madson_gr Posted March 3, 2015 Share Posted March 3, 2015 Hi, I have a login/register system based on this tutorial: http://pt.wikihow.com/Criar-um-Script-de-Login-Seguro-em-PHP-e-MySQL In my localhost everything works fine. When I uploaded it to godaddy servers, I can register the new user but I cannot login into the users' pages. It looks like password or salt does not match, or after compare login data, it´s telling me the message: You don´t have permission to see this page, please login. Do you have any idea of what might be? Godaddy support told me they cannot help. They just fix their own services. Thanks in advance. Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/ Share on other sites More sharing options...
mac_gyver Posted March 3, 2015 Share Posted March 3, 2015 you are likely having an error with the session_start(). for debugging purposes, add the following two lines of code immediately after the first opening <?php tag in your main files, i.e. the files that are being requested via a url, and see what sort of php errors there may be - ini_set("display_errors", "1"); error_reporting(-1); Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507407 Share on other sites More sharing options...
madson_gr Posted March 4, 2015 Author Share Posted March 4, 2015 you are likely having an error with the session_start(). for debugging purposes, add the following two lines of code immediately after the first opening <?php tag in your main files, i.e. the files that are being requested via a url, and see what sort of php errors there may be - ini_set("display_errors", "1"); error_reporting(-1); I agree... I just get a 500 (internal server) error page...could not see session errors....Any idea of what changes I could write? Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507445 Share on other sites More sharing options...
mac_gyver Posted March 4, 2015 Share Posted March 4, 2015 if you were previously getting the - Você não está autorizado a acessar essa página, favor fazer o login. message from your code, but now you are getting a http 500 error after adding the two error_reporting/display_error lines, that would indicate that you messed up the php source code somehow and it's likely producing a php syntax error. review where and how you added those two lines of code to make sure the php syntax is not broken. Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507485 Share on other sites More sharing options...
madson_gr Posted March 4, 2015 Author Share Posted March 4, 2015 if you were previously getting the - Você não está autorizado a acessar essa página, favor fazer o login. message from your code, but now you are getting a http 500 error after adding the two error_reporting/display_error lines, that would indicate that you messed up the php source code somehow and it's likely producing a php syntax error. review where and how you added those two lines of code to make sure the php syntax is not broken. I did like you said...right after the first <?php ... Tried after connection too and I get the same error... The weird is that I´m not having any problems in my localhost (wamp server). My php version is 5.5 and godaddy´s version is 5.4... Is there any conflict? Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507510 Share on other sites More sharing options...
mac_gyver Posted March 4, 2015 Share Posted March 4, 2015 the most likely causes of the problem with the code is that your file(s) are outputting something to the browser before the session_start() statement (your localhost development system may have a setting turned on that allows the code to work under this condition) or that sessions are not configured correctly on the server. please post the first few lines of your code showing where and how you added the two lines that i suggested. Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507511 Share on other sites More sharing options...
madson_gr Posted March 4, 2015 Author Share Posted March 4, 2015 the most likely causes of the problem with the code is that your file(s) are outputting something to the browser before the session_start() statement (your localhost development system may have a setting turned on that allows the code to work under this condition) or that sessions are not configured correctly on the server. please post the first few lines of your code showing where and how you added the two lines that i suggested. I tried all files below.that make my register system: register.php -> register_success.php (include connection, functions and redirect user to log_register.php) -> log_register.php (same code of login.php but redirect user to complete his profile through process_login_completereg.php ): process_login_completereg.php: <?php ini_set("display_errors", "1"); error_reporting(-1); include_once 'db_connect.php'; include_once 'functions.php'; sec_session_start(); if (isset($_POST['email'], $_POST['p'])) { $email = $_POST['email']; $password = $_POST['p']; // The hashed password. if (login($email, $password, $mysqli) == true) { // Login com sucesso header('Location: ../profile.php'); } else { // Falha de login header('Location: ../index.php?error=1'); } } else { echo 'Invalid Request'; } ?> after this the user is redirected to profile.php to complete his informations. This is the part where I get the message that "You don't have permission....", asking me to login (again). Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507514 Share on other sites More sharing options...
mac_gyver Posted March 4, 2015 Share Posted March 4, 2015 after this the user is redirected to profile.php to complete his informations. This is the part where I get the message that "You don't have permission....", asking me to login (again). and did you add the two error_reporting/display_errors setting lines to the profile.php page? Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507552 Share on other sites More sharing options...
madson_gr Posted March 5, 2015 Author Share Posted March 5, 2015 and did you add the two error_reporting/display_errors setting lines to the profile.php page? yes.. same 500 (internal server) error Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507594 Share on other sites More sharing options...
madson_gr Posted March 5, 2015 Author Share Posted March 5, 2015 when I type a code to return me the username at the top to confirm what user is logged in, I get no user/username this is profile.php <?php include_once 'includes/db_connect.php'; include_once 'includes/functions.php'; sec_session_start(); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <title>Profile</title> <link rel="stylesheet" type="text/css" href="styles/main.css"> <script src="js/valida_cpf_cnpj.js"></script> </head> <body> <div class="main"> <header></header> <p class="div_evento"> Hello, <?php echo htmlentities($_SESSION['username']); ?>!</p> <div class="content"> <?php if (login_check($mysqli) == true) : ?> <form action="reg_profiles.php" method="post" class="registration" enctype="multipart/form-data"> <legend>Complete seu cadastro</legend> <fieldset> <label>Nome</label><br/> <input type="text" name="nome" required /><br/> <label>Sobrenome</label><br/> <input type="text" name="sobrenome" required /><br/> <label>Telefone</label><br/> <input type="text" name="telefone" required /><br/> <label>Celular/Whatsapp</label><br/> <input type="text" name="cel_wts" required /><br/> <label>Rua</label><br/> <input type="text" name="rua" required /><br/> <label>Número</label><br/> <input type="text" name="numero" required /><br/> <label>Bairro</label><br/> <input type="text" name="bairro" required /><br/> <label>Cidade</label><br/> <input type="text" name="cidade" required /><br/> <label>Estado</label><br/> <input type="text" name="estado" required /><br/> <label>País</label><br/> <input type="text" name="pais" required /><br/> <label>CPF/CNPJ</label><br/> <input type="text" name="cpf_cnpj" onkeypress='mascaraMutuario(this,cpfCnpj)' onblur='clearTimeout()' required /><br/> <label>Casa de Eventos</label><br/> <input type="text" name="casa" required /><br/> <label>Cargo Administrativo</label><br/> <input type="text" name="cargo" /><br/> <input type="submit" name="Enviar" value="Enviar" class="registerBtn" /> </fieldset> </form> </div> <!--end content--> <?php else : ?> <p> <span class="error">You don´t have permission to see this page.</span> Please <a href="index.php">login</a>. </p> <?php endif; ?> <footer class="footer" id="footer"> <span class="copyright">©Copyright 2015</span> <span class="linkHD"> <a href="http://www.habitodigital.com" title="Hábito Digital" target="_blank">www.habitodigital.com</a> </span> </footer> </div> <!--end main--> </body> </html> functions.php <?php include_once 'psl-config.php'; function sec_session_start() { $session_name = 'sec_session_id'; $secure = false; // stops JavaScript access. $httponly = true; // force cookies if (ini_set('session.use_only_cookies', 1) === FALSE) { header("Location: ../error.php?err=Could not initiate a safe session (ini_set)"); exit(); } $cookieParams = session_get_cookie_params(); session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly); session_name($session_name); session_start(); // init session session_regenerate_id(); // recover session } function login($email, $password, $mysqli) { if ($stmt = $mysqli->prepare("SELECT id, username, password, salt FROM members WHERE email = ? LIMIT 1")) { $stmt->bind_param('s', $email); // Relaciona "$email" ao parâmetro. $stmt->execute(); // Executa a tarefa estabelecida. $stmt->store_result(); $stmt->bind_result($user_id, $username, $db_password, $salt); $stmt->fetch(); $password = hash('sha512', $password . $salt); if ($stmt->num_rows == 1) { if (checkbrute($user_id, $mysqli) == true) { return false; } else { if ($db_password == $password) { // correct passwrd $user_browser = $_SERVER['HTTP_USER_AGENT']; $user_id = preg_replace("/[^0-9]+/", "", $user_id); $_SESSION['user_id'] = $user_id; $username = preg_replace("/[^a-zA-Z0-9_\-]+/", "", $username); $_SESSION['username'] = $username; $_SESSION['login_string'] = hash('sha512', $password . $user_browser); // login success return true; } else { // wrong passw $now = time(); $mysqli->query("INSERT INTO login_attempts(user_id, time) VALUES ('$user_id', '$now')"); return false; } } } else { // user does not exist return false; } } } function checkbrute($user_id, $mysqli) { $now = time(); $valid_attempts = $now - (2 * 60 * 60); if ($stmt = $mysqli->prepare("SELECT time FROM login_attempts <code><pre> WHERE user_id = ? AND time > '$valid_attempts'")) { $stmt->bind_param('i', $user_id); $stmt->execute(); $stmt->store_result(); if ($stmt->num_rows > 5) { return true; } else { return false; } } } function login_check($mysqli) { if (isset($_SESSION['user_id'], $_SESSION['username'], $_SESSION['login_string'])) { $user_id = $_SESSION['user_id']; $login_string = $_SESSION['login_string']; $username = $_SESSION['username']; $user_browser = $_SERVER['HTTP_USER_AGENT']; if ($stmt = $mysqli->prepare("SELECT password FROM members WHERE id = ? LIMIT 1")) { // Atribui "$user_id" ao parâmetro. $stmt->bind_param('i', $user_id); $stmt->execute(); // Execute the prepared query. $stmt->store_result(); if ($stmt->num_rows == 1) { $stmt->bind_result($password); $stmt->fetch(); $login_check = hash('sha512', $password . $user_browser); if ($login_check == $login_string) { // loggin success return true; } else { // loggin failed return false; } } else { // loggin failed return false; } } else { // loggin failed return false; } } else { // loggin failed return false; } } function esc_url($url) { if ('' == $url) { return $url; } $url = preg_replace('|[^a-z0-9-~+_.?#=!&;,/:%@$\|*\'()\\x80-\\xff]|i', '', $url); $strip = array('%0d', '%0a', '%0D', '%0A'); $url = (string) $url; $count = 1; while ($count) { $url = str_replace($strip, '', $url, $count); } $url = str_replace(';//', '://', $url); $url = htmlentities($url); $url = str_replace('&', '&', $url); $url = str_replace("'", ''', $url); if ($url[0] !== '/') { return ''; } else { return $url; } } ?> Quote Link to comment https://forums.phpfreaks.com/topic/295057-localhost-x-godaddy-servers-error/#findComment-1507674 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.