Forms, PHP, MySQL and Hair-Pulling

willowhand

I am on the verge of pulling my hair out.

I have an alumni site that allows users to login and then post or update their information. The folks that extensively tested the site had no problems with it whatsoever. However, now that we’ve gone live I’ve been getting consistent reports of people that put in their username and password, click the login button and then rather than logging them in it simply clears the fields. It seems this happens for about 25% of the users. The other 75% of them apparently are able to login no problem (I hate inconsistent problems!). We, of course, have been totally unable to replicate this, which doesn’t help matters. I’ve told folks to ensure they have cookies enabled and that seemed to fix the problem about 1/3 of the time. But that still leaves a whole slew of people unable to get on.

We’ve tested the site on Mac OS X, Mac OS 9 and Windows XP – Netscape and IE on all – they all seem to work just fine.

ANY suggestions would be absolutely appreciated. The login code is below (forgive any messiness - we're pretty new to php). Are we missing something? Argh!

Thanks,
Kelly

<?php

 include_once "../lib/config.php";
 include_once "../lib/error.php";
 include_once "../lib/functions.php";

// Function that returns the HTML FORM that is
// used to collect the user-name and password
function login_page($errorMessage, $forward)
{
  // Generate the Login-in page
  echo "\n<html>\n<head>";
  echo "\n\t<title> Login</title>\n";

  std_header($logged_in_user);
  echo "\n\t<table width=\"80%\" align=center border=0 cellpadding=5 cellspacing=1>\n<tr>";
  echo "\n\t<td align=left class=\"classTitle\">Login Page</td></tr>";
  echo "\n\t<tr><td class=Normal>";
  echo "\n\t<form method=\"POST\" action=\"auth.php\">";

  // Include the formatted error message
  if (isset($errorMessage))
    echo
      "<br><center><font color=red>$errorMessage</font></center>";

  // Generate the login <form> layout
  echo "\n<br><table align=\"center\" border=0>";
  echo "\n\t<tr><td class=Normal align=right>Username:</td>";
  echo "\n\t<td class=Normal><input class=Normal type=\"text\" size=30";
  echo "\n\t\tmaxlength=60";
  echo "\n\t\tname=\"uname\"></td></tr>";
  echo "\n\t<tr><td class=Normal align=right>Password:</td>";
  echo "\n\t<td class=Normal><input class=Normal type=\"password\" size=30";
  echo "\n\t\tmaxlength=15";
  echo "\n\t\tname=\"upass\"></td></tr>";

#var_dump($forward);
  echo "\n\t</td></tr><tr><td class=Normal><input type=\"hidden\" name=\"forward\" 
	value=\"" . $forward . "\"></td></tr>";
  echo "\n\t<tr><td colspan=2 align=center class=Normal>";
  echo "\n<input class=Normal type=\"submit\" value=\"Log in\"></td></tr><tr><td class=Small colspan=2 align=center><br><a href=\"forgetmenot.php\">I forgot my username/password</a></td></tr></table>";
  echo "\n</form>";
  echo "\n</body>";
  echo "\n</html>";
}

// Function that returns HTML page showing that
// the user with the $currentLoginName is logged on
function logged_on_page($currentLoginName)
{

?>

<html>
<head>
<title>Login</title>
<meta http-equiv="refresh" content="1;URL=main.php">

 <?php
  std_header($currentLoginName);
  echo "\n\t<table width=\"80%\" align=center border=0 cellpadding=5 cellspacing=1>\n<tr>";
  echo "\n\t<td align=left class=\"classTitle\">Login Page</td></tr>";
  echo "\n\t<tr><td class=Normal align=center><br>";
  echo "\nYou have successfully logged in.<br><br>Redirecting to main page...</td></tr></table>";
  echo "\n</body>\n</html>";
}

// Main
session_start();
$forward = $HTTP_SESSION_VARS["forward"];
$forward2 = $HTTP_SESSION_VARS["forward2"];

// Check if we have a valid login
if (isset($HTTP_SESSION_VARS["authenticatedUser"]))
{
  // There is currently a user logged on
  // Check if they got here by trying to get somewhere else
  if (!empty($HTTP_POST_VARS["forward"])) {
    header ("Location: " . $forward);
  } else {
    logged_on_page($HTTP_SESSION_VARS["authenticatedUser"]);
  }
}
else
{

if ($forward == "/whs/php/auth.php")
  $forward = $forward2;
 else
  $forward2 = $forward;

#var_dump($HTTP_SESSION_VARS["forward"]);
#var_dump($HTTP_SESSION_VARS["forward2"]);
  // No login established, no POST variables 
  // display the login form + any error message
  login_page($HTTP_SESSION_VARS["loginMessage"], $forward);

#  session_destroy();
  session_register("forward2");
  session_unregister("loginMessage");
  session_unregister("authenticatedUser");
}
?>

willowhand

Sorry, one more thing. I don't know if this is helpful or not, but the std_header code that it references is this:

# Begin std_header()
function std_header ($logged_in_user)
{
  echo "\n\n<! std_header >";
  echo "\n<link rel=\"stylesheet\" href=\"../lib/default.css\" type=\"text/css\">\n<!--#exec cgi=\"../../cgi-bin/slayer/slayer.cgi\"-->
        \n<style type=\"text/css\">
        \n<!--
        \na:link {color: #8B7355; text-decoration: none; font-weight: bold}
        \na:visited {color: #8B7355; text-decoration: none; font-weight: bold}
        \na:hover {color: #FF6633; text-decoration: underline; cursor: crosshair; font-weight: bold}
        \nBODY {scrollbar-face-color:#FBFBD7; scrollbar-shadow-color:#FF6633; scrollbar-highlight-color:#FF6633; scrollbar-3dlight-color:#FBFBD7; scrollbar-darkshadow-color:#FBFBD7; scrollbar-track-color:#FBFBD7; scrollbar-arrow-color:#FF6633}
       \n-->\n</style>\n</head>";
  echo "\n<body bgcolor=\"#FFFFFF\">";

  echo "\n<table width=\"90%\">\n<tr>\n\t<td align=\"right\" class=Normal>";
  if (!empty($logged_in_user))
    echo "\nLogged in as $logged_in_user.
        (<a href=\"logout.php\">logout</a>)";

  if (empty($logged_in_user))
    echo "\nYou are not logged in. (<a href=\"login.php\">login</a>)";
  echo "\n\t</td>\n</tr>\n</table>";
 echo "\n<! end std_header >\n";
}
# End std_header()