shan Posted October 12, 2015 Share Posted October 12, 2015 hi, guys im actually trying to figure what is wrong here in my code as it var dumps in google chrome but not in firefox or opera, its quite confusing as php is a server side scripting language but is behaving like a client side script. it outputs fine in chrome but not in firefox as it gives "bool(false)" for the same script. can any one help me on this. the code to dbconfig is here: <?php session_start(); $host="localhost"; $dbName="project"; $dbUname="root"; $dbPass=""; try { $conn=new PDO("mysql: host=$host;dbname=$dbName;charset=utf8", $dbUname, $dbPass); $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch (PDOException $e) { $e->getMessage(); } require_once 'classes.inc.php'; $project= new projecteg($conn); the code to class's method is here: public function viewProtectedArea($uname,$pass) { $active=1; $stmth= $this->_db->prepare("select * from user where uname=:uname and pass=:pass and activated={$active}"); $stmth->bindparam(":uname",$uname); $stmth->bindparam(":pass",$pass); $stmth->execute(); return $stmth->fetch(PDO::FETCH_ASSOC); } and the code to login page is here: include_once 'dbconfig.inc.php'; if (isset($_POST['submit-login'])) { $uname= htmlentities($_POST['unamel']); $unamel= stripslashes($uname); $pass= htmlentities($_POST['passl']); $pass1= stripslashes($pass); $passl= md5($pass1); $user = $project->viewProtectedArea($unamel,$passl); var_dump($user); exit(); if ($user) { $_SESSION['id']=$user['user_id']; $_SESSION['fname']=$user['fname']; $_SESSION['lname']=$user['lname']; $_SESSION['uname']=$user['uname']; $_SESSION['email']=$user['email']; $_SESSION['phone']=$user['phone']; $_SESSION['app']=TRUE; $user_ok=TRUE; header("location: ../home.php?u={$_SESSION['uname']}"); } else { header("location: ../index.php?nosession"); } } please help me out. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/ Share on other sites More sharing options...
mac_gyver Posted October 12, 2015 Share Posted October 12, 2015 (edited) the boolean false value is a symptom of a query that doesn't match any row(s), which is exactly what i stated in your last thread for this problem. if your code behaves differently for different browsers, it's likely that your form is invalid markup and isn't submitting what you think (or the user doesn't exist in your database table.) different browsers handle invalid markup differently, so, some may submit form data for broken markup, while other's don't. what does using var_dump($_POST) show for the submitted form data and what is your form code? Edited October 12, 2015 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523012 Share on other sites More sharing options...
shan Posted October 12, 2015 Author Share Posted October 12, 2015 (edited) @mac gyver here is the html form code: <div class="row"><header class="header-custom visible-phone visible-tablet visible-desktop"> <div class="head-col-left-custom hidden-xs ">LOGO!</div> <div class="head-col-middle-custom"> <form action="includes/login.inc.php" method="post"> <tr><td>Username: <input type="text" required placeholder="Username" class="input-custom input-group-sm input-sm" name="unamel"> </td></tr> <tr><td>Password:<input class="input-custom input-group-sm input-sm" type="password" name="passl" required placeholder="Password"> <input type="submit" name="submit-login" value="login" class="btn btn-warning btn-danger-custom"> | </p> <a href="forgotpass.php">?Forgot Password</a></td></tr> </form> </div> </header> </div> the var_dump for $_post seems to be fine. here is what it outputted in firefox(the user does exist in the DB): array(3) { ["unamel"]=> string(6) "qwerty" ["passl"]=> string(9) "gssh93986" ["submit-login"]=> string(5) "login" } Edited October 12, 2015 by shan Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523016 Share on other sites More sharing options...
mac_gyver Posted October 12, 2015 Share Posted October 12, 2015 does the var_dump($user) show a boolean false at the same time as the var_dump of the $_POST data shows what you posted above? given that your html markup shows classes on everything, i'm guessing you are using some framework/code-generator, which could be responsible for the problem (i.e. double submitting the form, once with and once without values.) if you cannot debug and determine what's going on, it's going to take full disclosure of your code that reproduces the problem, both for the entire form PAGE and the entire form processing code in order to help find what is causing the problem. also, this mess - $uname= htmlentities($_POST['unamel']); $unamel= stripslashes($uname); $pass= htmlentities($_POST['passl']); $pass1= stripslashes($pass); htmlentities() is an OUTPUT function it is used when you send output to the browser. it is not an INPUT function and has nothing to do with values being input to your code. stripslashes() is used when you WAN'T/NEED to strip slashes from the input. neither of these functions should be used in your code responsible for logging in a user. while these two functions are not likely the cause (the different browsers could be sending different character-encoded values for your actual username/password), htmlentities could be altering the value(s) making them different from what was used when registering the username/password information. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523021 Share on other sites More sharing options...
shan Posted October 12, 2015 Author Share Posted October 12, 2015 (edited) yes actually im using bootstrap css and js(with jquery) framework and not any code generators. willthat be of any help Edited October 12, 2015 by shan Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523023 Share on other sites More sharing options...
shan Posted October 12, 2015 Author Share Posted October 12, 2015 (edited) here is the code for index page where there is form: <?php if (@$_GET['id']==017) { echo '<script>alert("User Not Found, Please enter Proper Credentials");</script>'; } ?> <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Sign in or Sign up!</title> <link href="css/bootstrap.min.css" rel="stylesheet" type="text/css"/> <link href="css/custom.css" rel="stylesheet" type="text/css"/> <script src="js/respond.js" type="text/javascript"></script> <script type="text/javascript" src="js/jquery-1.11.3.min.js" type="text/javascript"></script> <script src="js/bootstrap.min.js" type="text/javascript"></script> <script src="js/custom.js" type="text/javascript"></script> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> <div class="row"><header class="header-custom visible-phone visible-tablet visible-desktop"> <div class="head-col-left-custom hidden-xs ">LOGO!</div> <div class="head-col-middle-custom"> <form action="includes/login.inc.php" method="post"> <tr><td>Username: <input type="text" required placeholder="Username" class="input-custom input-group-sm input-sm" name="unamel"> </td></tr> <tr><td>Password:<input class="input-custom input-group-sm input-sm" type="password" name="passl" required placeholder="Password"> <input type="submit" name="submit-login" value="login" class="btn btn-warning btn-danger-custom"> | </p> <a href="forgotpass.php">?Forgot Password</a></td></tr> </form> </div> </header> </div> <br> <div class="row row-md-custom"><div class="col-xs-offset-1"></div><div class="col-xs-6"><div class="jumbotron jumbotron-position thumbnail"><h2>About US</h2><p>Proin faucibus arcu quis ante. Sed consequat, leo eget bibendum sodales, augue velit cursus nunc, quis gravida magna mi a libero. Ut leo. Vivamus euismod mauris.</p></div></div> <div class="col-xs-1"></div><div class="col-xs-5"><h2>Register here!</h2><form action="includes/register.inc.php" method="post"><table> <tr><td><input type="text" name="fnamer" placeholder="Firstname"required="please enter your first name" class="input-custom input-group-lg input-group-sm input-lg input-sm"></td></tr> <tr><td><input type="text" name="lnamer" placeholder="Lastname"required="" class="input-custom input-group-lg input-group-sm input-lg input-sm"></td></tr> <tr><td><input type="text" name="unamer" placeholder="Username" required="" class="input-custom input-group-lg input-group-sm input-lg input-sm uname-val"></td> <td><p class="js-write_u_r"></p></td></tr> <tr><td><input type="password" name="passr" placeholder="Password"required="" id="pass0"class="input-custom input-group-lg input-group-sm input-lg input-sm pass0"></td></tr> <div> </div><tr><td><input type="password" name="pass1r" placeholder="Retype Password" required=""id="pass1" class="input-custom input-group-lg input-group-sm input-lg input-sm pass1" ></td> <td><p class="js-write"></p></td></td></tr> <br><tr><td><input type="email" name="emailr" placeholder="email" required="" class="uname-e-val input-custom input-group-lg input-group-sm input-lg input-sm"></td> <td><p class="js-write_e_r"></p></td></tr> <br><tr><td><input type="text" name="phoner" placeholder="Phone Number" required="" class="input-custom input-group-lg input-group-sm input-lg input-sm phone-val"></td> <td><p class="js-write_p_r"></p></td></tr> <br><tr><td><br><button type="submit" name="submit-register" value="login" class="btn btn-group-lg btn-danger btn-lg">Register</button></td></tr> </table></form></div><br><div> </div> <?php include 'includes/footer.php';?> </body> </html> the login page logic: <?php include_once 'dbconfig.inc.php'; if (isset($_POST['submit-login'])) { $uname= htmlspecialchars($_POST['unamel']); $unamel= stripslashes($_POST['unamel']); $pass= htmlspecialchars($_POST['passl']); $pass1= stripslashes($_POST['passl']); $passl= md5($pass1); $user = $project->viewProtectedArea($unamel,$passl); var_dump($_POST); var_dump($user); exit(); if ($user) { $_SESSION['id']=$user['user_id']; $_SESSION['fname']=$user['fname']; $_SESSION['lname']=$user['lname']; $_SESSION['uname']=$user['uname']; $_SESSION['email']=$user['email']; $_SESSION['phone']=$user['phone']; $_SESSION['app']=TRUE; $user_ok=TRUE; header("location: ../home.php?u={$_SESSION['uname']}"); } else { header("location: ../index.php?nosession"); } } /* if (isset($_SESSION['app'])&&$_SESSION['uname']!="") { echo 'your name is '.$_SESSION['fname']; } else { header("location: ../index.php?usernotfound?id=017"); } */ and the code for register page is as follows: <?php require 'dbconfig.inc.php'; if (isset ($_POST['submit-register'])) { $fname= htmlentities($_POST['fnamer']); $lname= htmlentities($_POST['lnamer']); $uname1= htmlentities($_POST['unamer']); $pass1= htmlentities($_POST['passr']); $pass0= md5($pass1); //include 'randString.php'; $p_hash= $pass0; $email= htmlentities($_POST['emailr']); $phone= htmlentities($_POST['phoner']); $fnamer= stripslashes($fname); $lnamer= stripslashes($lname); $unamer= stripslashes($uname1); $passr= stripslashes($p_hash); $emailr= stripslashes($email); $phoner= stripslashes($phone); $activate=0; $create=$project->createUser($fnamer,$lnamer,$unamer,$passr,$emailr,$phoner,$activate); $user1=$project->viewProtectedArea($unamer,$passr); $uname= "../user/{$unamer}"; if (!file_exists("$uname")) { exec("`mkdir $uname`"); } $sql="insert into useroptions (uname_options, background) values (:uname,'original')"; $stmth=$conn->prepare($sql); $stmth->bindparam(":uname", $unamer); // $stmth->bindparam(":org", 'original'); $stmth->execute(); $e=$emailr; $from="gsshanker10@gmail.com"; $subject="Account Activation"; $message='<!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title>Protected Area.</title> <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" rel="stylesheet" type="text/css"/> <script type="text/javascript" src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> <div class="row"> <header class="header-custom visible-phone visible-tablet visible-desktop" style="background: red; box-shadow: 5px;"> <div class="head-col-left-custom ">LOGO!</div> <div class="head-col-middle-custom pull-right "> <h1>Please Activate youtr account!</h1> </div> </div> </header> </div> <br> <h2>Please Activate your Account!</h2><br> <div> </div> <div>Please Click here to <a href="http://localhost/activation.php?id='.$user1["user_id"].'&e='.$user1["email"].'&u='.$user1["uname"].'&p='.$p_hash.'">activate your Account</a> <br> <p>Or copy and paste the below link to activate </p><br> <p>http://localhost/project/activation.php?e='.$emailr.'&u='.$unamer.'&p='.$p_hash.'</p> </div> </body></html> '; $headers="from:$from \n"; $headers="MIME-version:1.0\n"; $headers="content-type:text/html;charset=is0-8859-1\n"; require '../PHPMailer/class.phpmailer.php'; $mail = new PHPMailer; $mail->isSMTP(); $mail->Host = 'smtp.gmail.com'; $mail->SMTPAuth = true; $mail->Username = 'gsshanker10@gmail.com'; $mail->Password = 'wtfuslydevil@143'; $mail->SMTPSecure = 'tls'; $mail->Port = 587; $mail->From = $from; $mail->FromName = 'Gowri'; $mail->addAddress($e, 'gowri'); $mail->addReplyTo('gsshanker10@gmail.com', 'gowri shanker'); $mail->WordWrap = 50; $mail->isHTML(true); $mail->Subject = $subject; $mail->Body = $message; if(!$mail->send()) { echo 'Message could not be sent troubleshoot.'; echo 'Mailer Error: ' . $mail->ErrorInfo; exit(); } echo 'Message has been sent'; } if (isset($_SESSION)) { header("location: ../home.php?id={$_SESSION["uname"]}"); } else { header("location: ../index.php"); } here is the code for custom.js: var $ =jQuery.noConflict(); $(document).ready(function (){ var spinner="<img src='img/spinner.gif'>"; $(".pass1").focusout(function(){ $(spinner).show(); var p0 = $(".pass0").val(); var p1 = $(this).val(); if(p1===""){ $(".js-write").html('<span class="glyphicon glyphicon-remove" style="color: red;"> Please re-enter your Password.</span>'); $(spinner).hide(); } else if(p0===p1){ $(".js-write").html('<span class="glyphicon glyphicon-ok"style="color: red;"> Passwords Match.</span>'); $(spinner).hide(); return true; } else { $(".js-write").html('<span class="glyphicon glyphicon-remove"style="color: red;"> Passwords Dont Match.</span>'); $(this).focus(); return false; $(spinner).hide(); } }); $(".js-write_e_r").html('<span class="glyphicon glyphicon-arrow-left"style="color: red;">Important Field</span>'); $(".js-write_p_r").html('<span class="glyphicon glyphicon-arrow-left"style="color: red;">Important Field</span>'); $(".js-write_u_r").html('<span class="glyphicon glyphicon-arrow-left"style="color: red;">Important Field</span>'); $(".uname-val").focusout(function(){ var uname_val=$(".uname-val").val(); //displays a loader while it is checking the database if(uname_val=="") { $(".js-write_u_r").html('<span class="glyphicon glyphicon-remove"style="color: red;"> Username is not Available or invalid.</span>'); } //here is where you send the desired data to the PHP file using ajax $.post("includes/uname_val.php", {unamer:uname_val}, function(result) { if(result ==1) { //the uname is available $(".js-write_u_r").html('<span class="glyphicon glyphicon-ok"style="color: red;"> Username Is Available</span>'); } else if(result==0) { //the uname is not available $(".js-write_u_r").html('<span class="glyphicon glyphicon-remove"style="color: red;"> Username is not Available or already taken.</span>'); } }); }); $(".uname-e-val").focusout(function(){ var email_val=$(".uname-e-val").val(); //displays a loader while it is checking the database //here is where you send the desired data to the PHP file using ajax $.post("includes/uname_e_val.php", {emailr:email_val}, function(result) { if(result ==1) { //the uname is available $(".js-write_e_r").html('<span class="glyphicon glyphicon-ok"style="color: red;"> E-mail not in use</span>'); } else if(result==0) { //the uname is not available $(".js-write_e_r").html('<span class="glyphicon glyphicon-remove"style="color: red;"> E-mail is already registered or not entered.</span>'); } }); }); $(".phone-val").focusout(function(){ var phone_val=$(".phone-val").val(); //displays a loader while it is checking the database //here is where you send the desired data to the PHP file using ajax $.post("includes/uname_p_val.php", {phoner:phone_val}, function(result) { if(result ==1) { //the uname is available $(".js-write_p_r").html('<span class="glyphicon glyphicon-ok"style="color: red;"> Phone not in Use </span>'); } else if(result==0) { //the uname is not available $(".js-write_p_r").html('<span class="glyphicon glyphicon-remove"style="color: red;">Phone no is already registered or not entered.</span>'); } }); }); if u need anything else please let me know.@mac_gyver Edited October 12, 2015 by shan Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523025 Share on other sites More sharing options...
shan Posted October 12, 2015 Author Share Posted October 12, 2015 an update, i changed a few code in login.inc.php and found that if i use isset in var_dump on "$user" it outputs bool(true). Since i was not able to understand the abstract available on the net i was wondering what u guys has to say about it. here is the updated code for login php page: echo'<pre>'; var_dump(empty( $user)); print_r(isset($user)); echo'</pre>'; exit(); here is the output: bool(true) 1 Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523092 Share on other sites More sharing options...
lush_rainforest Posted October 12, 2015 Share Posted October 12, 2015 Why not just use password_hash? I don't get why all of these new PHP developers think re-inventing the wheel is a good idea. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523093 Share on other sites More sharing options...
scootstah Posted October 12, 2015 Share Posted October 12, 2015 Why not just use password_hash? I don't get why all of these new PHP developers think re-inventing the wheel is a good idea. Because that wasn't available 12 years ago when the blogs and tutorials were written. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523095 Share on other sites More sharing options...
shan Posted October 12, 2015 Author Share Posted October 12, 2015 @lush_rainforest i know that a md5 is not preferred now, but i'm just trying to learn. So, didn't want to complicate things. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523098 Share on other sites More sharing options...
Solution mac_gyver Posted October 12, 2015 Solution Share Posted October 12, 2015 (edited) re: post #6. there's nothing obvious in the code that would account for the problem/browser difference. if i have time i will investigate the code further. re: post #7. isset() tests if the variable is set or not. the boolean true from the print_r just means that it is set. when it is set, it can have either a false value or it will contain the fetched row from the query, so, adding an isset() around it is meaningless. any chance that in the browser where this works, the browser has been configured to remember passwords and it's actually the browser that's supplying the password and in the browsers where this doesn't work, you are actually typing the password and you are using the wrong one, either because the one that works was originally entered/registered with some fumble-finger accidental extra/wrong characters in it, or you are typing wrong password where it doesn't work? in any case, you need to determine why the query is not matching any rows. here are two things to do - 1) temporarily modify the sql query statement so that it only tries to match the username. if the code then results in a var_dump of the $user variable with the expected row from your database table, that means that the username comparison is working and it's the password that's the problem. 2) echo the md5() hashed password value and see if it is the same as what is stored in the row in the database table. i suspect it is not. i would do this for both the browser where it works and at least one where it doesn't. the echoed hashed value should be the same for all browsers and it should match exactly what is stored in the database table row that corresponds to the username you are testing with. edit: actually, step #1 in the above may not be so temporary. if you switch to using password_hash()/password_verify(), you will need to match the username in the query, retrieve the hashed password and pass the entered password and the retrieved hash through the password_verify() function to see if they match. Edited October 12, 2015 by mac_gyver 1 Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523110 Share on other sites More sharing options...
benanamen Posted October 12, 2015 Share Posted October 12, 2015 If you zip up all your files along with an sql dump of your db and anything else needed to run your code I will look at it. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523113 Share on other sites More sharing options...
valandor Posted October 12, 2015 Share Posted October 12, 2015 For the registration form I would var_dump() $pass1, $pass0, and $passr in all the browsers and check to ensure they are all the same. I would also var_dump $passl for the login page in all the browsers and ensure they are all the same. I'm unsure of what the function $project->createUser() does, but it is possible that it's hashing the password as well which would make it to where the passwords wouldn't match in the database, if of course $project->viewProtectedArea() doesn't do the same. If it's possible to see these two methods I think it'll help as they seem to be the backbone of the registration and login process. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523115 Share on other sites More sharing options...
shan Posted October 13, 2015 Author Share Posted October 13, 2015 thanks @mac_gyver the problem is solved. Quote Link to comment https://forums.phpfreaks.com/topic/298546-php-page-working-in-google-chrome-but-not-on-firefox-in-ubuntu/#findComment-1523139 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.