I'm hoping someone can help with an issue which, intuitively, should be simple, but the answer eludes me. For some reason, when my user logs out, he has to click log out twice to make it work. I've read this:
Any idea why I have to click the logout button twice to logout?
But it doesn't seem to be working. Here is my logout button code. Any thoughts? Thank you!
<div id="loginStatusWrap">
<div id="loginStatus">
<?php
include('includes/APILogin.php');
if ( isset( $_POST['logout_btn'] ) )
{
unset($_COOKIE['kp_emailID']);
unset($_COOKIE['kp_pass']);
session_destroy();
}
// Check for login cookie - skip if session is available
if ( isset($_COOKIE['kp_emailID']) && isset($_COOKIE['kp_pass']) && !isset($_SESSION['kp_accountID']) )
{
$username = $_COOKIE['kp_emailID'];
$pass = $_COOKIE['kp_pass'];
$get_account_parameters = array(
'session' => $session_id,
'module_name' => 'kd_kp',
'query' => "kd_kp_cstm.username_c = '" . $_COOKIE['kp_emailID'] . "'",
'order_by' => "",
'offset' => '0',
'select_fields' => array(
//'username_c',
//'password_c',
//'id',
//'name',
),
'link_name_to_fields_array' => array( ),
'max_results' => '1',
'deleted' => '0',
'Favorites' => false,
);
$get_account_result = call('get_entry_list', $get_account_parameters, $url);
//echo '<pre>'; print_r($get_account_result); echo '</pre>';
if ( $_COOKIE['kp_pass'] != $get_account_result->entry_list[0]->name_value_list->password_c->value )
{
// not logged in
session_unset();
session_destroy();
?>
<div id="loginForm">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" placeholder="EMAIL" value="<?=$_COOKIE['kp_emailID']?>" name="signIn_email" id="signIn_email"/>
<input type="password" placeholder="PASSWORD" id="signIn_pwd" name="signIn_pwd" />
<input type="submit" value="SIGN IN" name="login_btn" id="login_btn" />
<!--input type="submit" value="SIGN UP" name="signup_btn" id="signup_btn" /-->
</form>
</div><!-- //logInForm -->
<?php
} else {
// is logged in
$_SESSION['kp_accountID'] = $get_account_result->entry_list[0]->name_value_list->id->value;
$_SESSION['kp_name'] = $get_account_result->entry_list[0]->name_value_list->name->value;
// set cookies
$hour = time() + 3600;
setcookie("kp_emailID", $get_account_result->entry_list[0]->name_value_list->email1->value, $hour, "/", "kp.com");
setcookie("kp_pass", $get_account_result->entry_list[0]->name_value_list->password_c->value, $hour, "/", "kp.com");
?>
<div id="loginForm">
<h1>WELCOME, <?=$get_account_result->entry_list[0]->name_value_list->name->value?>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="submit" value="LOG OUT" name="logout_btn" id="logout_btn" />
</form>
</div>
<?php
}
}
//if the login form is submitted
if ( isset( $_POST['login_btn'] ) )
{
// checks it against the database
if ( !get_magic_quotes_gpc() )
{
$_POST['signIn_email'] = addslashes($_POST['signIn_email']);
}
$get_account_parameters = array(
'session' => $session_id,
'module_name' => 'kd_kp',
'query' => "kd_kp_cstm.username_c = '".$_POST['signIn_email']."'",
'order_by' => "",
'offset' => '0',
'select_fields' => array(
//'username_c',
//'password_c',
//'id',
//'name',
),
'link_name_to_fields_array' => array( ),
'max_results' => '1',
'deleted' => '0',
'Favorites' => false,
);
$get_account_result = call('get_entry_list', $get_account_parameters, $url);
//Gives error if user dosen't exist
if ( $get_account_result->result_count == 0 )
{
?>
<div id="loginForm">
<a href='/sign-up.php'>Click Here to Register</a>
</div>
<?php
}
$_POST['pass'] = md5( stripslashes($_POST['signIn_pwd']) );
//gives error if the password is wrong
if ( $_POST['pass'] != stripslashes($get_account_result->entry_list[0]->name_value_list->password_c->value) )
{
//if ( !isset($get_account_result->entry_list[0]->name_value_list->password_c->value) )
{
?>
<div id="loginForm">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" placeholder="EMAIL: TRY AGAIN" name="signIn_email" id="signIn_email"/>
<input type="password" placeholder="PASSWORD" id="signIn_pwd" name="signIn_pwd" />
<input type="submit" value="SIGN IN" name="login_btn" id="login_btn" />
<!--input type="submit" value="SIGN UP" name="signup_btn" id="signup_btn" /-->
</form>
</div><!-- //logInForm -->
<?php
}
//echo '<pre>'; print_r($_POST); echo '</pre>';
} else {
// if login is ok then we update session vars
$_SESSION['kp_emailID'] = stripslashes($_POST['signIn_email']);
//$_SESSION['kp_pass'] = $_POST['pass'];
$_SESSION['kp_accountID'] = $get_account_result->entry_list[0]->name_value_list->id->value;
$_SESSION['kp_name'] = $get_account_result->entry_list[0]->name_value_list->name->value;
?>
<div id="loginForm">
<h1>WELCOME, <?=$get_account_result->entry_list[0]->name_value_list->name->value?></h1>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="submit" value="LOG OUT" name="logout_btn" id="logout_btn" />
</form>
</div><!-- //logInForm -->
<?php
}
} else {
// check for active session
if ( isset($_SESSION['kp_accountID']) )
{
?>
<div id="loginForm">
<h1>WELCOME, <?=$_SESSION['kp_name']?></h1>
<form action="<?=$_SERVER['PHP_SELF']?>" method="post">
<input type="submit" value="LOG OUT" name="logout_btn" id="logout_btn" />
</form>
</div>
<?php
} else {
// if they are not logged in
?>
<div id="loginForm">
<form action="<?php echo $_SERVER['PHP_SELF']?>" method="post">
<input type="text" placeholder="EMAIL" name="signIn_email" id="signIn_email"/>
<input type="password" placeholder="PASSWORD" id="signIn_pwd" name="signIn_pwd" />
<input type="submit" value="SIGN IN" name="login_btn" id="login_btn" />
<!--input type="submit" value="SIGN UP" name="signup_btn" id="signup_btn" /-->
</form>
</div><!-- //logInForm -->
<?php
}
}
//echo '<div style="float:left;"><pre>'; print_r($_POST); echo '</pre></div>';
//echo '<div style="float:left;"><pre>'; print_r($_SESSION); echo '</pre></div>';
//echo '<div style="float:left;"><pre>'; print_r($_COOKIE); echo '</pre></div>';
?>
<div class="clear"></div>
</div><!-- //loginStatus -->
</div><!-- //loginStatusBar -->
<!-- END loginbar.php !-->
Thank you!
Probably because this code isn't running before the part of the page that shows the user is logged in loads. Thus, the HTML shows that he is logged in but really he isn't.
The browser doesn't recognize cookie changes until after a page reload.
Your first click is unsetting the cookies, but the user remains logged in.
Your second click is "reloading" the page, where the cookies are now unset, and it appears to work.
Add a redirect to the same page (after unsetting and destroying the session) to simulate a refresh, and your button should work.
p.s.
This is a simplified version of how cookies work, but it's basically accurate.
Since you're unsetting the cookie on the server, you have to request the page again to be given the new http headers that DON'T contain the old cookie information. That's what the reload would do.
After you destroy the session, redirect to the login page, so that the page refreshes.
If you are logged into a third party website via FB, you must log out twice to complete the logout.
Related
I'm developing a plugin in wordpress, there is data that needs to be listed by search but I can't get them with the get parameter.
I can send with the post parameter, but when the user refreshes the page, she has to search again according to the order number.
Following my code:functions.php
add_action('admin_menu', 'testPluginAdminMenu');
function testPluginAdminMenu()
{
add_menu_page('Return Request',
'Return Request',
'manage_options',
'list',
'myFunction'
);
add_submenu_page(
'null',
'Return Request List',
'Return Request List',
'manage_options',
'listAll',
'myFunctionList');
}
index.php
<?php
function myFunctionList(){
if(isset($_GET['request_order'])){
echo $search = $_GET['request_order'];
}
}
function myFunction(){ ?>
<form method="get" action="<?php echo admin_url('admin.php?page=listAll&request_order='.$_GET['request_order'] ) ?>">
<input type="text" name="request_order" placeholder="Search Order Number..">
<button type="submit" >Search</button>
</form>
<?php } ?>
Output from url: localhost/wordpress/wp-admin/admin.php?request_order=7481
page=listAll not appearing on url
Thank you advance.
Can you try something like this
$qs = array(
'page' => 'listAll',
'request_order' => $_GET['request_order']
);
$qs = http_build_query($qs, null, "&", PHP_QUERY_RFC3986);
<?php echo admin_url('admin.php?' . $qs ) ?>
UPDATE 1
<form method="get" action="<?php echo admin_url('admin.php?page=listAll&request_order='.$_GET['request_order'] ) ?>">
<input type="text" name="request_order" placeholder="Search Order Number..">
<input type="hidden" name="page" value="listAll" />
<button type="submit" >Search</button>
</form>
I have a bootstrap login form for an admin user that has a login submit button, but when I press it, nothing happens.
Here's the html form placed in a login form template loginForm.php
<form action="admin.php?action=login" method="post" style="width: 50%;">
<input type="hidden" name="login" value="true" />
<?php if ( isset( $results['errorMessage'] ) ) { ?>
<div class="errorMessage"><?php echo $results['errorMessage'] ?></div>
<?php } ?>
<div class="field-wrap">
<label for="username">
username<span class="req">*</span>
</label>
<input type="text" name="username" id="username" required/>
</div>
<div class="field-wrap">
<label for="password">
Password<span class="req">*</span>
</label>
<input type="password" name="password" id="password" required/>
</div>
<button type="submit" name="login" class="button button-block"/>Log In</button>
</form>
and here's the login() function in the admin.php which includes all the functions for the admin.
function login() {
$results = array();
$results['pageTitle'] = "Admin Login | Malang Foodies";
if ( isset( $_POST['login'] ) ) {
// User has posted the login form: attempt to log the user in
if ( $_POST['username'] == ADMIN_USERNAME && $_POST['password'] == ADMIN_PASSWORD ) {
// Login successful: Create a session and redirect to the admin homepage
$_SESSION['username'] = ADMIN_USERNAME;
header( "Location: admin.php" );
} else {
// Login failed: display an error message to the user
$results['errorMessage'] = "Incorrect username or password. Please try again.";
require( TEMPLATE_PATH . "/admin/loginForm.php" );
}
} else {
// User has not posted the login form yet: display the form
require( TEMPLATE_PATH . "/admin/loginForm.php" );
}
}
Well, to be clear, all the functions that include a submit button like addArticle(), editArticle() in the admin.php does not work anymore when I adapted the bootstrap template, because before adapting bootstrap all the functions work fine.
Any help is appreciated. Thanks in advance.
You have a spurious forward slash / character in the button markup, so effectively you've closed the button tag twice:
<button type="submit" name="login" class="button button-block"/>Log In</button>
because you have: <button.... /> (the spurious / character which closes some other tags, so it's probably throwing the browser completely). Delete that and it should work.
He does have an input "login". It's the first of the form and it's hidden.
Is ADMIN_USERNAME and ADMIN_PASSWORD defined somewhere?
Or are you sure you sure both password and username match the constants?
Hope this helps.
Are you sure that this is a PHP issue? Try putting a statement like die('here') somewhere in the checking of POST values. I suspect, because your form is a button, the form isn't actually submitting. You might want to check for javascript errors on the page.
I have 2 functions - one generates the form on my main page and the other processes the submitted form. This is the Braintree sandbox API and their method is this: take in user info and submit to Braintree server, BT server returns a payment method nonce to me which I can then use to POST and view the transaction in my sandbox control panel. However, the form isn't being submitted and I'm not sure at what point in the process the whole submission is failing. NOTE - I am submitting the form to the same PHP file where the form is located.
I still need help on this...
ask.php - This is the page where I call both functions
<div>
<?php
fd_bt_form();
fd_process_trans();
?>
</div>
find-do-for-anspress.php
$FD_Braintree_Keys = array(
Braintree_Configuration::environment('sandbox'),
Braintree_Configuration::merchantId('A'),
Braintree_Configuration::publicKey('B'),
Braintree_Configuration::privateKey('C')
);
function fd_bt_form()
{
$class_bt_token = new Braintree_ClientToken();
$clientToken = $class_bt_token->generate();
?>
<script src="https://js.braintreegateway.com/v2/braintree.js"></script>
<script>
braintree.setup(
'<?php echo $clientToken ?>',
'custom', {
id: 'checkout',
});
</script>
<?php
echo
'<form id="checkout" action="" method="POST">
<p>
<label><font size="5">Amount:</font></label>
<input type="text" size="4" name="amount" id="amount" />
</p>
<input data-braintree-name="number" value="378282246310005">
<br> <br />
<input data-braintree-name="expiration_month" value="05">
<input data-braintree-name="expiration_year" value="17">
<br> <br />
<input data-braintree-name="cvv" value="531">
<br> <br />
<input type="submit" id="submit" value="Pay">
</form>';
echo $_POST["payment_method_nonce"];
global $bt_nonce;
$bt_nonce = $_POST["payment_method_nonce"];
return $bt_nonce;
}
function fd_process_trans() {
$FD_Braintree_Keys;
$nonce = $_POST["payment_method_nonce"];
$amount = $_POST["amount"];
$result = Braintree_Transaction::sale(array(
'amount' => $amount,
'paymentMethodNonce' => $nonce,
'options' => array(
'submitForSettlement' => True,
),
));
if ($result->success) {
echo "Success!";
}
else {
echo "Transaction failed.";
}
}
This issue affects Firefox only. There are no issues in other browsers.
I have a custom login on my website. It works perfectly until I add the Twitter Timeline Embed code. When that code is added, the PHP session value changes when logging in. On signin.php, a php session value is generated. Upon pressing submit and going to success.php, the session value changes.
What could possibly be causing that and why only in Firefox?
Here is my code:
1.php
<?php
session_start();
//Prevent Cross-Site Request Forgeries//
$tokengf = md5(uniqid(rand(), TRUE));
$_SESSION['tokengf'] = "$tokengf";
$_SESSION['tokengf_timestamp'] = time();
////
?>
<form action="2.php" method="post" />
<h3> Enter Your Username:</h3>
<span class="question">What is your username? </span>
<p>
<label for="username">My username is:<br />
</label>
<input type="text" name="username" id="username" value="" size="40" maxlength="85" />
</p>
<input type="hidden" name="tokengf" value="<?php echo $_SESSION['tokengf']; ?>" />
<br />
<input type="submit">
</form>
<!--Twitter Timeline-->
<a class="twitter-timeline" href="https://twitter.com/gftravelsite" data-widget-id="412977135226081280">Tweets by #gftravelsite</a>
<script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+"://platform.twitter.com/widgets.js";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>
And here's the page that gets submitted to:
2.php
<?php
session_start();
echo var_dump($_SESSION) . "<BR>";
echo print_r($_POST);
//Prevent Cross-Site Request Forgeries//
if ($_POST['tokengf'] != $_SESSION['tokengf']) {
echo "<br>post and session token values don't match.";
exit;
}
////
The browser output is:
array(2) { ["tokengf"]=> &string(32) "2e5b9797a3ba1e0b481f363b585c3bb1" ["tokengf_timestamp"]=> &int(1431234058) }
Array ( [username] => [tokengf] => 9bf4cca211d7a9874d954a434c21ac28 ) 1
post and session token values don't match.
The same exact page run using Chrome or IE gives this output as expected:
array(2) { ["tokengf"]=> &string(32) "fc28ab43754b40e6941a3f0208257de9" ["tokengf_timestamp"]=> &int(1431234321) }
Array ( [username] => [tokengf] => fc28ab43754b40e6941a3f0208257de9 ) 1
Thanks,
Tim
I have the following *code below, every time I refresh the page it asks me to send the form again. How do I avoid that, I don't want to resend a form on a page refresh. Thanks in advance.
*CODE
<?php function make_user_feedback_form() {
global $wpdb;
global $current_user;
$ufUserID = $current_user->ID;
if ( 'POST' == $_SERVER['REQUEST_METHOD'] && !empty( $_POST['action'] ) && $_POST['action'] == 'updateFeedback' ) {
$ufDataUpdate = $wpdb->insert( 'wp_user_feedback', array( 'date' => current_time('mysql'), 'responses' => $_POST["test"]) );
}
}?>
<div id="form">
<ol>
<form method="post">
<li><label for="test">Question 01</label><input type="text" id="datepicker" name="test" value="" /></li> <!-- the (name="test") value is what the ('responses' => $_POST["test"]) value is talking too -->
<li><input name="submit" type="submit" id="submit" class="submit button" value="Send feedback" /></li>
<?php wp_nonce_field( 'updateFeedback' ); ?>
<input name="action" type="hidden" id="action" value="updateFeedback" />
</form>
</ol>
</div>
<?php
add_action('the_content','make_user_feedback_form');
?>
After you have processed the form data and stored it in the database or worked with it in some way, reload the same page using:
header("location: thispage.php");
Doing this will destroy the POST data and allow the page to be refreshed without displaying the resubmit alert.