Okay, this may sound off-topic, but I want to know if someone have had similar experience and if they found the problem/solution.
Sorry this post has grown more like self try-and-error raportting, cause no one have answered. I have added status updates of problem solving in bottom of question.
For a moment the problem seems to be my database update query.
I'm developing PHP+MySQL website on netbeans 7.3. + XAMPP. Everything was working fine. No suddenly my log-in form (suppose to save some $_SESSION variables and redirect to page) is not working.
Strange thing is that when I debug with Netbeans + Xdebug all goes fine. Session variables are set and page forwarded correctly.
Question: Does someone faced similar problem? Has anyone idea what could be going wrong?
I only can suppose something in system is set differently when I run xdebug. (But the exact(?) same log-in was working fine few days ago).
I have tried lot of things (many many hours but most of them don't come to my mind now). I tried to move the page on remote server and same behavior continues.
(If you want more info ask and I'll edit.)
Hope someone has ideas!
EDIT: I think has something to do with my php-session variables. I realized that while Xdebug the site starts with empty php-session variables, so it does use/get same ones it normally has (?)
The code is creating sessions to database, but it does not get to the next step to set the php-session variables. (Check out the place in index.php marked as /* HERE IS THE PLACE */
Okay. HERE IS STRIPPED CODE (working with netbeans+xdebug, not alone):
index.php:
<?php
//Open PDO connection to MySQL server: $db_con
$db_connection = $_SERVER['DOCUMENT_ROOT'] . '/test-login/db.php';
require $db_connection;
session_start();
//******************************************************************************
//Helping functions
function convert_time_to_utc_date ($UNIX_timestamp) {
return gmdate("Y-m-d H:i:s", $UNIX_timestamp);
}
//******************************************************************************
// Function to authenticate user with username and password. returns FALSE if not authenticated and TRUE if successful authentication
function authenticate_username_password($db_con, $usernm, $passwd)
{
try {
$stmt = $db_con->prepare("SELECT id, hashed_pwd, COUNT(*) AS usercount FROM gui_users WHERE username=? AND not_in_use = 0 AND deleted = 0");
$stmt->execute(array($usernm));
if($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
if($row['usercount'] == 1){
if(crypt($passwd, $row['hashed_pwd']) == $row['hashed_pwd']){
$user_id = $row['id'];
session_regenerate_id(true);
$new_session_id = session_id();
$remote = true;
$datenow = convert_time_to_utc_date(time());
$stmt = $db_con->prepare("INSERT INTO gui_sessions (session_id,user_id,starttime_UTC,lastused_UTC,remote) VALUES (?, ?, ?, ?, ?)");
$stmt->execute(array($new_session_id, $user_id, $datenow, $datenow, $remote));
return $user_id;
}
}
}
return FALSE;
} catch (PDOException $e) {
return FALSE;
}
}
//******************************************************************************
//Function to get user roles
function get_user_roles(PDO $db_con, $user_id)
{
try {
$stmt = $db_con->prepare("SELECT role_id, role_last FROM gui_users WHERE id = ?");
$stmt->execute(array($user_id));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
return array('max_role_id' => $row['role_id'], 'last_role_id' => $row['role_last']);
} catch (PDOException $e) {
return FALSE;
}
}
//******************************************************************************
// Function to handel sessions, log in and log out
function authenticate(PDO $db_con) {
//********************
// If action is LOG IN
if (isset($_POST['action']) and $_POST['action'] == 'login') {
if (!isset($_POST['username']) or $_POST['username'] == '' or !isset($_POST['passwd']) or $_POST['passwd'] == '') {
$GLOBALS['loginError'] = 'Please fill in both fields';
return FALSE;
}
$user_id = authenticate_username_password($db_con, $_POST['username'], $_POST['passwd']);
if ($user_id !== false && $user_id > 0) {
$_SESSION['reloadcounter'] = 1;
$_SESSION['username'] = $_POST['username'];
$_SESSION['user_id'] = $user_id;
$_SESSION['user_def_page'] = 1; //get_user_default_page($db_con, $user_id);
$user_roles = get_user_roles($db_con, $user_id);
$_SESSION['max_role_id'] = $user_roles['max_role_id'];
$_SESSION['sel_role_id'] = $user_roles['last_role_id'];
$goto = isset($_POST['goto']) ? $_POST['goto'] : HTTPS_SERVER;
header('Location: ' . $goto);
exit;
} else {
$GLOBALS['loginError'] = 'Wrong username or password!';
return FALSE;
}
}
//*********************
// If action is LOG OUT
if (isset($_POST['action']) and $_POST['action'] == 'logout') {
$user_ses_id = session_id();
try {
$stmt = $db_con->prepare("DELETE FROM gui_sessions WHERE session_id=?");
$stmt->execute(array($user_ses_id));
} catch (PDOException $e) {
log_error('PDO_CONN', $e->getCode(), $e->getMessage(), TRUE, $db_con);
}
session_regenerate_id(true);
unset($_SESSION['reloadcounter']);
unset($_SESSION['username']);
unset($_SESSION['user_id']);
unset($_SESSION['user_def_page']);
unset($_SESSION['max_role_id']);
unset($_SESSION['sel_role_id']);
$goto = isset($_POST['goto']) ? $_POST['goto'] : HTTPS_SERVER;
header('Location: ' . $goto);
exit;
}
//************************************
// If no action see if user logged in
$user_ses_id = session_id();
$datenow = convert_time_to_utc_date(time());
try {
$stmt = $db_con->prepare("UPDATE gui_sessions SET lastused_UTC=? WHERE session_id=?");
$stmt->execute(array($datenow, $user_ses_id));
if ($stmt->rowCount() == 1) {
return TRUE;
} else {
unset($_SESSION['reloadcounter']);
unset($_SESSION['username']);
unset($_SESSION['user_id']);
unset($_SESSION['user_def_page']);
unset($_SESSION['max_role_id']);
unset($_SESSION['sel_role_id']);
return FALSE;
}
} catch (PDOException $e) {
log_error('PDO_CONN', $e->getCode(), $e->getMessage(), TRUE, $db_con);
if (DEBUG_ON) {
echo 'SESSION UPDATE FAILED<br>';
}
return FALSE;
}
}
//******************************************************************************
//SESSION CONTROL
if (!authenticate($db_con)) {
include 'login.html.php';
exit();
}
include 'page.html.php';
?>
login.html.php:
<html>
<head>
<meta charset="utf-8">
</head>
<body>
<p class="login-error"><?php if(isset($loginError)) { echo $loginError; } else { echo ' '; } ?></p>
<form id="login" action="" method="POST" name="login">
<label for="username">Username:</label><br />
<input name="username" type="text" size="40" value="" tabindex="0" /><br />
<label for="passwd">Password:</label><br />
<input name="passwd" type="password" size="40" value="" tabindex="1" /><br />
<input type="hidden" name="goto" value="https://localhost/test-login/"/>
<input type="hidden" name="action" value="login"/>
<input type="submit" class="button login" value="Login" tabindex="2"/><br />
</form>
<div><?php echo '<pre>' . var_dump($_SESSION) . '</pre>'; ?></div>
</body>
</html>
page.html.php:
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<div>
<h1>Hello world!</h1>
<?php echo '<pre>' . var_dump($_SESSION) . '</pre>'; ?>
</div>
</body>
</html>
EDIT: I have track the error more and it seems that while Xdebuging the $_POST variables are okay, but standalone PHP interpreter is losing them some how.
Strange is also that I create the session to database inside if(isset($_POST['action']) && $_POST['action'] == 'login') and the php does not seem to get in there but it is able to Insert the session in database inside that if clause.
EDIT: Braking this till very peaces helped me to found one big mistake which still should not affect to the ACTUAL problem but made it much more harder to found.
Cause I have forgot to add curly brackets to if-else in the end of authenticate, the function always unset the session variables. In the beginning I thought that the function is not able to set them but it's actually unsetting them after redirection to "$_SERVER['PHP_SELF']". Anyway this should not happen if the UPDATE gui_session statement would work. But it made it much harder to see where is the problem. Here is the correction for index.php:
//************************************
// If no action see if user logged in
$user_ses_id = session_id();
$datenow = convert_time_to_utc_date(time());
try {
$stmt = $db_con->prepare("UPDATE gui_sessions SET lastused_UTC=? WHERE session_id=?");
$stmt->execute(array($datenow, $user_ses_id));
if ($stmt->rowCount() == 1) {
return TRUE;
} else {
unset($_SESSION['reloadcounter']);
unset($_SESSION['username']);
unset($_SESSION['user_id']);
unset($_SESSION['user_def_page']);
unset($_SESSION['max_role_id']);
unset($_SESSION['sel_role_id']);
return FALSE;
}
} catch (PDOException $e) {
log_error('PDO_CONN', $e->getCode(), $e->getMessage(), TRUE, $db_con);
if (DEBUG_ON) {
echo 'SESSION UPDATE FAILED<br>';
}
return FALSE;
}
The problem is that this update fails. But i have no idea why.
$stmt = $db_con->prepare("UPDATE gui_sessions SET lastused_UTC=? WHERE session_id=?");
$stmt->execute(array($datenow, $user_ses_id));
if ($stmt->rowCount() == 1) {
return TRUE;
}
If I try in php myadmin:
UPDATE gui_sessions
SET lastused_UTC='2013-08-04 12:00:00'
WHERE session_id='03dfgpiu1jl8idcjf191hqv4m2'
It affects 0 row, but if i do:
SELECT *
FROM gui_sessions
WHERE session_id='03dfgpiu1jl8idcjf191hqv4m2'
It returns 1 row
Okay. Problem solved. I'll leave the answer here if someone somehow runs to similar problem. I still don't know what the Xdebug did to hide this problem.
The problem was that I was trying to authenticate user by updating the last_used field in database session table. I assumed that if query is able to update that field the session must be valid. So I check if sql update last_user rows affected equals to 1, then users php-session-id is in session table. Problem is that MySQL returns 0 rows affected if the field has already the value that is updated "reference". And in my case that's of course true, cause the session last_update field is just created in log in procedure.
BUT it was very painful to find the problem cause Xdebug was doing something very strange there and after 0 rows affected update query it jumped out of the function without going to the else statement of the if-clause where I check if the number of affected rows equals to 1.
Comment if you have idea why Xdebug was behaving this way.
Related
If anyone would be able to point me in the right direction it would make my day!
I'm trying to create a forum by following this tutorial: "https://code.tutsplus.com/tutorials/how-to-create-a-phpmysql-powered-forum-from-scratch--net-10188".
I've created the pages with some modifications but the problem I'm getting is at the sign-in, first of all when I add the connect.php page to the sign-in page, the code doesn't echo the form, it's blank. Also when I don't use the connect page, the error messages get printed out at the start when I would like them to come after hitting submit.
I have managed to get a connection to my database and get out data with other code, but I can't seem to get this working.
<?php
session_start();
//signin.php
include 'forumHeader.php';
include 'connect.php';
echo '<h3>Sign in</h3>';
if(isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true)
{
echo 'You are already signed in, you can sign out if you want.</br></br>';
echo 'Welcome, ' . $_SESSION['user_name'] . '. Proceed to the forum overview.';
}
else
{
if($_SERVER['REQUEST_METHOD'] != 'POST')
{
/*the form hasn't been posted yet, display it
note that the action="" will cause the form to post to the same page it is on */
echo '<form method="post" action="">
Username: <input type="text" name="user_name" />
Password: <input type="password" name="user_pass"/>
<input type="submit" value="Sign in" />
</form>';
}
/* so, the form has been posted, we'll process the data in three steps:
1. Check the data
2. Let the user refill the wrong fields (if necessary)
3. Varify if the data is correct and return the correct response
*/
$errors = array(); /* declare the array for later use */
if(!isset($_POST['user_name'])) //NOT + FALSE + POST FROM INPUT //ISSET RETURNS FALSE WHEN CHECKING THAT HAS BEEN ASSIGNED TO NULL
{
$errors[] = 'The username field must not be empty.';
}
if(!isset($_POST['user_pass']))
{
$errors[] = 'The password field must not be empty.';
}
if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/ //Detta betyder, om ERRORS INTE är TOM
{
echo 'Uh-oh.. a couple of fields are not filled in correctly..';
echo '<ul>';
foreach($errors as $key => $value) /* walk through the array so all the errors get displayed */
{
echo '<li>' . $value . '</li>'; /* this generates a nice error list */
}
echo '</ul>';
}
else
{
//the form has been posted without errors, so save it
//notice the use of mysql_real_escape_string, keep everything safe!
//also notice the sha1 function which hashes the password
$sql = "SELECT
user_id,
user_name,
user_level
FROM
forum_Users
WHERE
user_name = '" . mysql_real_escape_string($_POST['user_name']) . "'
AND
user_pass = '" . sha1($_POST['user_pass']) . "'";
$result = mysql_query($sql);
if(!$result)
{
//something went wrong, display the error
echo 'Something went wrong while signing in. Please try again later.';
//echo mysql_error(); //debugging purposes, uncomment when needed
}
else
{
//the query was successfully executed, there are 2 possibilities
//1. the query returned data, the user can be signed in
//2. the query returned an empty result set, the credentials were wrong
if(mysql_num_rows($result) == 0)
{
echo 'You have supplied a wrong user/password combination. Please try again.';
}
else
{
//set the $_SESSION['signed_in'] variable to TRUE
$_SESSION['signed_in'] = true;
//we also put the user_id and user_name values in the $_SESSION, so we can use it at various pages
while($row = mysql_fetch_assoc($result))
{
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['user_name'] = $row['user_name'];
$_SESSION['user_level'] = $row['user_level'];
}
echo 'Welcome, ' . $_SESSION['user_name'] . '. Proceed to the forum overview.';
}
}
}
}
include 'forumFooter.php';
?>
This is pretty much the code I use for the sign-in page. The code I have at the connect.php page is:
<?php
//connect.php
$server = 'server';
$username = 'user';
$password = 'pass';
$database = 'database';
if(!mysql_connect($server, $username, $password))
{
exit('Error: could not establish database connection');
}
if(!mysql_select_db($database)
{
exit('Error: could not select the database');
}
?>
Where you are echoing out the form you should be elseing into the form being processed if there is $_POST, atm you are going to it whether there is $_POST or not and trying to process empty $_POSTs will throw errors.
Side note: set your error reporting to all using this method error_reporting(E_ALL), that will let you know whats going wrong in future, it is normally set where you set session_start()
So im using the exact same script as I used to a while back and for some reason when I move to my new domain and hosting it is having really weird issues, I created a user and got hm to try login, It wasnt working for him I got a new hash from a random test.php file with this php:
<?php
/**
* In this case, we want to increase the default cost for BCRYPT to 12.
* Note that we also switched to BCRYPT, which will always be 60 characters.
*/
$options = [
'cost' => 9,
];
echo password_hash("His Pass", PASSWORD_BCRYPT, $options)."\n";
?>
It then worked, He logged in fine and I then tried to login to my main admin account and for some reason its now not working even when I try remaking the hash 2 times now.
I have no idea whats going on can someone please enlighten me.
Heres the login code:
//If User Submits Form continue;
if(isset($_POST['username'])) {
//If the captcha wasn't submitted;
if(empty($_POST['g-recaptcha-response'])) {
//And theres already a try with there IP;
if($trycount != '0') {
//Increment there try count and give a notification;
updateTries(); ?>
<script type="text/javascript">localStorage.setItem("notification", "nocaptcha");</script> <?php
//If there isn't a try on there IP yet;
} else {
//Add one try and give a notification;
addTry(); ?>
<script type="text/javascript">localStorage.setItem("notification", "nocaptcha");</script> <?php
}
//If the captcha was submitted;
} else {
//Set captcha variable to the Submitted Captcha Response;
$captcha=$_POST['g-recaptcha-response'];
//Captcha Verification Url;
$url = 'https://www.google.com/recaptcha/api/siteverify?secret=t&response=';
//JSON Encode the Captcha's response and Site IP;
$response = json_decode(file_get_contents($url.urlencode($captcha).'&remoteip='.$_SERVER['REMOTE_ADDR']), true);
//If the captcha wasn't verified;
if($response['success'] == false) {
//And theres already a try with there IP;
if($trycount != '0') {
//Increment there try count and give a notification;
updateTries(); ?>
<script type="text/javascript">localStorage.setItem("notification", "captchafailed");</script> <?php
//If there isn't a try on there IP yet;
} else {
//Add one try and give a notification;
addTry(); ?>
<script type="text/javascript">localStorage.setItem("notification", "captchafailed");</script> <?php
}
//Otherwise if it was verified;
} else {
//Try log in with the given details;
user_login($_POST['username'],$_POST['password']);
//If logged in redirect and give a notification;
if(loggedin()) { ?>
<script type="text/javascript">localStorage.setItem("notification", "loggedin");</script>
<meta http-equiv="refresh" content="0;URL='https://gameshare.io'" /> <?php
} else {
//And theres already a try with there IP;
if($trycount != '0') {
//Increment there try count and give a notification;
updateTries(); ?>
<script type="text/javascript">localStorage.setItem("notification", "loginfailed");</script> <?php
//If there isn't a try on there IP yet;
} else {
//Add one try and give a notification;
addTry(); ?>
<script type="text/javascript">localStorage.setItem("notification", "loginfailed");</script> <?php
}
}
}
}
}
User_login function:
//Create a new function named user_login;
function user_login($username = false, $password = false) {
//Fetch for the username and password applied;
$st = fetch("SELECT username,password,email,image FROM users WHERE username = :username",array(":username"=>$username));
//If a row was found continue
if($st != 0) {
$storedhash = $st[0]['password'];
if (password_verify($password, $storedhash)) {
//Set a new username session and set it the username;
$_SESSION['username'] = $username;
$_SESSION['email'] = $st[0]['email'];
$_SESSION['image'] = $st[0]['image'];
if($username == 'admin') {
$_SESSION['role'] = 'admin';
} else {
$_SESSION['role'] = 'user';
}
}
}
//If no errors happened Make the $valid true;
return true;
$dontaddtry = true;
}
Fetch function:
//Create a new function named fetch;
function fetch($sql = false,$bind = false,$obj = false) {
//Prepare The SQL Query;
$query = Connect()->prepare($sql);
//Execute Binded Query;
$query->execute($bind);
//While Fetching Results;
while($result = $query->fetch(PDO::FETCH_ASSOC)) {
//Add a row to the results respectiveley;
$row[] = $result;
}
//If there are no rows;
if(!empty($row)) {
//Make it an object;
$row = ($obj)? (object) $row : $row;
} else {
//Else row is false;
$row = false;
}
//If no errors happened Make $row true;
return $row;
}
Connect Function:
//Create a new function named LoggedIn, And apply database info;
function Connect($host = 'localhost',$username = 'x',$password = 'x',$dbname = 'x') {
//Try execute the PHP with no errors;
try {
//Create a PDO Session;
$con = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
//Session Attributes;
$con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$con->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
}
//Catch all PDOException errors;
catch (PDOException $e) {
//If any errors print result;
echo "<code><pre>".print_r($e)."</pre></code>";
//Make the PDO session false;
$con = false;
}
//If no errors happened Make the PDO session true;
return $con;
}
P.S If you wish to get an account to try on my site let me know and ill make a temporary account.
Make sure your the php version of your new hosting. password_hash needs at-least PHP 5.5.0.
You can check your current PHP version via following code.
<?php
echo 'Current PHP version: ' . phpversion();
?>
This question already has an answer here:
Get results from from MySQL using PDO
(1 answer)
Closed 7 years ago.
I'm totally new to PDO so I apologize if I made a simple mistake here. Also if this has been answered before. I searched but couldn't find. My problem is that when I print the sessions it prints out 'Array ( [user_id] => 1 )' but the username and password I entered is for user_id 2. I have tried this with a differant username and password and it still gives an id value of 1. So I echoed out $user_id before the session is created and it is 1. But I can't figure out where it is getting this 1 from? Because there is no id of 1 in the database. Can anyone shed some light on this?
Here is the code from my login file:
<?php
require 'core.inc.php';
if(isset($_POST['username']) && isset($_POST['password'])) {
$username = $_POST['username'];
$password = $_POST['password'];
if (!empty($username) && !empty($password)) {
$stmt = $db->prepare("SELECT password FROM users WHERE username = ?");
$stmt->bindParam(1, $username);
$hash = $stmt->execute();
$password_verified = password_verify($password, $hash);
if ($password_verified = true) {
$stmt_id = $db->prepare("SELECT id FROM users WHERE username = ?");
$stmt_id->bindParam(1, $username);
$user_id = $stmt_id->execute();
echo $user_id;
$id_num_rows = $stmt_id->rowCount();
if ($id_num_rows == 0) {
echo 'You have entered a wrong password';
}else if($id_num_rows == 1){
$_SESSION['user_id'] = $user_id;
print_r($_SESSION);
}
} else {
echo("Please enter a username and password.");
}
}
}
?>
<!DOCTYPE html>
<header>
</header>
<body>
<form action ="<?php echo $current_file;?>" method="post">
<div class='field'>
<label for="username">Username: </label><input type='text'
name='username'/><br>
</div>
<div class='field'>
<label for ="password">Password: </label><input type='password'
name='password'/>
</div>
<div class='field'>
<label for='remember'>
<input type='checkbox' name="remember" id="remember"/> Remember me
</label>
</div>
<input type='submit' value='Log in'/>
</form>
</body>
</html>
<And here is the code from core.inc.php
<?php
session_start();
require 'connect.inc.php';
ob_start();
$current_file = $_SERVER['SCRIPT_NAME'];
#$http_referer = $_SERVER['HTTP_REFERER'];
function loggedin(){
if(isset($_SESSION['user_id']) && !empty($_SESSION['user_id'])) {
return true;
}else{
return false;
}
}
?>
<Core.inc.php uses connect.inc.php which is added below:
<?php
try {
$db = new PDO('mysql:host=localhost;dbname=goal;charset=utf8','root','');
var_dump($db);
echo 'connected';
}
catch(Exception $e){
echo 'Error 1 has occured';
}
?>
$stmt_id->execute();
Returns true on succes, or false on failure, you need to use the result of the query (and not the status of the execution):
$stmt_id->fetchAll()
Also you have an error here, you need to use comparison and not assignment:
if ($password_verified = true)
The line
if ($password_verified = true) {
is very incorrect because you're basically just assigning true to $password_verified. You should just be doing a if($password_verified) though, I am not sure if it will solve your problem.
You are also not parsing the results as you should be using fetchAll() and then going through the results to see if the user exists.
$stmt_id->execute() will return bool, in your case it's true and later converted to int.
See http://php.net/manual/en/pdostatement.execute.php
You need to fetch the data in order to retrieve the user_id.
I have a form that only opens if you're logged in, or at least thats what I'm trying to do, but it opens without having to do it. When I go to the log in page it sends me to the other page like if I was logging in, but it doesn't even show me the login page, heres the code:
this one is for the log in:
<?php
include ("conexion/conexion.php");
include("usuarios.class.php");
$usuario= $_POST['usuario'];
$clave= $_POST['clave'];
$objUsuario = new usuarios;
$srt= $objUsuario->autenticar_usuario($usuario,$clave,1);
$num =mysql_num_rows($srt);
if($usuario=="" || $clave==""){
$mensaje="campos en blanco";
header("location:loginusuario.php?mensaje=$mensaje");
}else
{
$objUsuario = new usuarios;
$srt= $objUsuario->autenticar_usuario($usuario,$clave,1);
$num =mysql_num_rows($srt);
}
if($num <= 0){
$mensaje="Usuario y/o clave Incorrectos";
header("location:loginusuario.php?mensaje=$mensaje");
}else{
$row=mysql_fetch_array($srt);
session_start();
$_SESSION['log'] = 's';
$_SESSION['nombre'] = $row['nombre'];
header("location:contrataciones.php");
}
?>
this is for the security file:
<?php
session_start();
if($_SESSION['log']!= 's'){
$mensaje="Iniciar sesion";
header("location:loginusuario.php?mensaje=$mensaje");
}
?>
and this is the class I'm using
<?php
class usuarios
{
function usuarios() {
}
function autenticar_usuario($usuario,$clave){
$sel="select usuario,clave from usuarios where usuario='".$usuario."' and clave='".$clave."' ";
$srt=mysql_query($sel) or die($sel);
return $srt;
}
?>
please tell me what am I doing wrong I'm a noob in this so I dont really get whats the problem
Why don't you try with
if(isset($_SESSION)){
//statement
//statement
}
or
if(isset($_SESSION['session_var_name'])){
//statement
//statement
}
Issue resolved - see: https://stackoverflow.com/a/14719452/1174295
--
I've come across a problem within (at least) Google Chrome and Safari.
Upon the first attempt at logging in, the user is not redirected. The session is created, but it is almost as if it is not detected, and takes the user back to the index page. Upon a second attempt, the correct redirect is issued and the user is taken to the correct page.
The script works fine in Firefox, and I have checked extensively to see if the correct data is being returned, which it is. I've searched and I've searched and I've searched, but unfortunately nothing of use has cropped up.
Access.php - User logging in
<?php
session_start();
ob_start();
include_once('db.class.php');
include_once('register.class.php');
include_once('login.class.php');
$db = null;
$reg = null;
$log = null;
$db = new Database();
$log = new Login($db, null, null, null, null, null, null);
if (isset($_SESSION['login'])) {
$log->redirectUser($_SESSION['login']);
}
include_once('includes/header.html');
?>
Some HTML...
<?php
if (isset($_POST['logsub'])) {
$db = new Database();
$log = new Login($db, $_POST['email'], $_POST['pass']);
$validation = &$log->validate();
if(empty($validation)) {
$log->redirectUser($_SESSION['login']);
} else {
echo "<div id='error'><div class='box-error'><p style='font-weight: bold'>The following errors occured...</p><ul>";
for ($i = 0; $i < count($validation); $i++) {
echo "<li>" . $log->getErrorMessage($validation[$i]) . "</li>";
}
echo "</ul></div></div>";
}
}
?>
Login.class.php - Login class
// Validate the credentials given
public function validateLogin() {
// Hash the plain text password
$this->hashedPass = $this->hashPassword();
try {
$query = $this->dbcon->prepare("SELECT Login_ID, Login_Email, Login_Password FROM Login WHERE Login_Email = :email AND Login_Password = :pass");
$query->bindParam(':email', $this->email, PDO::PARAM_STR);
$query->bindParam(':pass', $this->hashedPass, PDO::PARAM_STR);
$query->execute();
$fetch = $query->fetch(PDO::FETCH_NUM);
$this->loginid = $fetch[0];
// If a match is found, create a session storing the login_id for the user
if ($query->rowCount() == 1) {
$_SESSION['login'] = $this->loginid;
session_write_close();
} else {
return LOG_ERR_NO_MATCH;
}
} catch (PDOException $e) {
$this->dbcon->rollback();
echo "Error: " . $e->getMessage();
}
}
// Fetch the customer ID
private function getCustId() {
try {
$query = $this->dbcon->prepare("SELECT Customer.Cust_ID FROM Customer JOIN Login ON Customer.Login_ID = Login.Login_ID WHERE Customer.Login_ID = :loginid");
$query->bindParam(':loginid', $this->loginid, PDO::PARAM_INT);
$query->execute();
$fetch = $query->fetch(PDO::FETCH_NUM);
return $fetch[0];
} catch (PDOException $e) {
$this->dbcon->rollback();
echo "Error: " . $e->getMessage();
}
}
// Check the registration progress - are they verified? paid?
// This function is used elsewhere hence the $sessionid argument
public function checkRegistration($sessionid) {
$this->loginid = $sessionid;
$this->custid = $this->getCustId();
try {
$queryVer = $this->dbcon->prepare("SELECT Cust_ID FROM Customer_Verify_Email WHERE Cust_ID = :custid");
$queryVer->bindParam(":custid", $this->custid, PDO::PARAM_INT);
$queryVer->execute();
$queryFee = $this->dbcon->prepare("SELECT Cust_ID FROM Initial_Fee_Payment WHERE Cust_ID = :custid");
$queryFee->bindParam(":custid", $this->custid, PDO::PARAM_INT);
$queryFee->execute();
// If a record exists in the verify table, return the value 1. This means the user has not yet verified their email.
if ($queryVer->rowCount() == 1) {
return 1;
} else {
// If a record does not exist in the payment table, no payment has been made. Return 2.
if ($queryFee->rowCount() == 0) {
return 2;
// Otherwise, email is verified and the payment has been made.
} else {
return 0;
}
}
} catch (PDOException $e) {
$this->dbcon->rollback();
echo "Error: " . $e->getMessage();
}
}
// Redirect the user accordingly
public function redirectUser($sessionid) {
$this->loginid = $sessionid;
$logNum = $this->checkRegistration($this->loginid);
if ($logNum == 0) {
header("Location: fbedder/details.php", true, 200);
exit();
} else if ($logNum == 1) {
header("Location: fbedder/verification.php", true, 200);
exit();
} else if ($logNum == 2) {
header("Location: fbedder/payment.php", true, 200);
exit();
}
}
Here's a link to the site: fbedder/ -> I have set-up a test account with the credentials -> email: test# / password: test123321
To reiterate, the problem exists only in Google Chrome and Safari (the Safari being on my iPhone) and lies purely within the logging in aspect. On the first attempt, the session will be ignored (it is created), and on the second attempt, the user will be redirected.
Any ideas? I've tried a multitude of possibilities...
-- Edit --
I know where the issue lies now.
When the redirect is called, it sends the user to the details.php page. However, this page contains the following snippet of code:
if (!isset($_SESSION['login'])) {
header("Location: fbedder/index.php");
}
Obviously what is happening, is that the session is not being detected / saved / "whatevered", and as a result is sending the user back to the index page. Is there are a way to ensure the $_SESSION is not effectively lost. I had read about this before posting here, and is why I inserted session_write_close(), but that doesn't seem to be doing the desired effect.
After diagnosing the problem being within the fact the $_SESSION variable was effectively being lost, I read up about the session_write_close() function and came across this comment:
My sessions were screwing up because I had 2 different session IDs going at once:
1 PHPSESSID cookie for domain.com
1 PHPSESSID cookie for www.domain.com
This fixed it:
//At the beginning of each page...
session_set_cookie_params (1800,"/","domain.com");
session_start();
Source: http://pt2.php.net/manual/en/function.session-write-close.php#84925
Setting the parameters resolved the issue.