So I'm using php-login-minimal to handle logins on my almost complete website.
The login system works perfectly on desktop, but on tablet or mobile it acts as though it's working and logging me in but ultimately I end up at the same page asking me to log in.
I don't understand why it would work on desktop but not mobile. The webpage is the same page that is loaded for both, as I am using a responsive design to scale the content to fit whatever screen is being used, but the logging in system doesn't return an error or anything to help me out.
I've noticed in the Login.php script that there is a line of code elseif (isset($_POST["login"])) { but none of the form elements have the name "login" other than the submit button, do you guys reckon that could be an issue?
I was also thinking about adapting the code a little bit to specify login in the URL (www.example.com/index?login) and see if that works, but I don't want to change the code as I don't fully understand it all yet.
Thanks for any help though guys!
My Login Form
The Login Code
index.php
if (version_compare(PHP_VERSION, '5.3.7', '<')) {
exit("Sorry, Simple PHP Login does not run on a PHP version smaller than 5.3.7 !");
} else if (version_compare(PHP_VERSION, '5.5.0', '<')) {
// if you are using PHP 5.3 or PHP 5.4 you have to include the password_api_compatibility_library.php
// (this library adds the PHP 5.5 password hashing functions to older versions of PHP)
require_once("libraries/password_compatibility_library.php");
}
// include the configs / constants for the database connection
require_once("config/db.php");
// load the login class
require_once("classes/Login.php");
// create a login object. when this object is created, it will do all login/logout stuff automatically
// so this single line handles the entire login process. in consequence, you can simply ...
$login = new Login();
// ... ask if we are logged in here:
if ($login->isUserLoggedIn() == true) {
// the user is logged in. you can do whatever you want here.
// for demonstration purposes, we simply show the "you are logged in" view.
include("views/logged_in.php");
} else {
// the user is not logged in. you can do whatever you want here.
// for demonstration purposes, we simply show the "you are not logged in" view.
include("views/not_logged_in.php");
}
classes/Login.php
/**
* Class login
* handles the user's login and logout process
*/
class Login
{
/**
* @var object The database connection
*/
private $db_connection = null;
/**
* @var array Collection of error messages
*/
public $errors = array();
/**
* @var array Collection of success / neutral messages
*/
public $messages = array();
/**
* the function "__construct()" automatically starts whenever an object of this class is created,
* you know, when you do "$login = new Login();"
*/
public function __construct()
{
// create/read session, absolutely necessary
session_start();
// check the possible login actions:
// if user tried to log out (happen when user clicks logout button)
if (isset($_GET["logout"])) {
$this->doLogout();
}
// login via post data (if user just submitted a login form)
elseif (isset($_POST["login"])) {
$this->dologinWithPostData();
}
}
/**
* log in with post data
*/
private function dologinWithPostData()
{
// check login form contents
if (empty($_POST['user_name'])) {
$this->errors[] = "Username field was empty.";
} elseif (empty($_POST['user_password'])) {
$this->errors[] = "Password field was empty.";
} elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) {
// create a database connection, using the constants from config/db.php (which we loaded in index.php)
$this->db_connection = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
// change character set to utf8 and check it
if (!$this->db_connection->set_charset("utf8")) {
$this->errors[] = $this->db_connection->error;
}
// if no connection errors (= working database connection)
if (!$this->db_connection->connect_errno) {
// escape the POST stuff
$user_name = $this->db_connection->real_escape_string($_POST['user_name']);
// database query, getting all the info of the selected user (allows login via email address in the
// username field)
$sql = "SELECT user_name, user_email, user_password_hash
FROM users
WHERE user_name = '" . $user_name . "' OR user_email = '" . $user_name . "';";
$result_of_login_check = $this->db_connection->query($sql);
// if this user exists
if ($result_of_login_check->num_rows == 1) {
// get result row (as an object)
$result_row = $result_of_login_check->fetch_object();
// using PHP 5.5's password_verify() function to check if the provided password fits
// the hash of that user's password
if (password_verify($_POST['user_password'], $result_row->user_password_hash)) {
// write user data into PHP SESSION (a file on your server)
$_SESSION['user_name'] = $result_row->user_name;
$_SESSION['user_email'] = $result_row->user_email;
$_SESSION['user_login_status'] = 1;
print "";
exit;
} else {
$this->errors[] = "Wrong password. Try again.";
}
} else {
$this->errors[] = "This user does not exist.";
}
} else {
$this->errors[] = "Database connection problem.";
}
}
}
/**
* perform the logout
*/
public function doLogout()
{
// delete the session of the user
$_SESSION = array();
session_destroy();
// return a little feeedback message
$this->messages[] = "You have been logged out.";
}
/**
* simply return the current state of the user's login
* @return boolean user's login status
*/
public function isUserLoggedIn()
{
if (isset($_SESSION['user_login_status']) AND $_SESSION['user_login_status'] == 1) {
return true;
}
// default return
return false;
}
}
The not_logged_in.php file (logged_in.php is similar, just the form cannot be changed from display:none as the link used to do that changes to a logout link:
// show potential errors / feedback (from login object)
if (isset($login)) {
if ($login->errors) {
foreach ($login->errors as $error) {
echo $error;
}
}
if ($login->messages) {
foreach ($login->messages as $message) {
echo $message;
}
}
}
?>
Untitled Document
Answer
After OP used error reporting, as I suggested in comments:
"Right away, after adding it to the index.php page and loading up I got: Warning: session_start(): Cannot send session cache limiter - headers already sent, I also get a similar one on mobile that says session cookie headers in place of session cache limiter. – radiocaf"
Your index.php file (and possibly other files) is throwing you that warning because you might have your HTML form on top of PHP, or a space, or cookie, or even a BOM (byte order mark).
Your files' encoding may contain a byte order mark, which is often the leading cause to a headers sent warning. The UTF-8 encoding lets you save files as "with" or "without" the byte order mark; you need to save them as "without BOM".
That is considered as output, as are spaces before an opening tag, or a cookie etc.
To check what the file's encoding is, you can check inside a code editor's options under the encoding option.
One of which is Notepad++ https://notepad-plus-plus.org/ and there are others also.
Place your PHP first, then your form if that is the case.
Consult the following on Stack about that warning:
Additionally, a quick fix would be to use ob_start(); at the top of your PHP files.
I.e.:
ob_start();
// rest of your PHP
?>
then your HTML
or
ob_start();
?>
then your HTML
then the rest of your PHP/SQL.
Plus, as originally stated in comments:
" these
'" . $user_name . "'contain spaces and may be interpreted as extra spaces being added. Try to remove them'" .$user_name. "'or'".$user_name."'"
No comments:
Post a Comment