Jump to content

php page working in google chrome but not on firefox in ubuntu


Go to solution Solved by mac_gyver,

Recommended Posts

hi, guys im actually trying to figure what is wrong here in my code as it var dumps in google chrome but not in firefox or opera, its quite confusing as php is a server side scripting language but is behaving like a client side script. it outputs fine in chrome but not in firefox as it gives "bool(false)" for the same script. can any one help me on this.

the code to dbconfig is here:

<?php
session_start();
$host="localhost";
$dbName="project";
$dbUname="root";
$dbPass="";

try
{
$conn=new PDO("mysql: host=$host;dbname=$dbName;charset=utf8", $dbUname, $dbPass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

}
catch (PDOException $e)
{
    $e->getMessage();
}
require_once 'classes.inc.php';

$project= new projecteg($conn);


the code to class's method is here:

public function viewProtectedArea($uname,$pass)
                {
                   $active=1;
                   $stmth= $this->_db->prepare("select * from user where uname=:uname and pass=:pass and activated={$active}");
                   $stmth->bindparam(":uname",$uname);
                   $stmth->bindparam(":pass",$pass);
                   $stmth->execute();
                  return $stmth->fetch(PDO::FETCH_ASSOC);
               
           }

and the code to login page is here:

include_once 'dbconfig.inc.php';
if (isset($_POST['submit-login'])) {
$uname= htmlentities($_POST['unamel']);
$unamel= stripslashes($uname);
$pass= htmlentities($_POST['passl']);
$pass1= stripslashes($pass);
$passl=  md5($pass1);
$user = $project->viewProtectedArea($unamel,$passl);
                 
var_dump($user);
exit();
    if ($user) {
    
                 $_SESSION['id']=$user['user_id'];
                  $_SESSION['fname']=$user['fname'];
                   $_SESSION['lname']=$user['lname'];
                  $_SESSION['uname']=$user['uname'];
                  $_SESSION['email']=$user['email'];
                  $_SESSION['phone']=$user['phone'];
                  $_SESSION['app']=TRUE;
                  $user_ok=TRUE;
                   header("location: ../home.php?u={$_SESSION['uname']}");

                  
    }  else {
        header("location: ../index.php?nosession");
    }





}   

please help me out.

 

the boolean false value is a symptom of a query that doesn't match any row(s), which is exactly what i stated in your last thread for this problem.

 

if your code behaves differently for different browsers, it's likely that your form is invalid markup and isn't submitting what you think (or the user doesn't exist in your database table.) different browsers handle invalid markup differently, so, some may submit form data for broken markup, while other's don't.

 

what does using var_dump($_POST) show for the submitted form data and what is your form code?

Edited by mac_gyver

@mac gyver

here is the html form code:

 <div class="row"><header class="header-custom visible-phone visible-tablet visible-desktop">
                <div class="head-col-left-custom hidden-xs ">LOGO!</div>
                <div class="head-col-middle-custom">
                    <form action="includes/login.inc.php" method="post">
                        <tr><td>Username: <input type="text" required placeholder="Username" class="input-custom input-group-sm input-sm" name="unamel"> </td></tr>
                        <tr><td>Password:<input class="input-custom input-group-sm  input-sm" type="password" name="passl" required placeholder="Password">  
                                <input type="submit" name="submit-login" value="login" class="btn btn-warning btn-danger-custom"> | </p> <a href="forgotpass.php">?Forgot Password</a></td></tr>
                    </form>
                </div>
            </header>
        </div>

the var_dump for $_post seems to be fine. here is what it outputted in firefox(the user does exist in the DB):

array(3) { ["unamel"]=> string(6) "qwerty" ["passl"]=> string(9) "gssh93986" ["submit-login"]=> string(5) "login" }
Edited by shan

does the var_dump($user) show a boolean false at the same time as the var_dump of the $_POST data shows what you posted above?

 

given that your html markup shows classes on everything, i'm guessing you are using some framework/code-generator, which could be responsible for the problem (i.e. double submitting the form, once with and once without values.) if you cannot debug and determine what's going on, it's going to take full disclosure of your code that reproduces the problem, both for the entire form PAGE and the entire form processing code in order to help find what is causing the problem.

 

also, this mess -

$uname= htmlentities($_POST['unamel']);
$unamel= stripslashes($uname);
$pass= htmlentities($_POST['passl']);
$pass1= stripslashes($pass);

htmlentities() is an OUTPUT function it is used when you send output to the browser. it is not an INPUT function and has nothing to do with values being input to your code. stripslashes() is used when you WAN'T/NEED to strip slashes from the input. neither of these functions should be used in your code responsible for logging in a user.

 

while these two functions are not likely the cause (the different browsers could be sending different character-encoded values for your actual username/password), htmlentities could be altering the value(s) making them different from what was used when registering the username/password information.

here is the code for index page where there is form:

<?php
if (@$_GET['id']==017) {
    echo '<script>alert("User Not Found, Please enter Proper Credentials");</script>';
}
?>

<!DOCTYPE html>

<html>
    <head>
        <meta charset="UTF-8">
        <title>Sign in or Sign up!</title>
        <link href="css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
        <link href="css/custom.css" rel="stylesheet" type="text/css"/>
        <script src="js/respond.js" type="text/javascript"></script>
        <script type="text/javascript" src="js/jquery-1.11.3.min.js" type="text/javascript"></script>
        <script src="js/bootstrap.min.js" type="text/javascript"></script>
        <script src="js/custom.js" type="text/javascript"></script>
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
 
    </head>
    <body>
        <div class="row"><header class="header-custom visible-phone visible-tablet visible-desktop">
                <div class="head-col-left-custom hidden-xs ">LOGO!</div>
                <div class="head-col-middle-custom">
                    <form action="includes/login.inc.php" method="post">
                        <tr><td>Username: <input type="text" required placeholder="Username" class="input-custom input-group-sm input-sm" name="unamel"> </td></tr>
                        <tr><td>Password:<input class="input-custom input-group-sm  input-sm" type="password" name="passl" required placeholder="Password">  
                                <input type="submit" name="submit-login" value="login" class="btn btn-warning btn-danger-custom"> | </p> <a href="forgotpass.php">?Forgot Password</a></td></tr>
                    </form>
                </div>
            </header>
        </div>
        <br>
    
  
<div class="row row-md-custom"><div class="col-xs-offset-1"></div><div class="col-xs-6"><div class="jumbotron jumbotron-position thumbnail"><h2>About US</h2><p>Proin faucibus arcu quis ante. Sed consequat, leo eget bibendum sodales, augue velit cursus nunc, quis gravida magna mi a libero.

Ut leo. Vivamus euismod mauris.</p></div></div>
    <div class="col-xs-1"></div><div class="col-xs-5"><h2>Register here!</h2><form action="includes/register.inc.php"  method="post"><table> 
                                        <tr><td><input type="text" name="fnamer" placeholder="Firstname"required="please enter your first name" class="input-custom input-group-lg input-group-sm input-lg input-sm"></td></tr>
                                        <tr><td><input type="text" name="lnamer" placeholder="Lastname"required="" class="input-custom input-group-lg input-group-sm input-lg input-sm"></td></tr>
                                        <tr><td><input type="text" name="unamer" placeholder="Username" required="" class="input-custom input-group-lg input-group-sm input-lg input-sm uname-val"></td>
                                        <td><p class="js-write_u_r"></p></td></tr>
                                        <tr><td><input type="password" name="passr" placeholder="Password"required="" id="pass0"class="input-custom input-group-lg input-group-sm input-lg input-sm pass0"></td></tr>
                                        <div> </div><tr><td><input type="password" name="pass1r" placeholder="Retype Password" required=""id="pass1" class="input-custom input-group-lg input-group-sm input-lg input-sm pass1" ></td>
                <td><p class="js-write"></p></td></td></tr>
                                        <br><tr><td><input type="email" name="emailr" placeholder="email" required="" class="uname-e-val input-custom input-group-lg input-group-sm input-lg input-sm"></td> <td><p class="js-write_e_r"></p></td></tr>
                                        <br><tr><td><input type="text" name="phoner" placeholder="Phone Number" required="" class="input-custom input-group-lg input-group-sm input-lg input-sm phone-val"></td> <td><p class="js-write_p_r"></p></td></tr>
            <br><tr><td><br><button type="submit" name="submit-register" value="login"  class="btn btn-group-lg btn-danger btn-lg">Register</button></td></tr>
        </table></form></div><br><div> </div>

<?php include 'includes/footer.php';?>
</body>
</html>

the login page logic:

<?php   
include_once 'dbconfig.inc.php';
if (isset($_POST['submit-login'])) {
$uname= htmlspecialchars($_POST['unamel']);
$unamel=  stripslashes($_POST['unamel']);
$pass= htmlspecialchars($_POST['passl']);
$pass1= stripslashes($_POST['passl']);
$passl=  md5($pass1);
$user = $project->viewProtectedArea($unamel,$passl);
var_dump($_POST);                 
var_dump($user);
exit();
    if ($user) {
    
                 $_SESSION['id']=$user['user_id'];
                  $_SESSION['fname']=$user['fname'];
                   $_SESSION['lname']=$user['lname'];
                  $_SESSION['uname']=$user['uname'];
                  $_SESSION['email']=$user['email'];
                  $_SESSION['phone']=$user['phone'];
                  $_SESSION['app']=TRUE;
                  $user_ok=TRUE;
                   header("location: ../home.php?u={$_SESSION['uname']}");

                  
    }  else {
        header("location: ../index.php?nosession");
    }





}    
/*
if (isset($_SESSION['app'])&&$_SESSION['uname']!="") {
    echo 'your name is '.$_SESSION['fname'];                        
                  } else {
                      header("location: ../index.php?usernotfound?id=017");
                  }
  */

and the code for register page is as follows:

<?php

require 'dbconfig.inc.php';
if (isset ($_POST['submit-register'])) {
   $fname= htmlentities($_POST['fnamer']);
   $lname= htmlentities($_POST['lnamer']);
   $uname1= htmlentities($_POST['unamer']);
   $pass1=  htmlentities($_POST['passr']);
   $pass0= md5($pass1);
   //include 'randString.php';
   $p_hash=  $pass0;
   $email=  htmlentities($_POST['emailr']);
   $phone=  htmlentities($_POST['phoner']);
   $fnamer=  stripslashes($fname);
   $lnamer= stripslashes($lname);
   $unamer=  stripslashes($uname1);
   $passr=  stripslashes($p_hash);
   $emailr= stripslashes($email);
   $phoner=  stripslashes($phone);
   $activate=0;
       $create=$project->createUser($fnamer,$lnamer,$unamer,$passr,$emailr,$phoner,$activate);
       $user1=$project->viewProtectedArea($unamer,$passr);
   $uname= "../user/{$unamer}";
                  if (!file_exists("$uname")) {
                      exec("`mkdir $uname`");
                      
                  }
                   $sql="insert into useroptions (uname_options, background) values (:uname,'original')";
                   $stmth=$conn->prepare($sql);
                   $stmth->bindparam(":uname", $unamer);
                  // $stmth->bindparam(":org", 'original');
                   $stmth->execute();
                $e=$emailr;
                $from="gsshanker10@gmail.com";
                $subject="Account Activation";
                $message='<!DOCTYPE html>

<html>
    <head>
        <meta charset="UTF-8">
        <title>Protected Area.</title>
        <link href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/css/bootstrap.min.css" rel="stylesheet" type="text/css"/>
        <script type="text/javascript" src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
    </head>
    <body>
        <div class="row">
            <header class="header-custom visible-phone visible-tablet visible-desktop" style="background: red; box-shadow: 5px;">
                <div class="head-col-left-custom ">LOGO!</div>
                <div class="head-col-middle-custom pull-right ">
<h1>Please Activate youtr account!</h1>   
</div>
                </div>
                          </header>
                      </div>
                      <br>
                <h2>Please Activate your Account!</h2><br>
                <div> </div>
                <div>Please Click here to <a href="http://localhost/activation.php?id='.$user1["user_id"].'&e='.$user1["email"].'&u='.$user1["uname"].'&p='.$p_hash.'">activate your Account</a>
     <br>
     <p>Or copy and paste the below link to activate </p><br>
     <p>http://localhost/project/activation.php?e='.$emailr.'&u='.$unamer.'&p='.$p_hash.'</p>
</div>   
</body></html>

';   
   $headers="from:$from \n";
   $headers="MIME-version:1.0\n";
   $headers="content-type:text/html;charset=is0-8859-1\n";
                
require '../PHPMailer/class.phpmailer.php';
$mail = new PHPMailer;
 
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = 'gsshanker10@gmail.com';
$mail->Password = 'wtfuslydevil@143';
$mail->SMTPSecure = 'tls';
 $mail->Port = 587;
$mail->From = $from;
$mail->FromName = 'Gowri';
$mail->addAddress($e, 'gowri');
 
$mail->addReplyTo('gsshanker10@gmail.com', 'gowri shanker');
 
$mail->WordWrap = 50;
$mail->isHTML(true);
 
$mail->Subject = $subject;
$mail->Body    = $message;
 
if(!$mail->send()) {
   echo 'Message could not be sent troubleshoot.';
   echo 'Mailer Error: ' . $mail->ErrorInfo;
   exit();
}
 
echo 'Message has been sent';

                  
      
}                           
  if (isset($_SESSION)) {
    header("location: ../home.php?id={$_SESSION["uname"]}");
    
    }  else {
    header("location: ../index.php");    
}
    
 
      
         
   

 

here is the code for custom.js:

var $ =jQuery.noConflict();
$(document).ready(function (){
var spinner="<img src='img/spinner.gif'>";   
$(".pass1").focusout(function(){
    $(spinner).show();
  var p0 =  $(".pass0").val();
  var p1 = $(this).val();
  if(p1===""){
        $(".js-write").html('<span class="glyphicon glyphicon-remove" style="color: red;"> Please re-enter your Password.</span>');
   $(spinner).hide();
    }
    else if(p0===p1){
       $(".js-write").html('<span class="glyphicon glyphicon-ok"style="color: red;"> Passwords Match.</span>');
   $(spinner).hide();
        return true;
        
    }
  
  else
  {
    
   $(".js-write").html('<span class="glyphicon glyphicon-remove"style="color: red;"> Passwords Dont Match.</span>');
$(this).focus();
return false; 
 $(spinner).hide();
    }
});

$(".js-write_e_r").html('<span class="glyphicon glyphicon-arrow-left"style="color: red;">Important Field</span>');
$(".js-write_p_r").html('<span class="glyphicon glyphicon-arrow-left"style="color: red;">Important Field</span>');
$(".js-write_u_r").html('<span class="glyphicon glyphicon-arrow-left"style="color: red;">Important Field</span>');              
$(".uname-val").focusout(function(){
    var uname_val=$(".uname-val").val();
    //displays a loader while it is checking the database
        if(uname_val=="") {
                $(".js-write_u_r").html('<span class="glyphicon glyphicon-remove"style="color: red;"> Username is not Available or invalid.</span>');

        }       
                        
//here is where you send the desired data to the PHP file using ajax
        $.post("includes/uname_val.php", {unamer:uname_val},
            function(result) {
                
                if(result ==1) {
                    //the uname is available
                $(".js-write_u_r").html('<span class="glyphicon glyphicon-ok"style="color: red;"> Username Is Available</span>');
              
                }
                else if(result==0) {
                    //the uname is not available
                    $(".js-write_u_r").html('<span class="glyphicon glyphicon-remove"style="color: red;"> Username is not Available or already taken.</span>');
                            }
                
                
                
                
});
});
$(".uname-e-val").focusout(function(){
    var email_val=$(".uname-e-val").val();
    //displays a loader while it is checking the database
        
                        
//here is where you send the desired data to the PHP file using ajax
        $.post("includes/uname_e_val.php", {emailr:email_val},
            function(result) {
                
                if(result ==1) {
                    //the uname is available
                $(".js-write_e_r").html('<span class="glyphicon glyphicon-ok"style="color: red;"> E-mail not in use</span>');
              
                }
                else if(result==0) {
                    //the uname is not available
                    $(".js-write_e_r").html('<span class="glyphicon glyphicon-remove"style="color: red;"> E-mail is already registered or not entered.</span>');
                            }
                
                
                
                
});
});
$(".phone-val").focusout(function(){
    var phone_val=$(".phone-val").val();
    //displays a loader while it is checking the database
        
                        
//here is where you send the desired data to the PHP file using ajax
        $.post("includes/uname_p_val.php", {phoner:phone_val},
            function(result) {
                
                if(result ==1) {
                    //the uname is available
                $(".js-write_p_r").html('<span class="glyphicon glyphicon-ok"style="color: red;"> Phone not in Use </span>');
              
                }
                else if(result==0) {
                    //the uname is not available
                    $(".js-write_p_r").html('<span class="glyphicon glyphicon-remove"style="color: red;">Phone no is already registered or not entered.</span>');
                            }
                
                
                
                
});
});


if u need anything else please let me know.@mac_gyver

Edited by shan

an update, i changed a few code in login.inc.php and found that if i use isset in var_dump on "$user" it outputs bool(true). Since i was not able to understand the abstract available on the net i was wondering what u guys has to say about it.

here is the updated code for login php page:

echo'<pre>';
var_dump(empty( $user));
print_r(isset($user));
echo'</pre>';
exit();

here is the output:

bool(true)
1

Why not just use password_hash? I don't get why all of these new PHP developers think re-inventing the wheel is a good idea.

Because that wasn't available 12 years ago when the blogs and tutorials were written.

  • Solution

re: post #6. there's nothing obvious in the code that would account for the problem/browser difference. if i have time i will investigate the code further.

 

re: post #7. isset() tests if the variable is set or not. the boolean true from the print_r just means that it is set. when it is set, it can have either a false value or it will contain the fetched row from the query, so, adding an isset() around it is meaningless.

 

any chance that in the browser where this works, the browser has been configured to remember passwords and it's actually the browser that's supplying the password and in the browsers where this doesn't work, you are actually typing the password and you are using the wrong one, either because the one that works was originally entered/registered with some fumble-finger accidental extra/wrong characters in it, or you are typing wrong password where it doesn't work?

 

in any case, you need to determine why the query is not matching any rows. here are two things to do -

 

1) temporarily modify the sql query statement so that it only tries to match the username. if the code then results in a var_dump of the $user variable with the expected row from your database table, that means that the username comparison is working and it's the password that's the problem.

 

2) echo the md5() hashed password value and see if it is the same as what is stored in the row in the database table. i suspect it is not. i would do this for both the browser where it works and at least one where it doesn't. the echoed hashed value should be the same for all browsers and it should match exactly what is stored in the database table row that corresponds to the username you are testing with.

 

edit: actually, step #1 in the above may not be so temporary. if you switch to using password_hash()/password_verify(), you will need to match the username in the query, retrieve the hashed password and pass the entered password and the retrieved hash through the password_verify() function to see if they match.

Edited by mac_gyver
  • Like 1

For the registration form I would var_dump() $pass1, $pass0, and $passr in all the browsers and check to ensure they are all the same. 

 

I would also var_dump $passl for the login page in all the browsers and ensure they are all the same. I'm unsure of what the function $project->createUser() does, but it is possible that it's hashing the password as well which would make it to where the passwords wouldn't match in the database, if of course $project->viewProtectedArea() doesn't do the same. 

 

If it's possible to see these two methods I think it'll help as they seem to be the backbone of the registration and login process. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.