mmarkym Posted August 15, 2021 Share Posted August 15, 2021 I've recently upgraded my site to secure HTTPS from HTTP. Now my cookies won't work. I've read you have to add the secure attribute, setting it to 1 but not sure how to do this. Anyway my cookies are- setcookie('loggedIn', '$user', time() + 36 * 24); and setcookie('signedup', $username, time() + 36 * 24); I'm then combining them with the global $_SESSION variable to create a login system. if (isset($_COOKIE['signedup'])) { if (!isset($_SESSION['signupUser'])) { $_SESSION['signupUser'] = $_COOKIE['signedup']; } } if (isset($_SESSION['signupUser'])) { and the login page. session_start(); if (isset($_COOKIE['loggedIn'])) { if (!isset($_SESSION['login'])) { $_SESSION['login'] = $_COOKIE['loggedIn']; } } if (isset($_SESSION['login'])) { thanks mark Quote Link to comment Share on other sites More sharing options...
requinix Posted August 15, 2021 Share Posted August 15, 2021 Cookies are easy to troubleshoot: use your browser's developer tools to see exactly what Set-Cookie headers your server is sending back, what the cookie data being stored inside your browser is, and whether there are outgoing Cookie headers to your server. Also, 1. Your loggedIn cookie has the wrong value. I assume that's just a mistake in your post and not true for your real code? 2. 36*24 is 14 minutes. Are you sure you want that? 45 minutes ago, mmarkym said: I've read you have to add the secure attribute, setting it to 1 The Secure attribute only means that the cookie will not be sent over insecure connections. If your whole site is secure then this won't do anything - but it is still a good idea for security, Just In Case™. Quote Link to comment Share on other sites More sharing options...
mmarkym Posted August 16, 2021 Author Share Posted August 16, 2021 (edited) I've found this information and found the signedup cookie is being set. What happens is the signup and login page are blank because that.s where I set the cookies. Anyway have a look at my site and I need to know what I do with the browser information to fix the problem. my signup page is signup.php. The login page is authenticate.php. add php/ at the end of the url to get the correct path to these pages. https://www.theatlanticmint.com mark Edited August 16, 2021 by mmarkym Quote Link to comment Share on other sites More sharing options...
mmarkym Posted August 17, 2021 Author Share Posted August 17, 2021 Hi, I'm using cookies and the $_SESSION global variable to create a login system. If visiting this newly enabled HTTPS site and you try to signup or login the content is somehow getting blocked. The signup and login scripts are attached and could hold the problem but I've found the fact that I required another file, AccountLinks.php(Which is the login form and logout link.) in my header file which is presenting the problem. If I comment out the require("AccountLinks.php"); than content is not blocked. I've attached header, AccountLinks, signup, and checkAuthentification(Login) below. The site is https://www.theatlanticmint.com header.php <!DOCTYPE html 5> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <link href="css/styleGrid.css" rel="stylesheet" /> <link href="../css/styleGrid.css" rel="stylesheet" /> <script src="js/addEventHandler.js"> </script> <script src="js/script.js"> </script> <title>The Atlantic Mint</title> </head> <body> <header> <span id="heading"><a href="index.php" class="homeLink">The Atlantic Mint</a> <span id="siteseal"><script async type="text/javascript" src="https://seal.godaddy.com/getSeal?sealID=VtwWAF1HXegBhXVgpiNqX5tUMNCN55ELFrrGpiELL5T4Y0TtqLTmuAIG7ADT"></script></span> <p id="saying">One TAM Digital Coin Is Equivalent To One Troy Ounce Silver</p> </span> <?php if (isset($_SESSION['login'])) { ?> <div id="splashImage"> <aside id="bear" class="item-one"> <video id="videoDean" controls height="80%" width="100%"> <source src="images/bears1.mp4" type="video/mp4"> Your browser doesn't support the HTML5 video tag. </video> <!--<img id="moneyPhoto" src="images/silverCoins.png" />--> </aside> </div> <?php } require("php/AccountLinks.php"); ?> </header> AccountLinks.php <div id="accountLinks"> <span id="imageCoins"><img id="accountImages" src="../images/coin5.png" /></span> <P>One TAM Silver In Physical Form</P> <?php session_start(); if (isset($_COOKIE['loggedIn'])) { if (!isset($_SESSION['login'])) { $_SESSION['login'] = $_COOKIE['loggedIn']; } } if (isset($_SESSION['login'])) { ?> <div id="accountHyperlinks"> <div id="logoutLink"><a href="php/logout.php" class="accountLink">LOGOUT</a></div> <?php echo "<span id=\"YouRLoggedIn\">You are logged in as:</span> <br />" . "<div id='loginResult'>" . $_SESSION['login'] . "</div>"; } else { ?> <!--<a href="authenticate.php" class="accountLink">LOGIN</a><br />--> <div class="forms"> <form method="post" action="php/checkAuthentification.php" id="loginForm"> <fieldset> <legend>Please log in:</legend> <div class="tblRow"> <label for="username">Username:</label> <input class="frmInput" type="text" name="username" id="username" placeholder="Enter a valid username." required aria-required="true" value="<?php echo isset($_SESSION['signupUser']) ? $_SESSION['signupUser'] : '' ; ?>" /><br /> <!-- <a href="forgotLogin.php" id="usernameRecover" class="smallLinks" name="userRecover">Forgot Username >></a> --> </div> <div class="tblRow"> <label for="password">Password:</label> <input class="frmInput" type="password" name="password" id="password" placeholder="Enter a valid password." required aria-required="true" /><br /> <!-- <a href="forgotLogin.php" id="passwordRecover" class="smallLinks" name="passRecover">Forgot Password >></a> --> </div> <div class="tblRow"> <input type="submit" name="login" id="login" value="Login" /> </div> </fieldset> </form> </div> <a href="php/signup.php" class="accountLink">SIGNUP</a> </div> <?php } ?> </div> signup.php <?php session_start(); require("header.php"); require('credentials.php'); if (isset($_COOKIE['signedup'])) { if (!isset($_SESSION['signupUser'])) { $_SESSION['signupUser'] = $_COOKIE['signedup']; } } if (isset($_SESSION['signupUser'])) { echo "<div id='loginResult'>You are already signed up as: <br />" . $_SESSION['signupUser'] . ". You may now login.</div>"; } ?> <a href="authenticate.php" class="accountLink">LOGIN </a> <?php if (isset($_POST['btnSignup'])) { $conn = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME)or die("error with the connection"); $fname = mysqli_real_escape_string($conn, trim($_POST['fname'])); $lname = mysqli_real_escape_string($conn, trim($_POST['lname'])); $date = mysqli_real_escape_string($conn, trim($_POST['date'])); $street = mysqli_real_escape_string($conn, trim($_POST['street'])); $city = mysqli_real_escape_string($conn, trim($_POST['city'])); $state = mysqli_real_escape_string($conn, trim($_POST['state'])); $zip = mysqli_real_escape_string($conn, trim($_POST['zip'])); $email = mysqli_real_escape_string($conn, trim($_POST['email'])); $phone = mysqli_real_escape_string($conn, trim($_POST['phone'])); $username = mysqli_real_escape_string($conn, trim($_POST['username'])); $password = mysqli_real_escape_string($conn, trim($_POST['password'])); $query = "SELECT * FROM users WHERE email = '$email'"; $dataSet = mysqli_query($conn, $query) or die("Error with the signup email query."); if (mysqli_num_rows($dataSet) === 0) { $row = mysqli_fetch_array($dataSet); $_SESSION['signupUser'] = $username; setcookie('signedup', 'allready', time() + 36 * 24); $str = "INSERT INTO users (fname, lname, date, street, city, state, zip, email, phone, username, password) VALUES ('$fname', '$lname', '$date ', '$street', '$city', '$state', '$zip', '$email', '$phone', '$username', sha1('$password'))"; mysqli_query($conn, $str)or die('error with the signup query'); //gather the data $str2 = "SELECT * FROM users WHERE email = '$email'"; $result = mysqli_query($conn, $str2) or die("Error with the signup email query."); $row2 = mysqli_fetch_array($result); echo "<div id=\"registerResults\">"; echo "<h3>Signup Results</h3>"; echo $row2['fname'] . "<br />"; echo $row2['lname'] . "<br />"; echo $row2['date'] . "<br />"; echo $row2['street'] . "<br />"; echo $row2['city'] . "<br />"; echo $row2['state'] . "<br />"; echo $row2['zip'] . "<br />"; echo $row2['email'] . "<br />"; echo $row2['phone'] . "<br />"; echo $row2['username'] . "<br />"; echo $row2['password'] . "<br />"; echo "<p>This user has successfully signed up and can now <a href=\"authenticate.php\" id=\"smLogin\">log in</a></p>"; $hideForm = true; $home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/index.php'; header('Location: ' . $home_url); echo "</div>"; } else { echo '<p class="else">That email already exists. Please use a different email or log in.</p>'; } } if (!$hideForm) { ?> <section> <article> <div id="frmSignup" class="forms"> <fieldset> <legend>Please Sign Up:</legend> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="frmSignup" id="frmSignup"> <h3 id="contactHeading">Signup Form:</h3> <div class="frmRow"><label for="fname">First Name:</label><input type="text" id="fname" name="fname" value="<?php echo isset($fname) ? $fname : ''; ?>" placeholder="Enter First Name" autofocus></div> <div class="frmRow"><label for="lname">Last Name:</label><input type="text" id="lname" name="lname" value="<?php echo isset($lname) ? $lname : ''; ?>" placeholder="Enter Last Name"></div> <div class="frmRow"><label for="date">Today's Date:</label><input type="datetime" id="date" name="date" value="<?php echo isset($date) ? $date : ''; ?>" placeholder="Enter Today's Date"></div> <div class="frmRow"><label for="street">Street:</label><input type="text" id="street" name="street" value="<?php echo isset($street) ? $street : ''; ?>" placeholder="Enter Street"></div> <div class="frmRow"><label for="city">City/Town:</label><input type="text" id="city" name="city" value="<?php echo isset($city) ? $city : ''; ?>" placeholder="Enter City"></div> <div class="frmRow"><label for="state">State:</label><input type="text" id="state" name="state" value="<?php echo isset($state) ? $state : ''; ?>" placeholder="Enter State" list="states"></div> <datalist id="states"> <select> <option value="AL">Alabama</option> <option value="AK">Alaska</option> <option value="AZ">Arizona</option> <option value="AR">Arkansas</option> <option value="CA">California</option> <option value="CO">Colorado</option> <option value="CT">Connecticut</option> <option value="DE">Delaware</option> <option value="DC">District Of Columbia</option> <option value="FL">Florida</option> <option value="GA">Georgia</option> <option value="HI">Hawaii</option> <option value="ID">Idaho</option> <option value="IL">Illinois</option> <option value="IN">Indiana</option> <option value="IA">Iowa</option> <option value="KS">Kansas</option> <option value="KY">Kentucky</option> <option value="LA">Louisiana</option> <option value="ME">Maine</option> <option value="MD">Maryland</option> <option value="MA">Massachusetts</option> <option value="MI">Michigan</option> <option value="MN">Minnesota</option> <option value="MS">Mississippi</option> <option value="MO">Missouri</option> <option value="MT">Montana</option> <option value="NE">Nebraska</option> <option value="NV">Nevada</option> <option value="NH">New Hampshire</option> <option value="NJ">New Jersey</option> <option value="NM">New Mexico</option> <option value="NY">New York</option> <option value="NC">North Carolina</option> <option value="ND">North Dakota</option> <option value="OH">Ohio</option> <option value="OK">Oklahoma</option> <option value="OR">Oregon</option> <option value="PA">Pennsylvania</option> <option value="RI">Rhode Island</option> <option value="SC">South Carolina</option> <option value="SD">South Dakota</option> <option value="TN">Tennessee</option> <option value="TX">Texas</option> <option value="UT">Utah</option> <option value="VT">Vermont</option> <option value="VA">Virginia</option> <option value="WA">Washington</option> <option value="WV">West Virginia</option> <option value="WI">Wisconsin</option> <option value="WY">Wyoming</option> </select> </datalist> <div class="frmRow"><label for="zip">Zip Code:</label><input type="text" id="zip" name="zip" value="<?php echo isset($zip) ? $zip : ''; ?>" placeholder="Enter Zip Code"></div> <div class="frmRow"><label for="email">Email:</label><input type="email" id="email" name="email" placeholder="Enter a valid Email"></div> <div class="frmRow"><label id="phoneLabel" for="phone">Phone:</label><input type="tel" id="phone" name="phone" aria-required="true" required value="<?php echo isset($phone) ? $phone : ''; ?>" placeholder="Enter Phone Number" /></div> <div class="frmRow"><label for="username">Username:</label><input type="username" id="username" name="username" placeholder="Enter a valid username" value="<?php echo isset($username) ? $username : ''?>"</div> <div class="frmRow"><label for="password">Password:</label><input type="password" id="password" name="password" placeholder="Enter a valid password" value="<?php echo isset($password) ? $password : ''?>"</div> <input type="submit" value="Sign Me Up" id="btnSignup" name="btnSignup"> </form> </fieldset> </div> </article></section> <?php } require('php/footer.php'); ?> and checkAuthentification.php <?php session_start(); require("header.php"); require('credentials.php'); if (isset($_POST['login'])) { $connection = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME)or die('error with the connection');//DBHOST, DBUSER, DBPASS, DBNAME $user = mysqli_real_escape_string($connection, trim($_POST['username'])); $password = mysqli_real_escape_string($connection, trim($_POST['password'])); $query = "SELECT * FROM users WHERE username = '$user' AND password = sha1('$password')"; $result = mysqli_query($connection, $query)or die('error with the login query'); while ($row = mysqli_fetch_array($result)) { if ($user == $row['username'] && $password == $row['password']) { if (mysqli_num_rows($result) !== 0) { setcookie('loggedIn', 'allset', time()+60*60*24*30); $_SESSION['login'] = "<br /><span>". " " . " <div class='resultRows'><span class=\"rowResults\">" . "Username:</span> <span class=\"fields\">" . $row['username'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Full Name:</span> <span class=\"fields\">" . $row['fname'] . " " . $row['lname'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Street:</span> <span class=\"fields\">" . $row['street']. "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "City/Town:</span> <span class=\"fields\">" . $row['city'] . "</span></div>". " <div class='resultRows'><span class=\"rowResults\">" . "State:</span> <span class=\"fields\">" . $row['state'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Zip-Code:</span> <span class=\"fields\">" . $row['zip'] . "</span></div>". " <div class='resultRows'><span class=\"rowResults\">" . "Email:</span> <span class=\"fields\">" . $row['email'] . "</span></div>" . " <div class='resultRows'><span class=\"rowResults\">" . "Phone:</span> <span class=\"fields\">" . $row['phone'] . "</span></div>". " <div class='resultRows'><span class=\"rowResults\">" . "Date:</span> <span class=\"fields\">" . $row['date'] . "</span></div>". "</span>"; echo "<p></p>"; } else { echo "No such record."; } } } } //} if (!isset($_SESSION['login'])) { ?> <section> <article> <div class="forms"> <div id="login"> <h3>Log In:</h3> <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>" id="loginForm"> <fieldset> <legend>Please log in:</legend> <div class="tblRow"> <label for="username">Username:</label> <input class="frmInput" type="text" name="username" id="username" placeholder="Enter a valid username." required aria-required="true" value="<?php echo isset($_SESSION['signupUser']) ? $_SESSION['signupUser'] : '' ; ?>" /> </div> <div class="tblRow"> <label for="password">Password:</label> <input class="frmInput" type="password" name="password" id="password" placeholder="Enter a valid password." required aria-required="true" /> </div> <div class="tblRow"> <input type="submit" name="login" id="login" /> </div> </fieldset> </form> </div><!--end login div--> </div> </article></section> <?php } else { echo "You are now logged in " . $_SESSION['login']; $home_url = 'http://' . $_SERVER['HTTP_HOST'] . '/index.php'; header('Location: ' . $home_url); } ?> Quote Link to comment Share on other sites More sharing options...
requinix Posted August 17, 2021 Share Posted August 17, 2021 1 hour ago, mmarkym said: If visiting this newly enabled HTTPS site and you try to signup or login the content is somehow getting blocked. "Somehow getting blocked" is a hard thing to understand when I can't see it happening for myself. Right now, all I can tell is that if I try to log in with a bad username and password then I get a 500 error. Quote Link to comment Share on other sites More sharing options...
mmarkym Posted August 17, 2021 Author Share Posted August 17, 2021 When I click on signup or login from the homepage, with good or bad info, I get a page with everything in header.php down to the php output. The logo, and heading, and a black background. The php is not outputting the signup form or login results. I think, furthermore, that the require statement at the bottom of header.php, AccountLinks.php, is the culprit somehow because when I comment it everything shows, except for, of course, AccountLinks.php. mark Quote Link to comment Share on other sites More sharing options...
requinix Posted August 17, 2021 Share Posted August 17, 2021 Sure sounds like a possible culprit. Have you looked into that yet? Quote Link to comment Share on other sites More sharing options...
mmarkym Posted August 17, 2021 Author Share Posted August 17, 2021 Well, I know when I require header.php, which contains AccountLinks.php, in the pages, and toggle on and off(comment out) the require in header, the content shows. mark Quote Link to comment Share on other sites More sharing options...
dodgeitorelse3 Posted August 17, 2021 Share Posted August 17, 2021 I think your session_start () is in wrong place in AccountLinks.php Quote Link to comment Share on other sites More sharing options...
mmarkym Posted August 17, 2021 Author Share Posted August 17, 2021 I did a work around and everything works, almost. Instead of requiring the AccountLinks in header.php and requiring that in index.php, I put the AccountLinks.php require directive directly in index. My problem now is the sha1 algorithm. I am trying to encrypt password in signup and checkAuthentification by using SHA1(password). If I take away the sha1 algorithm everything works, otherwise not. mark Quote Link to comment Share on other sites More sharing options...
dodgeitorelse3 Posted August 18, 2021 Share Posted August 18, 2021 post your attempt with SHA1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.