Page 1 of 1

Login not working in IE

Posted: Wed Nov 16, 2005 1:54 am
by acroshaw
Hi everyone, I am pretty new to php, so forgive any foolish mistakes! The code below is for a simple login/authentication script, works fine in Netscape and Firefox, but no joy in Explorer 5.5 or 6 . PHP version is 4.4.1 .

Code: Select all

<?php

session_start();
if (isset($_POST['submit2'])) { 

// Check if the form has been submitted.

	ob_start();

	require_once ('mysql_connect.php'); // Connect to the database.
	
	if (empty($_POST['username'])) { // Validate the username.
		$u = FALSE;
		
		
	} else {
		$u = escape_data($_POST['username']);
	}
	
	if (empty($_POST['password'])) { // Validate the password.
		$p = FALSE;
		
	} else {
		$p = escape_data($_POST['password']);
	}
	
	if ($u && $p) { // If everything's OK.
	
					// Query the database.
					//first get the date of registration from the database
					
		
					$query = "SELECT username, first_name,registration_date,term FROM users WHERE username='$u' AND password=PASSWORD('$p')";		
		
					$result = @mysql_query ($query);
					$row = mysql_fetch_array ($result, MYSQL_ASSOC); 
		
		
						if ($row) { // A match was made. The next few lines check that the registration has not expired
						
									if ($row[term] == 'six') {$interval = 6;} else {$interval = 12;}
									$query = "SELECT PERIOD_DIFF(now(),registration_date) WHERE username='$u' AND 	             password=PASSWORD('$p')";		
									$result = @mysql_query ($query);
									if ($result < $interval) {
		
							
		
							// Start the session, register the values & redirect.
							
							$_SESSION['first_name'] = $row['first_name'];
							$_SESSION['username'] = $row['username'];
							
							ob_end_clean(); // delete the buffer
							header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
							exit();
				
				
				
							
				

							}
				 else { header ("Location:reg_expired.php");exit();}
				
		} 
		
		mysql_close(); // Close the database connection.
		
	} else { // If everything wasn't OK, finsish the session
	$_SESSION['username'] = NULL;
	$_SESSION['first_name'] = NULL;
	unset($_SESSION['username']);
	unset($_SESSION['first_name']);
			
	}
	
} // End of SUBMIT conditional.
ob_end_flush();

?>


thanks in advance fro any help,
anthony

Posted: Wed Nov 16, 2005 3:29 am
by raghavan20
A few tips,

1. use this statement at the top of each page while developing the application to identify uninstantiated variables.

Code: Select all

error_reporting(E_ALL);
2. This statement

Code: Select all

if ($row) { // A match was made. The next few lines check that the registration has not expired
in your code can be written as

Code: Select all

if (is_array($row))
you can use

Code: Select all

if (count($row))
in the next statement to verify any elements in the array

Posted: Wed Nov 16, 2005 3:58 am
by Maugrim_The_Reaper
header ("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
Note that PHP_SELF can be used to introduce an XSS attack - needs to be filtered as being valid before use. Depends on server config.

Can you echo this URI under all browsers and check for differences?

Posted: Wed Nov 16, 2005 4:33 am
by acroshaw
thanks guys will give your suggestions a go now and get back to you!
anthony

Posted: Wed Nov 16, 2005 5:18 am
by acroshaw
I have tried turning on error reporting and that cleared up a few little bugs, but IE is still not playing nicely. I hit the login button and it should either come up with an error or else it should log you in - which works in netscape.
In explorer it just reloads the page - no data appears to be transferred between pageloads?
any help appreciated!
anthony

Posted: Wed Nov 16, 2005 5:29 am
by Maugrim_The_Reaper
See my suggestion?
Can you echo this URI under all browsers and check for differences?
This may differ between browsers - also IE has a habit of messing up some headers a while back if using 5.5

Posted: Wed Nov 16, 2005 5:38 am
by acroshaw
I think I may have found the problem - I found this on another forum, let me know if it's right or not:

"Quick point, since this had been going round in circles for days...

IE will not accept sessions from a domain that has an non alpha-numeric character in it. My development site was running under the vhost mos_dev and it was killing me, trying to work out why IE kept dropping my sessions."


My url is: http://preview.hosts.co.uk/~londonmanag ... /index.php
so I think maybe the squiggle is causing this? Thanks for your quick reply Maugrim, not sure I understand your suggestion, could you pretend I am really thick ( you won't have to try too hard!!) and explain it a bit more?
cheers!
anthony

Posted: Wed Nov 16, 2005 7:20 am
by Charles256
i've also noticed weird weird weird behavior in I.E. if you don't open and close your HTML tags properly. so double check your source from I.E. (firefox tends to fix your screw ups oddly enough, I.E. just says screw you:) )

Posted: Wed Nov 16, 2005 7:46 am
by acroshaw
yeah, I have noticed this too - the page validates in dreamweaver 8, and I can't see anything else wrong with it. We are moving the site to a different url later, so I will be keeping my fingers crossed!
anthony

Posted: Wed Nov 16, 2005 9:06 am
by trukfixer
Don't use Dreamweaver for validation.. It will *NEVER* validate to the standards.... Their validator is incorrect and outdated, very often...

use http://validator.w3.org/ to validate your markup.. it is *the* authorative and current standards for HTML markup..

Bri!

Posted: Thu Nov 17, 2005 4:22 am
by raghavan20
Unless your page is in a different host and different directory, I don't see the need to use

Code: Select all

$_SERVER['HTTP_HOST']
and

Code: Select all

dirname($_SERVER['PHP_SELF'])
It's enough if you use the PHP_SELF instead of all others....don't make things complex than it should be..