New site showing weird login alternative

Question

I have just had a very weird thing happen; I had my login script working fine on my computer. I just re-uploaded all my databases and my new site to my new test server with my hosting. However when I go to login and when I press submit, it just displays the username and password at the top as if I am var_dump to them.

Is there any reason for this?

This is what shows

string(3) "s17" string(32) "PASSWORD HASH HERE"

Thanks for any and all help.

EDIT. Sorry heres my code, its a bit long, i know your going to say why am i using the old mysql_* stuff but i will be moving to PDO soon, i am learning it at the moment.

<?php

// Start Session to enable creating the session variables below when they log in
session_start();
// Force script errors and warnings to show on page in case php.ini file is set to not display them
//error_reporting(E_ALL);
//ini_set('display_errors', '1');
//-----------------------------------------------------------------------------------------------------------------------------------
// Initialize some vars


include 'connect_to_mysql.php';


    $var_error="";  
    if (isset($_SESSION['error'])) {

         $var_error = $_SESSION['error'];
        unset($_SESSION['error']);
        $error_check_tok = "error_overlay();";

    }else{
            unset($_SESSION['error']);

    }




$login_username = '';
$login_password = '';
if (isset($_POST['login_submit'])) {

    $login_username = $_POST['login_username'];
    $login_password = $_POST['login_password'];

    $login_username = stripslashes($login_username);
    $login_password = stripslashes($login_password);

    $login_username = strip_tags($login_username);
    $login_password = strip_tags($login_password);



    // error handling conditional checks go here
    if ((!$login_username) || (!$login_password)) { 

       $reg_error = "you did not enter both Username and Password, Please try again.";
       $_SESSION['error'] = $reg_error;
       header("Location: index.php");

    } else { // Error handling is complete so process the info if no errors
        include 'connect_to_mysql.php'; // Connect to the database

        $login_username = mysql_real_escape_string($login_username); // After we connect, we secure the string before adding to query
        $login_password = mysql_real_escape_string($login_password); // After we connect, we secure the string before adding to query

        $login_password = md5($login_password); // Add MD5 Hash to the password variable they supplied after filtering it
        var_dump($login_username);
        var_dump($login_password);
        // Make the SQL query
        $sql_users = mysql_query("SELECT * FROM users WHERE username='$login_username' AND password='$login_password' AND account_activated='1'", $general); 
        $login_check = mysql_num_rows($sql_users);
        // If login check number is greater than 0 (meaning they do exist and are activated)
        if($login_check >= 1){ 
                while($row_users = mysql_fetch_array($sql_users)){

                    // Pleae note: Adam removed all of the session_register() functions cuz they were deprecated and
                    // he made the scripts to where they operate universally the same on all modern PHP versions(PHP 4.0  thru 5.3+)
                    // Create session var for their raw id
                    $user_id = $row_users["user_id"];   
                    $user_no_of_logins = $row_users["no_of_logins"];
                    $user_online = $row_users["online"];

                    $_SESSION['user_id'] = $user_id;
                    // Create the idx session var
                    $_SESSION['idx'] = base64_encode("g4p3h9xfn8sq03hs2234$id");
                    // Create session var for their username
                    $login_username = $row["login_username"];
                    $_SESSION['login_username'] = $login_username;
                    // Create session var for their password
                    $login_userpass = $row["login_password"];
                    $_SESSION['login_userpass'] = $login_userpass;


                    //$sql_login_check = mysql_num_rows($sql_login);
                    if($user_no_of_logins == "0"){

                        mysql_query("UPDATE users SET first_login=now() WHERE user_id='$user_id' LIMIT 1", $general);

                    }

                    if($user_online == "0"){

                       mysql_query("UPDATE users SET online = '1' WHERE user_id='$user_id' LIMIT 1", $general); 
                       mysql_query("UPDATE system SET no_online = no_online + 1", $system);
                    }


                    mysql_query("UPDATE users SET last_login=now() WHERE user_id='$user_id' LIMIT 1", $general);  
                    mysql_query("UPDATE users SET no_of_logins = no_of_logins + 1 WHERE user_id='$user_id' LIMIT 1", $general); 
                    mysql_query("UPDATE system SET total_logins = total_logins + 1", $system);




                } // close while

                // Remember Me Section
                if(isset($_POST['login_remember'])) { 
                     $encryptedID = base64_encode("g4enm2c0c4y3dn3727553$user_id");
                     setcookie("idCookie", $encryptedID, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days
                     setcookie("passCookie", $login_password, time()+60*60*24*100, "/"); // Cookie set to expire in about 30 days

                }

                // All good they are logged in, send them to homepage then exit script
                header("Location: overview.php");

        } else { // Run this code if login_check is equal to 0 meaning they do not exist
            $reg_error = "Login Inputs Incorrect, Please try again.";
            $_SESSION['error'] = $reg_error;
            header("Location: index.php");
        }


    } // Close else after error checks

} 

?>

Well, PHP and HTML certainly aren't doing that by themselves. It's *your* code... — deceze, Oct 03 '12 at 01:40
But i can't understand the code was working fine on my computer, logging in fine etc... — Al Hennessey, Oct 03 '12 at 01:41
"Was working fine" doesn't solve the problem or give us any more information on what the problem is. Figure it out. Debug your code. — deceze, Oct 03 '12 at 01:42

score 2 · Accepted Answer · edited May 23 '17 at 11:43

2

Well, it's right there:

<blink>
           vvvvvvvvvvvvvvvvvvvvvvvvvv
---------> var_dump($login_username); <---------
---------> var_dump($login_password); <---------
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
                                        </blink>

The reason this was not showing up on another system is likely that the output was buffered on that system. On the new system the output is not buffered so the above is output, and your redirect header is not. For why that is, read https://stackoverflow.com/a/8028987/476.

edited May 23 '17 at 11:43

Community

1
1

answered Oct 03 '12 at 01:57

deceze

510,633
85
743
889

1

wow, this is awkward, i can't believe i missed that, sorry for wasting your time. – Al Hennessey Oct 03 '12 at 02:00
2

I can't *quite* make out where in the code the problem is occurring? Could you possibly mark it more clearly? ;-) – Larry Lustig Oct 03 '12 at 02:02

score 0 · Answer 2 · answered Oct 03 '12 at 01:59

"it just displays the username and password at the top as if I am var_dump to them."

This is because you are calling var_dump on the username and password.

Removing the following from your code will stop it from var dumping the username and password.

var_dump($login_username);
var_dump($login_password);

New site showing weird login alternative

2 Answers2