Jump to content

Recommended Posts

Hi, 

 

I have a login/register system based on this tutorial: http://pt.wikihow.com/Criar-um-Script-de-Login-Seguro-em-PHP-e-MySQL

 

In my localhost everything works fine. When I uploaded it to godaddy servers, I can register the new user but I cannot login into the users' pages. It looks like password or salt does not match, or after compare login data, it´s telling me the message: You don´t have permission to see this page, please login.  

 

Do you have any idea of what might be? Godaddy support told me they cannot help. They just fix their own services.

 

Thanks in advance.

Link to comment
https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/
Share on other sites

you are likely having an error with the session_start(). for debugging purposes, add the following two lines of code immediately after the first opening <?php tag in your main files, i.e. the files that are being requested via a url, and see what sort of php errors there may be - 

ini_set("display_errors", "1");
error_reporting(-1);

 

you are likely having an error with the session_start(). for debugging purposes, add the following two lines of code immediately after the first opening <?php tag in your main files, i.e. the files that are being requested via a url, and see what sort of php errors there may be - 

ini_set("display_errors", "1");
error_reporting(-1);

 

 

I agree...

 

I just get a 500 (internal server) error page...could not see session errors....Any idea of what changes I could write?

if you were previously getting the -  Você não está autorizado a acessar essa página, favor fazer o login. message from your code, but now you are getting a http 500 error after adding the two error_reporting/display_error lines, that would indicate that you messed up the php source code somehow and it's likely producing a php syntax error. review where and how you added those two lines of code to make sure the php syntax is not broken.

if you were previously getting the -  Você não está autorizado a acessar essa página, favor fazer o login. message from your code, but now you are getting a http 500 error after adding the two error_reporting/display_error lines, that would indicate that you messed up the php source code somehow and it's likely producing a php syntax error. review where and how you added those two lines of code to make sure the php syntax is not broken.

 

I did like you said...right after the first <?php ...

Tried after connection too and I get the same error...

 

The weird is that I´m not having any problems in my localhost (wamp server).

 

My php version is 5.5 and godaddy´s version is 5.4...

 

Is there any conflict?

the most likely causes of the problem with the code is that your file(s) are outputting something to the browser before the session_start() statement (your localhost development system may have a setting turned on that allows the code to work under this condition) or that sessions are not configured correctly on the server.

 

please post the first few lines of your code showing where and how you added the two lines that i suggested.

the most likely causes of the problem with the code is that your file(s) are outputting something to the browser before the session_start() statement (your localhost development system may have a setting turned on that allows the code to work under this condition) or that sessions are not configured correctly on the server.

 

please post the first few lines of your code showing where and how you added the two lines that i suggested.

 

 

I tried all files below.that make my register system:

 

register.php -> register_success.php (include connection, functions and redirect user to log_register.php) ->

log_register.php (same code of login.php but redirect user to complete his profile through process_login_completereg.php ):

 

process_login_completereg.php:

<?php
ini_set("display_errors", "1");
error_reporting(-1);

include_once 'db_connect.php';
include_once 'functions.php';
 
sec_session_start(); 
 
if (isset($_POST['email'], $_POST['p'])) {
    $email = $_POST['email'];
    $password = $_POST['p']; // The hashed password.
 
    if (login($email, $password, $mysqli) == true) {
        // Login com sucesso 
        header('Location: ../profile.php');
    } else {
        // Falha de login 
        header('Location: ../index.php?error=1');
    }
} else {
    echo 'Invalid Request';
}

?>

after this the user is redirected to profile.php to complete his informations. This is the part where I get the message that "You don't have permission....", asking me to login (again).

after this the user is redirected to profile.php to complete his informations. This is the part where I get the message that "You don't have permission....", asking me to login (again).

 

 

and did you add the two error_reporting/display_errors setting lines to the profile.php page?

when I type a code to return me the username at the top to confirm what user is logged in, I get no user/username

 

this is profile.php

<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
 
sec_session_start();

?>

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Profile</title>

<link rel="stylesheet" type="text/css" href="styles/main.css">
    
<script src="js/valida_cpf_cnpj.js"></script>

</head>

<body>
<div class="main">

<header></header>

<p class="div_evento"> Hello, <?php echo htmlentities($_SESSION['username']); ?>!</p>
	
<div class="content">

<?php if (login_check($mysqli) == true) : ?>


	<form action="reg_profiles.php" method="post" class="registration" enctype="multipart/form-data">
    	<legend>Complete seu cadastro</legend>
        <fieldset>    
        <label>Nome</label><br/>
        <input type="text" name="nome" required /><br/>
        <label>Sobrenome</label><br/>
        <input type="text" name="sobrenome" required /><br/>
        <label>Telefone</label><br/>
        <input type="text" name="telefone" required /><br/>
        <label>Celular/Whatsapp</label><br/>
        <input type="text" name="cel_wts" required /><br/>
        <label>Rua</label><br/>
        <input type="text" name="rua" required /><br/>
        <label>Número</label><br/>
        <input type="text" name="numero" required /><br/>
        <label>Bairro</label><br/>
        <input type="text" name="bairro" required /><br/>
        <label>Cidade</label><br/>
        <input type="text" name="cidade" required /><br/>
        <label>Estado</label><br/>
        <input type="text" name="estado" required /><br/>
        <label>País</label><br/>
        <input type="text" name="pais" required /><br/>
        <label>CPF/CNPJ</label><br/>
        <input type="text" name="cpf_cnpj" onkeypress='mascaraMutuario(this,cpfCnpj)' onblur='clearTimeout()' required /><br/>
        <label>Casa de Eventos</label><br/>
        <input type="text" name="casa" required /><br/>
        <label>Cargo Administrativo</label><br/>
        <input type="text" name="cargo" /><br/>
        
        <input type="submit" name="Enviar" value="Enviar" class="registerBtn" />
        
        </fieldset>
    </form>


    </div> <!--end content-->

<?php else : ?>
	<p>
		<span class="error">You don´t have permission to see this page.</span> Please <a href="index.php">login</a>.
	</p>
<?php endif; ?>

<footer class="footer" id="footer">
	<span class="copyright">©Copyright 2015</span>
	<span class="linkHD">
    	<a href="http://www.habitodigital.com" title="Hábito Digital" target="_blank">www.habitodigital.com</a>
    </span>
	
</footer>


</div> <!--end main-->

</body>
</html>

functions.php

<?php
include_once 'psl-config.php';
 
function sec_session_start() {
    $session_name = 'sec_session_id';
    $secure = false;
    // stops JavaScript access.
    $httponly = true;
    // force cookies  
   if (ini_set('session.use_only_cookies', 1) === FALSE) {
        header("Location: ../error.php?err=Could not initiate a safe session (ini_set)");
        exit();
    }

    $cookieParams = session_get_cookie_params();
    session_set_cookie_params($cookieParams["lifetime"],
        $cookieParams["path"], 
        $cookieParams["domain"], 
        $secure,
        $httponly);

    session_name($session_name);
    session_start();            // init session 
    session_regenerate_id();    // recover session 
}

function login($email, $password, $mysqli) {
    if ($stmt = $mysqli->prepare("SELECT id, username, password, salt 
        FROM members
       WHERE email = ?
        LIMIT 1")) {
        $stmt->bind_param('s', $email);  // Relaciona  "$email" ao parâmetro.
        $stmt->execute();    // Executa a tarefa estabelecida.
        $stmt->store_result();
  
        $stmt->bind_result($user_id, $username, $db_password, $salt);
        $stmt->fetch();
 
        $password = hash('sha512', $password . $salt);
        if ($stmt->num_rows == 1) { 
 
            if (checkbrute($user_id, $mysqli) == true) {
                return false;
            } else {
                if ($db_password == $password) {
                    // correct passwrd 
                    $user_browser = $_SERVER['HTTP_USER_AGENT'];
                    
                    $user_id = preg_replace("/[^0-9]+/", "", $user_id);
                    $_SESSION['user_id'] = $user_id;
                     
                    $username = preg_replace("/[^a-zA-Z0-9_\-]+/", 
                                                                "", 
                                                                $username);
                    $_SESSION['username'] = $username;
                    $_SESSION['login_string'] = hash('sha512', 
                              $password . $user_browser);
                    // login success
                    return true;
                } else {
                    // wrong passw
                    $now = time();
                    $mysqli->query("INSERT INTO login_attempts(user_id, time)
                                    VALUES ('$user_id', '$now')");
                    return false;
                }
            }
        } else {
            // user does not exist
            return false;
        }
    }
}

function checkbrute($user_id, $mysqli) {
    $now = time();
  
    $valid_attempts = $now - (2 * 60 * 60);
 
    if ($stmt = $mysqli->prepare("SELECT time 
                             FROM login_attempts <code><pre>
                             WHERE user_id = ? 
                            AND time > '$valid_attempts'")) {
        $stmt->bind_param('i', $user_id);
  
        $stmt->execute();
        $stmt->store_result();
  
        if ($stmt->num_rows > 5) {
            return true;
        } else {
            return false;
        }
    }
}

function login_check($mysqli) { 
    if (isset($_SESSION['user_id'], 
                        $_SESSION['username'], 
                        $_SESSION['login_string'])) {
 
        $user_id = $_SESSION['user_id'];
        $login_string = $_SESSION['login_string'];
        $username = $_SESSION['username'];
 
        
        $user_browser = $_SERVER['HTTP_USER_AGENT'];
 
        if ($stmt = $mysqli->prepare("SELECT password 
                                      FROM members 
                                      WHERE id = ? LIMIT 1")) {
            // Atribui "$user_id" ao parâmetro. 
            $stmt->bind_param('i', $user_id);
            $stmt->execute();   // Execute the prepared query.
            $stmt->store_result();
 
            if ($stmt->num_rows == 1) {                 
		$stmt->bind_result($password);
                $stmt->fetch();
                $login_check = hash('sha512', $password . $user_browser);
 
                if ($login_check == $login_string) {
                    // loggin success
                    return true;
                } else {
                    // loggin failed 
                    return false;
                }
            } else {
                // loggin failed 
                return false;
            }
        } else {
            // loggin failed 
            return false;
        }
    } else {
        // loggin failed 
        return false;
    }
}

function esc_url($url) {
 
    if ('' == $url) {
        return $url;
    }
 
    $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url);
 
    $strip = array('%0d', '%0a', '%0D', '%0A');
    $url = (string) $url;
 
    $count = 1;
    while ($count) {
        $url = str_replace($strip, '', $url, $count);
    }
 
    $url = str_replace(';//', '://', $url);
 
    $url = htmlentities($url);
 
    $url = str_replace('&', '&', $url);
    $url = str_replace("'", ''', $url);
 
    if ($url[0] !== '/') {
        
        return '';
    } else {
        return $url;
    }
}

?>
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.