On my offline dev server, I have the following code:
<?php //submit_build.php
include_once 'header.php';
require_once 'login_users.php';
include_once 'functions.php';
if(empty($_SESSION['username']))
die ("You must be logged in to use this page");
$choice = $_GET['choice'];
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
mysql_select_db($db_database)
or die("Unable to select database: " . mysql_error());
if (isset($_POST['buildname']) &&
isset($_POST['weapon']) &&
isset($_POST['mod1']) &&
isset($_POST['description']) &&
isset($_POST['category']) &&
isset($_POST['hidden']) &&
isset($_POST['password']))
{
$buildname = clean(sanitizeString($_POST['buildname']));
$buildurl = urlencode($buildname);
$section = $choice;
$weapon = sanitizeString($_POST['weapon']);
$modcap = sanitizeString($_POST['modcap']);
$mod1 = sanitizeString($_POST['mod1']);
$mod2 = sanitizeString($_POST['mod2']);
$mod3 = sanitizeString($_POST['mod3']);
$mod4 = sanitizeString($_POST['mod4']);
$mod5 = sanitizeString($_POST['mod5']);
$mod6 = sanitizeString($_POST['mod6']);
$mod7 = sanitizeString($_POST['mod7']);
$mod8 = sanitizeString($_POST['mod8']);
$polarity1 = sanitizeString($_POST['polarity1']);
$polarity2 = sanitizeString($_POST['polarity2']);
$polarity3 = sanitizeString($_POST['polarity3']);
$polarity4 = sanitizeString($_POST['polarity4']);
$polarity5 = sanitizeString($_POST['polarity5']);
$polarity6 = sanitizeString($_POST['polarity6']);
$polarity7 = sanitizeString($_POST['polarity7']);
$polarity8 = sanitizeString($_POST['polarity8']);
$description = sanitizeString($_POST['description']);
$category = sanitizeString($_POST['category']);
$hidden = sanitizeString($_POST['hidden']);
$pw_check = sanitizeString($_POST['password']);
$pw_check = md5($pw_check);
if ($pw_check == ($_SESSION['password']))
{
$add_build = "INSERT INTO weapons VALUES(NULL,'$username', '$buildname', '$section', '$weapon', '$modcap', '$mod1', '$mod2', '$mod3', '$mod4', '$mod5', '$mod6', '$mod7', '$mod8', '$polarity1', '$polarity2', '$polarity3', '$polarity4', '$polarity5', '$polarity6', '$polarity7', '$polarity8', '$category', '$hidden', '$description', NULL, '{$_SESSION['ipaddress']}', '$buildurl')";
mysql_query($add_build);
header("Location: account.php");
}
else{
die("Incorrect password.");
}
}
Followed by some more PHP, and HTML later on in the document.
NOTE The file header.php contains HTML.
My code works perfectly offline. I can click submit, and I will be redirected to account.php.
However as soon as I upload the files to my remote server, the code still works perfectly but the redirect does not. Instead of redirecting, it just brings me back to the same page. The data that was entered DOES however get submitted to MySQL, so it's just the redirect that isnt working.
Can someone tell me how I would get this
header(Location: account.php);
to work? Where should I place it? Or where should I move
include_once 'header.php';
to make it work?
Thanks so much!
EDIT:
Here is my authenticate.php file.. up to where the html begins. Maybe you can see an issue here.
<?php // authenticate.php
include_once 'functions.php';
require_once 'login_users.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to database:" . mysql_error());
mysql_select_db($db_database)
or die("Unable to find database:" . mysql_error());
if (!empty($_POST['username']) &&
(!empty($_POST['pw_temp'])))
{
$username = sanitizeString($_POST['username']);
$pw_temp = sanitizeString($_POST['pw_temp']);
$pw_temp = md5($pw_temp);
$query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
if (mysql_num_rows(mysql_query($query)) == 0)
{
die("Wrong info");
}
else
{
session_start();
$_SESSION['username'] = $username;
$_SESSION['password'] = $pw_temp;
$_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
header('Location: index.php');
exit;
}
}else{
include_once 'header.php';
echo <<<_END
<html xmlns="http://www.w3.org/1999/xhtml">
Its a good idea to exit; after a header() as otherwise your code will continue in the current script. Which probably means it will send itself again. So you may well be running account.php but this page is then being sent and overwriting account.php making it look like account.php is not being run.
Related
i have used this code for years and never experienced this, using a new hosting service prior to the ones i have always used and am getting this issue.
session_start();
$rec_page = $_SERVER['REQUEST_URI'];
$cPage = $_SERVER['PHP_SELF'];
if(!isset($_SESSION['isadmin'])){
header('location: login.php?l=i');
}
include('includes/constants.php');
include('includes/functions.php');
$admin_login = $_SESSION['login'];
$admin_psw = GetAdminInfo($admin_login,'1');
if(isset($_REQUEST['cmd'])){
if($_REQUEST['cmd']=="logout"){
session_destroy();
header('location: login.php');
}
}
this is the section of the code with the issues, once i login i get redirected to the login.php if i delete this
`if(!isset($_SESSION['isadmin'])){
header('location: login.php?l=i');
}`
i can login successfully but if i click on another page i will have to login again, so im guessing its a Session problem.
here is the action php for the login.php
<?php
include('../includes/constants.php');
include('../includes/functions.php');
if(isset($_POST['xin'])){
$ikey = addslashes($_POST['textKey']);
$nkey = addslashes($_POST['textname']);
$mysqli = mysqli_connect($dbserver,$dbuser,$dbpass) or die('Cannot connect to db');
mysqli_select_db($mysqli, $db_db) or die('Cannot select db');
$result=mysqli_query($mysqli, "SELECT * FROM admins WHERE login = '".$ikey."' && adminname = '".$nkey."'");
$cnt = mysqli_num_rows($result);
if($cnt > 0){
while($rw=mysqli_fetch_array($result)){
session_start();
$_SESSION['isadmin']=true;
$_SESSION['login'] = $ikey;
$_SESSION['adminname'] = $nkey;
header('location: ../index.php?cm='.$_SESSION['isadmin']);
}
}else{
header('location: ../login.php?err=1'.mysqli_error($mysqli));
}
mysqli_close($mysqli);
}
?>
use javascript instead of header. No long story
echo "<script>parent.self.location='index.php';</script>";
I have created a website lately with a group of students, but were having some troubles.
We created the website in php 5.4 on a localhost and it worked perfectly.
But now we wanted to get the site online and the webhosting is using a different version of php(5.6).
So now the session does not start.
It redirects us to the homepage, but we are not logged in.
We were thinking that it was because of the version of php, since it did work at first.
<?php
include_once 'connect.php';
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['gebruiker'];
// SQL Query To Fetch Complete Information Of User
$ses_sql="select email_adres from gebruiker where email_adres='".$user_check".'";
$row = mysqli_fetch_assoc($ses_sql);
$login_session =$row['username'];
if(!isset($login_session)){
header('Location: login.php'); // Redirecting To Home Page
}
else{
header('Location: acountgegevens.php');
}
?>
<?php
include_once 'connect.php';
function logincheck(){
if(isset($_POST['submit'])){
$error = 0;
// declare variables
$email = null;
$password = null;
// check if email address has been set
if (isset($_POST['email_adres']) &&
!empty($_POST['email_adres'])) {
$email = addslashes($_POST['email_adres']);
}
// check if password has been set
if (isset($_POST['password']) && !empty($_POST['password'])) {
$password = md5($_POST['password']);
}
if ($email == null || $password == null) {
$error = 1;
}
// query database for user credentials
$db = new PDO('**');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$statement = $db->prepare("SELECT *
FROM gebruiker
WHERE email_adres = :email
AND wachtwoord = :password
LIMIT 1");
$statement->execute(array(':email' => $email, ':password' => $password));
$result = $statement->fetch(PDO::FETCH_OBJ);
if (!$result) {
$error = 1;
} else {
session_start();
$_SESSION['gebruiker'] = $email;
var_dump($_SESSION);
?>
<script>location.href='index.php'</script>
<?php
}
return $error;
}
}
?>
These two files are included, but we cant figure it out.
Could someone help?
I would hazzard a guess that your connect.php has not been changed to match the hosting companies host/user/password and therefore is outputting an error message.
This of course means that session_start() , which was placed after the connect.php and therefore after your script has attempted to send something to the browser, will not work.
You are only seeing the result of the failed session_start() but I would check the connect.php is configured correctly for its new hosting location
So I have index.php has my default page. It works fine on xampp. So I uploaded my whole site to 1&1 (my domain/hosting provider) and when I try to go to my domain I get an empty alert with no message and a completely blank page.
I changed the name of the file to index.html and the webpage loaded just fine. So I know it must be something with the .php extention or my code up top.
I also added a file called .htaccess and it contains only:
DirectoryIndex index.php
Here is my php code at the top of index.php (replaced sensitive infow with *s):
<?php
//Connect to a database
$host_name = "******.db.1and1.com";
$database = "db****";
$user_name = "dbo******";
$password = "***z.0**";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// echo("nice job");
//Take the values from the html form and assign them to variables
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//If no passsowrd entered then go straight to index.php
echo "<script type='text/javascript'>alert($userpassword);</script>";
if ($userpassword == null) {
header("Location: http://localhost:82/index3.php");
die();
}
//Check to see if the password matches the hashes
if (md5($userpassword) === '******************'
or md5($userpassword) === '***********'
or md5($userpassword) === '****************'
or md5($userpassword) === '**************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
// echo "You have entered the correct password, congrats.";
// Start the session so they can access other pages
session_start();
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://localhost:82/home.php");
die();
}
else {
header("Refresh: 0; url=index2.php");
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
}
?>
Since $_POST request comes only after submitting form in your case, you need to only execute the username and password checks if $_POST["name"] and $_POST["password"] exists.
So give an if statement if(isset($_POST['name']) && isset($_POST['password'])) before using and manipulating $_POST variables. Alson session_start() should be given at top of your script.
Below is your complete code including the check
<?php
session_start();
// session start should be at top of your script
error_reporting(E_ERROR); // reports only errors
//Connect to a database
$host_name = "******.db.1and1.com";
$database = "db****";
$user_name = "dbo******";
$password = "***z.0**";
$connect = mysqli_connect($host_name, $user_name, $password, $database);
// $_POST request comes only when form is submitted in your case. So check for $_POST['name'] and $_POST['password']
if(isset($_POST['name']) && isset($_POST['password']))
{
$ID = $_POST['name'];
$userpassword = $_POST['password'];
//If no passsowrd entered then go straight to index.php
if ($userpassword == null)
{
echo "<script type='text/javascript'>alert("Empty Password");</script>";
header("Location: http://localhost:82/index3.php");
die();
}
//Check to see if the password matches the hashes
if (md5($userpassword) === '******************'
or md5($userpassword) === '***********'
or md5($userpassword) === '****************'
or md5($userpassword) === '**************')
{
//Add the visitor name to our list
mysqli_query($connect, "INSERT INTO `WebsiteVisitors` (`Name`) VALUES ('$ID')") or die("Error in INSERT: ".mysqli_error($connect));
$_SESSION['loggedIn'] = true;
// Redirect them to rest of site
header("Location: http://localhost:82/home.php");
die();
}
else
{
echo "<script type='text/javascript'>alert(\"Wrong Password. Check your invitation card.\");</script>";
header("Refresh: 0; url=index2.php");
}
}
?>
I'm having trouble trying to make work a php. Here's the code:
<?php
$host = "localhost";
$user = "ff";
$pass = "ff";
$db = "ff";
$login = mysqli_connect ($host,$user,$pass,$db);
if (!$login) die ("Connection Error to Database <br/>". mysqli_error());
$username = $_POST["username"];
$password = $_POST["password"];
$result = mysqli_query($login, "SELECT * FROM users WHERE username = '$username'");
if($row = mysqli_fetch_array($result))
{
if($row["password"] == $password)
{
session_start();
$_SESSION['username'] = $username;
header("Location: ../index.php");
}
else
{
?>
<script>
alert("Wrong password");
location.href = "../login.html";
</script>
<?
}
}
else
{
?>
<script>
alert("Wrong username");
location.href = "../login.html";
</script>
<?
}
mysqli_free_result($result);
mysqli_close();
?>
Using localhost there isn't any error, but uploading to my server appears something like:
"The website detected an error in http://****/php/validate.php http://****/php/validate.php. blablabla"
The php try to connect to a double URL (sorry for my bad english).
What am I doing wrong?
It's highly likely that on your production server it doesn't allow you to use shorttags (<?) like you are using in the areas where you're outputting Javascript. Your local server probably allows these so you wouldn't have noticed.
You should probably use a header redirect here too with a message attached or in the session, and output that message on another page, but that's another issue.
Change <? to <?php to make sure.
on my website, at the top of every php page, I have an
include_once 'header.php';
This file contains HTML.
In my file, 'authenticate.php', I want to have a redirect after logging in back to the index.
My code is the following:
header('Location: http://www.URLHERE.com/index.php');
However after submitting, the page just refreshes. It doesn't redirect. The redirect worked properly on my localhost dev server, but as soon as I uploaded it online, it stopped working.
Is this because my header contains HTML, which is called before the header() function? Note that all HTML in the 'header.php' file is in HEREDOC tags.
Here is my code:
<?php // login.php
include_once 'header.php';
include_once 'functions.php';
require_once 'login_users.php';
$db_server = mysql_connect($db_hostname, $db_username, $db_password);
if (!$db_server) die("Unable to connect to database:" . mysql_error());
mysql_select_db($db_database)
or die("Unable to find database:" . mysql_error());
if (isset($_POST['username']) &&
isset($_POST['pw_temp']))
{
$username = sanitizeString($_POST['username']);
$pw_temp = sanitizeString($_POST['pw_temp']);
$pw_temp = md5($pw_temp);
$query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
if (mysql_num_rows(mysql_query($query)) == 0)
{
die("Wrong info");
}
else
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $pw_temp;
$_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
header('Location: http://www.URLHERE.com/index.php');
}
}
...more code down here
on my website, at the top of every php page, I have an include_once 'header.php';
This is what you are doing wrong.
What it have to be
<?php // login.php
include_once 'functions.php';
require_once 'login_users.php';
// some code
include 'output.php'; // ONLY HERE output starts.
Here you can see a concise but complete example with some explanations and reasoning. But the main reason for getting rid of your header.php and start using templates is the very question you asked.
You can do the include in else, remove the include_once 'header.php'; from the top file lines an do it like this:
if (isset($_POST['username']) &&
isset($_POST['pw_temp']))
{
$username = sanitizeString($_POST['username']);
$pw_temp = sanitizeString($_POST['pw_temp']);
$pw_temp = md5($pw_temp);
$query = "SELECT username,password FROM users WHERE username='$username' AND password='$pw_temp'";
if (mysql_num_rows(mysql_query($query)) == 0)
{
die("Wrong info");
}
else
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $pw_temp;
$_SESSION['ipaddress'] = $_SERVER['REMOTE_ADDR'];
header('Location: http://www.URLHERE.com/index.php');
}
}
else
{
include_once 'header.php';
//..... now your code!!!!!
}
Maybe it's because of code that you're executing after setting header? Add die after that line (header is not stopping execution!).