0

I created a login page using localhost and with different type of validation.now my login page work perfectly on localhost (wamp). But when I uploaded it to server than the login page is not working.

Don't know what is the cause of the error but server don't allow me to logged in to the website.website is custom developed by me.please help me sort it out.

Kindly help me solve this problem.

index.php

<?php
session_start();
error_reporting(E_ALL);
ini_set('display_errors', 1);
?>
<!DOCTYPE html>
<html>
<head>
<title>Admin Login</title>
<!-- Bootstrap -->
<link href="../css/bootstrap.min.css" rel="stylesheet" media="screen">
<link href="../css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
<link href="../css/custom_style.css" rel="stylesheet" media="screen">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
</head>
<body id="login">
<div class="top-logo"><img src="../assets/logo.png"></div>
<div class="container">
<div class="align_form_center">
<form  method="POST">
<div class="signin-heading"> Please sign in as <b>ADMIN</b></div>
<div class="align-center">
<!-- username box -->
<div class="form-group has-success has-feedback">
<div class="input-group col-md-10">
<span class="input-group-addon">Username</span>
<input type="text" name="admin_user" class="form-control" id="inputGroupSuccess5" aria-describedby="inputGroupSuccess3Status" required>
</div>
</br>
<!-- password box -->       
<div class="form-group has-success has-feedback">
<div class="input-group col-md-10">
<span class="input-group-addon">Password</span>
<input type="password" name="admin_pass" class="form-control" id="inputGroupSuccess3" aria-describedby="inputGroupSuccess3Status" required>
</div>
</br>     
<button name="submit" class="btn btn-large btn-primary col-md-10" type="submit">Sign in</button>
<br>
<label class="">
<input type="checkbox" value="remember-me"> Remember me
</label>
</div></div></div>
</form>
</div>  <!--align_form_center end-->
<footer>Site Design and Coded By <a href="www.freelancer.com/u/xbraindesigner.html">Xbraindesigner</a></footer>
</div> <!-- /container -->
<?php
include("../php/database_connection.php");
if(isset($_POST["submit"])){
$user=($_POST['admin_user']);
$pass=($_POST['admin_pass']);
if(isset($_POST['admin_user'])){$user=$_POST['admin_user'];}
if(isset($_POST['admin_pass'])){$pass=$_POST['admin_pass'];}
$user=stripslashes($user);
$pass=stripslashes($pass);
$user=mysqli_real_escape_string($con,$user);
$pass=mysqli_real_escape_string($con,$pass);
$result=mysqli_query($con,"SELECT * FROM admin_login WHERE admin_user='$user' AND admin_pass='$pass'")or die(mysqli_error());
$count=mysqli_num_rows($result);
if($result === FALSE){
echo ("query not working.".mysql_error());// better error handling
}
if($user=="" AND $pass=""){
return true;
}
if(isset($_POST['submit'])){
if($count == 1){
$_SESSION['admin_username'] = $user;
header("Location:profile.php");
exit;
}
else{
echo "Wrong Username or Password";
}
$result->close();
mysqli_close($con);
}}?>
<script src="../js/jquery-1.9.1.min.js"></script>
<script src="../js/bootstrap.min.js"></script>
</body>
</html>

session_check.php

<?php
// Establishing Connection with Server by passing server_name, user_id and password as a parameter
include("../php/database_connection.php");
session_start();// Starting Session
// Storing Session
$user_check=$_SESSION['admin_username'];
// SQL Query To Fetch Complete Information Of User
$ses_sql=mysqli_query($con,"select admin_user from admin_login where admin_user='$user_check'");
$row = mysqli_fetch_array($ses_sql);
$login_session =$row['admin_user'];
if(!isset($login_session)){
mysql_close($con); // Closing Connection
header('Location: index.php'); // Redirecting To Home Page
}
?>

profile.php

<?php 
include("session_check.php");
?>
<b id="welcome">Welcome : <i><?php echo $login_session; ?></i></b>
HaveNoDisplayName
  • 8,291
  • 106
  • 37
  • 47
hassan gul
  • 21
  • 1
  • 7
  • this is the url where i have uploaded files. currently i have not encrypt the password (if some one comment about encryption than this is for them) http://tutoriallab.net/voting/admin/index.php – hassan gul Aug 15 '15 at 13:48
  • no error. but when i enter correct username and password it redirect me again to login page. not going forward... – hassan gul Aug 15 '15 at 13:52
  • there are several errors in your script. first you have to set session `session_start()` at very first portion of the page even top of the comment. moreover you are trying to access `$row['admin_user']` without any `foreach` – Rejoanul Alam Aug 15 '15 at 13:58
  • how can i fixed this please help me out. i am a bit confused using foreach loop. – hassan gul Aug 15 '15 at 13:59
  • In your index page, move that whole block of code up above everything at the top of the page. `session_start()` should be first thing on the page. The `echo "Wrong Username or Password";` is the only thing really that should stay where it is, but needs to have an `if` condition. – Rasclatt Aug 15 '15 at 14:02
  • echo "Wrong username or password"; have if condition. but which part i should move to the top. first i don't have session_start(); i inserted that at the top.but didn't work! – hassan gul Aug 15 '15 at 14:15
  • Add error reporting to the top of your file(s) right after your opening PHP tag for example ` – Funk Forty Niner Aug 15 '15 at 14:16
  • this is incorrect `mysql_error()` all of those must read as `mysqli_error($con)` you cannot mix those MySQL functions. If you're getting errors, it won't show them to you if it's an sql error. Plus, `session_start();` MUST reside inside ALL pages using sessions. This is also incorrect `mysql_close($con);` do `mysqli_close($con);` - You CANNOT have any instances of `mysql_` here. – Funk Forty Niner Aug 15 '15 at 14:20
  • @Fred-ii- Good eye (`mysql_error` catch)! – Rasclatt Aug 15 '15 at 14:20
  • 1
    @Rasclatt Lord knows I try ;-) I edited mine above. Another one `mysql_close($con);` – Funk Forty Niner Aug 15 '15 at 14:22
  • @Fred-ii- i got this error after adding the error reporting code " Warning: Cannot modify header information - headers already sent by (output started at /home/tutoriallabnet/public_html/voting/admin/index.php:23) in /home/tutoriallabnet/public_html/voting/admin/index.php on line 90" – hassan gul Aug 15 '15 at 14:22
  • Thats because you have to put that block of code all the way to the top as I mentioned earlier – Rasclatt Aug 15 '15 at 14:22
  • well there you go. You're outputting before header. Read the following on Stack http://stackoverflow.com/questions/8028957/how-to-fix-headers-already-sent-error-in-php and read that over very carefully. – Funk Forty Niner Aug 15 '15 at 14:23
  • ok @Fred-ii- thank you. i will let you know if i am not able to solve after reading that artical. – hassan gul Aug 15 '15 at 14:25
  • thank you @Rasclatt.i will also let you know if i am unable to solve it. – hassan gul Aug 15 '15 at 14:26
  • 1
    you're welcome Hassan. Also make sure that your password column is the right type and the length is long enough to accodmodate the password or hash. MySQL will fail SILENTLY if it isn't. I see this happen often. That's if that is part of the question. DO NOT do this `$_SESSION['password'] = $pass;` that is not advisable. There is such a thing as sessions hijacking. – Funk Forty Niner Aug 15 '15 at 14:26
  • thank you. @Fred-ii- i have not use $_SESSION['password'] any where i will remove that. – hassan gul Aug 15 '15 at 15:02
  • @Fred-ii- i follow the link method which you have sent to me. but the error i got is due to php opening tag " – hassan gul Aug 15 '15 at 16:27
  • @Rasclatt please check my above comments about the problem please help me out. – hassan gul Aug 15 '15 at 16:28
  • You have to have an opening – Rasclatt Aug 15 '15 at 16:30
  • error log display this error again on another line. `[15-Aug-2015 16:25:28 UTC] PHP Warning: Cannot modify header information - headers already sent by (output started at /home/tutoriallabnet/public_html/voting/admin/index.php:50) in /home/tutoriallabnet/public_html/voting/admin/index.php on line 71` – hassan gul Aug 15 '15 at 16:31
  • @Rasclatt ok i will remove any space in there.and will let you know. thank you. – hassan gul Aug 15 '15 at 16:33
  • @Rasclatt there is no empty spaces now but again get an error.on line where php tag start. – hassan gul Aug 15 '15 at 16:59
  • @Rasclatt please have a look at the update index.php code and review it please. – hassan gul Aug 15 '15 at 17:02

2 Answers2

0

Error solved by adding some extra function's to the top of the index.php file.

<?php error_reporting(E_ALL); 
ini_set('display_errors',1);
ob_start();
flush(); // Flush the buffer
ob_flush();
session_start();?>`

After adding this code to the most top of the login page it solved the header error:

Warning Cannot modify header information - headers already sent.... etc

Rasclatt
  • 12,498
  • 3
  • 25
  • 33
hassan gul
  • 21
  • 1
  • 7
0

In your resolved answer, I think you have missed what is actually the real issue and that is the placement of the header() redirect. It has to move to the top before your HTML content renders to the page. There are all kinds of headers in php, so if you can properly place headers, you won't have to use a buffer to get around header errors in the future:

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include("../php/database_connection.php");

// I think using a function for this process will clean up your script a bit.
// Also moving it to an include page instead of on the page would also help de-clutter your login page.
function ValidateUser($username = false,$password = false,$con)
    {
        // Do all the sanitizing and such
        $username   =   mysqli_real_escape_string($con,trim(stripslashes($username)));
        $password   =   mysqli_real_escape_string($con,trim(stripslashes($password)));
        // Set a default error
        $success    =   array('success'=>false,'error'=>"invalid");
        // Check if the values after sanitizing are empty
        if(!empty($username) && !empty($password)) {
                // Fetch from the table
                $result     =   mysqli_query($con,"SELECT * FROM admin_login WHERE admin_user='$username' AND admin_pass='$password'") or die(mysqli_error($con));
                if($result) {
                    // If user in system true, if not false
                    $validuser  =   (mysqli_num_rows($result) == 1)? true:false;
                    $success    =   array('success'=>$validuser,'error'=> ((!$validuser)? "Invalid Username / Password": ""));
                    $result->close();
                }
                else
                    $success    =   array("success"=>false,"error"=>mysql_error());
            }
        // By now there will be a clear picture of validation
        return (object) $success; 
    }

session_start();
// You may want to do a redirect here if a user is already logged in:
if(!empty($_SESSION['admin_username'])) {
    header("Location:profile.php");
    exit;
}

// Just set a default error
$error  =   false;
// If submitted
if(isset($_POST["submit"])){
    // Check the user
    $validate   =   ValidateUser($_POST['admin_user'],$_POST['admin_pass'],$con);
    // If true
    if($validate->success) {
        // Assign session
        $_SESSION['admin_username'] = htmlspecialchars($_POST['admin_user'],ENT_QUOTES);
        // Redirect
        header("Location:profile.php");
        exit;
    }
    // Set the error again
    $error  =   $validate->error;
}
?><!DOCTYPE html>
<html>
<head>
    <title>Admin Login</title>
    <!-- Bootstrap -->
    <link href="../css/bootstrap.min.css" rel="stylesheet" media="screen">
    <link href="../css/bootstrap-responsive.min.css" rel="stylesheet" media="screen">
    <link href="../css/custom_style.css" rel="stylesheet" media="screen">
    <!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
    <!--[if lt IE 9]>
    <script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
    <![endif]-->
</head>
<body id="login">
    <div class="top-logo"><img src="../assets/logo.png"></div>
    <div class="container">
        <div class="align_form_center">
            <form  method="POST">
                <div class="signin-heading"> Please sign in as <b>ADMIN</b></div>
                <div class="align-center">
                    <!-- username box -->
                    <div class="form-group has-success has-feedback">
                        <div class="input-group col-md-10">
                            <span class="input-group-addon">Username</span>
                            <input type="text" name="admin_user" class="form-control" id="inputGroupSuccess5" aria-describedby="inputGroupSuccess3Status" required>
                        </div>
                        </br>
                        <!-- password box -->       
                        <div class="form-group has-success has-feedback">
                            <div class="input-group col-md-10">
                                <span class="input-group-addon">Password</span>
                                <input type="password" name="admin_pass" class="form-control" id="inputGroupSuccess3" aria-describedby="inputGroupSuccess3Status" required>
                            </div>
                            </br>     
                            <button name="submit" class="btn btn-large btn-primary col-md-10" type="submit">Sign in</button>
                            <br>
                            <label class="">
                            <input type="checkbox" value="remember-me"> Remember me
                            </label>
                        </div>
                    </div>
                </div>
            </form>
        </div>
        <!--align_form_center end-->
        <footer>Site Design and Coded By <a href="www.freelancer.com/u/xbraindesigner.html">Xbraindesigner</a></footer>
    </div>
    <!-- /container -->
    <?php echo $error; ?>
    <script src="../js/jquery-1.9.1.min.js"></script>
    <script src="../js/bootstrap.min.js"></script>
</body>
</html>
<?php mysqli_close($con); ?>
Rasclatt
  • 12,498
  • 3
  • 25
  • 33
  • when i move all my php script to the top of the page.than page cannot displayed or even load in a browser! – hassan gul Aug 15 '15 at 19:17
  • Well, interestingly enough, there is no OOP in this. The object is returned only for error purposes (it looks cleaner than an associative array). – Rasclatt Aug 15 '15 at 19:23
  • If you have a blank page, you may have a syntax error, because the code as I pasted it, works. I would not paste it if I hadn't already checked it out. – Rasclatt Aug 15 '15 at 19:26
  • will i replace this code with my own `index.php` file? – hassan gul Aug 16 '15 at 08:49
  • Save what you have and just try this code as is. See if it works. If you can't get it to work for whatever reason, just go back to what you have working, but just know the header() placement is important. – Rasclatt Aug 16 '15 at 08:51
  • thank's man. i inserted the `code` and it's working **perfectly** i am going to built the rest of the part of the application. will i use php at the top of every page? and use html below in every page? this is my first time to develop application on live server! therefore i am confused! thank's man for great help.i replace my `code` with your's and it's working. – hassan gul Aug 16 '15 at 09:04
  • When developing, I have found the best principles are to separate tasks and keep them on separate pages to include like your connection file. This keeps your pages fairly clean and readable. Do all your calculating before the output of the file to the browser (of course you may need some loops and stuff in your layout) but if can be done after the session_start() and before the html starts, you will find your layouts are a lot easier to manage' – Rasclatt Aug 16 '15 at 09:08