The directory structure:

root (.htaccess)

|

nm_app (nm_mysqli_connect.php)

|

htdocs (index.php; nm_login.php)

|

includes (nm_config.inc.php; nm_header_for_index.php; nm_footer_for_index.php; nm_header.php; nm_footer.php)

Edited October 11, 2013 by tork

[mac_gyver]

so, i tried your actual code and your code IS doing what i stated in reply #2 and #4. upon a successful login, it is redirecting to header("Location: $url");, where $url is $url = BASE_URL; and BASE_URL is define ('BASE_URL', 'http://www.site_name.com/');. This will cause the browser to request your default index.php document.

 

if your expected result was to see the messages you are echoing in the nm_login.php code, you won't because you are specifically and deliberately using output buffering in your actual script. this buffers any output you (or php) try to send to the bowser and the buffered output is a) discarded upon the header() statement and b) you are specifically calling ob_end_clean(), which is cleaning/discarding the content in the buffer.

 

two recommendations -

 

1) remove all of the output buffering statements from your code and if output_buffering is turned on in your php.ini, turn it OFF. the net effect of using these is to hide what is really happening in your code. you would only want to use output buffering when you want to buffer and/or capture the output.

 

2) remove any @ error suppressors in your code. again, the net effect of them is to hide what is really happening in your code.

Edited October 12, 2013 by mac_gyver

[tork]

Thank you, Guru, for taking the time to assist me. I have taken your suggestions and it resolved as you said.

 

However, I see that the session ID changes when index.php is started after a successful login.

 

echo '<h1>Welcome';
if (isset($_SESSION['first_name'])) {
    echo ", {$_SESSION['first_name']}!";

 

should produce "Welcome, Jimmy!", yet only "Welcome" is output, and should select the logout script group in nm_footer.php and nm_footer_for_index.php scripts.

 

I only have session_start(); in the nm_header.php and nm_header_for_index.php scripts, and no session data being deleted (to my understanding).

 

How do I get the session ID to remain the same?

Edited October 12, 2013 by tork

[tork]

Also, when I start afresh with site_name.com after a successful login (but without being able to logout) then the session ID is picked up and "Welcome, Jimmy!" and the logout group appear. So now it's picking up the session data, when before it didn't. How come?

Edited October 12, 2013 by tork

[mac_gyver]

it's likely your URL is changing between not having and then having the www. (host-name/sub-domain name) in it and the session id cookie isn't set up to match all variations of your domain name, only the exact variation where it was first set at. then once you redirected to the variation with the www. in it and logged in, the session id cookie matches the current variation of the URL of the pages.

 

you need to set the session id cookie domain to be .your_domain.com (with the leading dot) so that it matches all variations of your domain name. this needs to be set before every session_start() statement. ref: http://us2.php.net/manual/en/function.session-set-cookie-params.php

 

it's also possible your code is outputting something before the session_start() statement and the session variables aren't actually working in some situations. do you have php's error_reporting set to E_ALL and display_errors set to ON in your php.ini so that all the php detected errors will be reported and displayed?

[tork]

Thank you Guru. I set all the php.ini parameters that you recommended. And I put the

session_set_cookie_params(120, '/', '.site_name.com'); (2 mins only, for immediate testing and re-testing .. ).

It all works perfectly.

Much obliged  *secret hero worship taking place*

 

If you're Canadian like me, have a good thanksgiving.