[RESOLVED] Login works in Firefox & IE7 but not IE6, why?

motherHubbard

Newbies is certainly the right category for me! I have been working on this for 2 days.
IE6 is going to the verifying page, but is not recognizing a correct username & password. Access is denied on everything.
I am using a .txt file for passwords etc. each line looks like this:
account,password,Location: someplace.php

<?php
session_start();
ob_start();
extract( $_POST );
if ( !$USERNAME || !$PASSWORD ) {
            accessDenied();
            die();
}
if ( !( $file = fopen( "somepasswordfile.txt", "r" ) ) ) {
              $errorMessage = 'Error<br />Could not open password file.'; 
               die();
            }
$userVerified = 0;
while ( !feof( $file ) && !$userVerified ) {
               $line = fgets( $file, 60 );
               $field = explode( ",", $line );
if ($USERNAME == $field[ 0 ] ) {
                  $userVerified = 1;
if ( checkPassword( $PASSWORD, $field[1] ) == true )
                     accessGranted( $USERNAME,$field[2] );
                  else   

                     accessDenied();
               }
                  else
                     accessDenied();
   }
fclose( $file );
function checkPassword( $userpassword, $filedata )
         {
            if ( $userpassword == $filedata )
               return true;
            else
               return false;
         }
function accessGranted( $name,$link ) {
 $_SESSION[$name] = true;
 header($link);
 exit;
         }
 function accessDenied()
         {
	header('Location: clientlogin.html');
	exit;
	}
ob_end_flush();
?>
<html><head><title>Verifying</title>
</head>
<body>
</body>
</html>

This is the page that posts to the page above:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
	  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
<title>Login page</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>  

<table align="left" width="600" style="table-layout:fixed;">
   <tr>
    <td><h1 class="main">Client Login</h1>    </td>
    </tr><tr>
    <td valign="top" align="left"><form action = "verify.php" method = "post">
 Username:<br />

<input size = "40" name = "USERNAME" type="text" style = "height: 22px; width: 115px" /><br />
Password:<br />
<input size = "40" name = "PASSWORD" style = "height: 22px; width: 115px" 
                     type = "password" />
                  <br/>
<input type = "submit" name = "Submit" value = "Enter" style = "height: 23px; 
                     width: 57px" />
<input type = "reset" name = "Reset" value = "Reset" style = "height: 23px; 
                     width: 57px" />
</form></td>
</tr></table></body></html>

I can't tell you how much I would appreciate any help.

NogDog

Make sure your IE6 browser is accepting cookies.

Also, while I doubt this is the problem, the HTTP location header should be a full URI to be HTTP/1.1-compliant:

header('Location: http://www.example.com/clientlogin.html');

motherHubbard

Thanks for the advice! I double checked & IE6 is accepting all cookies. Any other ideas?

paulnaj

Hi,

I've got a feeling it's something to do with output buffering and IE6.

Can I ask why you're using ob anyway? There's no real need as far as I can see...

<?php
session_start();
extract($_POST);

if(!$USERNAME || !$PASSWORD){
	die('Error<br />Username and/or password not set.<br />Please try again <a href="./clientlogin.html">Login</a>');
}

if(($file = fopen("somepasswordfile.txt", "r")) !== FALSE){
    die('Error<br />Could not open password file.'); 
}

$LINK = '';
$access_granted = false;
while(!feof($file)) {
	$line = fgets($file, 60);
	$field = explode(",", $line);

if($USERNAME == $field[0]){
	// We've found the name, now check the password
	if($PASSWORD == $field[1]){
		$LINK = $field[2];
		$access_granted = true;
	}
	// Break out of while whether or not password is good
	break;
}
}
fclose($file);

if($access_granted){
	$_SESSION[$USERNAME] = true;
	// I'm guessing $LINK does not start with 'Location :'
	header('Location: '.$LINK); 
	exit;
} else {
	// Use the full URL like NogDog says but...
	header('Location: clientlogin.html'); 
	exit;
}
?>

NogDog

Once PHP receives the form data, it should be totally ignorant as to what browser sent it; so it would seem that the non-functioning browser is not sending the same data as the others. So, for a sanity check, try viewing the $POST values to see if they're being set as expected:

<?php
session_start();
// DEBUG:
echo "<pre>";
var_dump($_POST);
echo "</pre>\n";
// END DEBUG

motherHubbard

I was using the buffer because someone suggested that IE6 might need that.
It works the same in all of my tests with or without it, but you are right, paulnaj, I don't need it in there & I have just forgotten to remove it. Thanks!

Regarding the $POST values:
IE6, IE7, & Firefox all show the same thing:

array(3) {
["USERNAME"]=>
string(3) "xxx"
["PASSWORD"]=>
string(5) "xxxxx"
["Submit"]=>
string(5) "Enter"
}

The username & password are correct.

I'm still stumped.

paulnaj

Just checking ...

Was it your code (less the ob stuff) that didin't work or the version I did (or both)?

motherHubbard

paulnaj wrote:
Just checking ...

Was it your code (less the ob stuff) that didin't work or the version I did (or both)?

P.

I'm not sure I understand your question.
There is no change without the "ob stuff" 🙂
It works in IE7 & Firefox but not in IE6 or lower.

I did the code you gave me by itself. I changed the login page to post to it & it produced exactly what is in my quote. (I replaced the real username & password with x's)

array(3) {
["USERNAME"]=>
string(3) "xxx"
["PASSWORD"]=>
string(5) "xxxxx"
["Submit"]=>
string(5) "Enter"
}

It produced exactly the same thing in IE6, IE7, and Firefox, so IE6 is posting the same information as the others, just not handling it the same way.

Does that make sense?

bradgrafelman

Start dumping debug information about the variables involved and try to figure out where it's failing. For instance, you might do this:

if ( checkPassword( $PASSWORD, $field[1] ) == true )
      accessGranted();
else
    die("Access failed.<br>PASSWORD was: $PASSWORD<br>field[1] was: $field[1]");

Just start adding debug messages so you can find out exactly where it's failing. That way you'll at least know where the problem is.

motherHubbard

Okay, I have debugged, corrected some things, & see where the problem is.
I have tested this script in Firefox2, Firefox1, Firebird, IE7, Opera, Safari, Netscape 6.2, 7.2, 8, & 9. These all did exactly the same thing in num2.php, & printed the correct message based on the username I entered. I tested a number of different usernames.
IE6 & IE5 went to the num2.php page but printed nothing.
In my tests I made sure that IE5 & IE6 had the right username in num1.php in the accessGranted function & both did, so I am concluding that IE5 & IE6 are not getting the username in num2.php, but I don't understand why.

somepasswordfile.txt

account1,password1,Location: http://www.somesite.com/account1.php
account2,password2,Location: http://www.somesite.com/account2.php
account3,password3,Location: http://www.somesite.com/account3.php
account4,password4,Location: http://www.somesite.com/account4.php
account5,password5,Location: http://www.somesite.com/account5.php
account6,password6,Location: http://www.somesite.com/account6.php
account7,password7,Location: http://www.somesite.com/account7.php
account8,password8,Location: http://www.somesite.com/account8.php
account9,password9,Location: http://www.somesite.com/account9.php
account10,password10,Location: http://www.somesite.com/account10.php

num1.php

<?php 
session_start(); 
extract( $_POST );
if ( !$USERNAME || !$PASSWORD ) {

        accessDenied();
}
if ( !( $file = fopen( "somepasswordfile.txt", "r" ) ) ) {
              $errorMessage = 'Error<br />Could not open password file.'; 
               die();
            }
$userVerified = 0;
while ( !feof( $file ) && ($userVerified < 1) ) {
               $line = fgets( $file, 200 );
				$line = chop( $line );		   

               $field = explode( ",", $line );
		if ($USERNAME == $field[ 0 ] ) {

			if ( checkPassword( $PASSWORD, $field[1] ) == true ) {
$userVerified=1;
                     accessGranted( $USERNAME,$field[2] ); }
                 else   

                     accessDenied();

	   }
}

fclose( $file );
if ($USERNAME != $field[0]) {
accessDenied();
}

function checkPassword( $userpassword, $filedata )
         {
            if ( $userpassword == $filedata )
               return true;
            else
               return false;
         }
function accessGranted( $name,$link ) {
 $_SESSION['username'] = $name;
 header($link);
         }
function accessDenied() {
header('Location: http://www.somesite.com/clientlogin.html');
 }

?>
<html><head></head><body></body></html>

num2.php

<?php
session_start();
$client = 'clientname';
if ($_SESSION['username'] == $client) 
    {
   echo "Valid session ";
   echo $_SESSION['username'];
   }
   else {

   echo $_SESSION['username']; 
}

?>
<html><head></head><body></body></html>

😕

Piranha

Do you use the value of submit somewhere? I know that some browsers don't send it if you have it with the button, use a hidden field instead.

motherHubbard

I use a submit button in the form that posts to num1.php
but, IE5 & IE6 are getting that information. If they get the info in num1 would the submit effect what gets to num2 when no post or submit is used to get to that page?
If so, I have seen information on hidden fields & tried it with no effect. Either it didn't matter or I wasn't doing it right. The html form I'm using is in the very first post I did. How & where would I apply a hidden field?
Thanks!

Piranha

I'm sorry, but I can't be bothered to read through all the thread. I have only glanced at the thread.

What I mean is that if you want to check if the form was submitted you should NOT use this:

<form action="page2.php">
  <input type="submit" name="submitted" value="ok"/>
</form>

Instead you should do it like this:

<form action="page2.php">
  <input type="hidden" name="submitted" value="ok"
  <input type="submit" value="ok"/>
</form>

Or you could just check if the fields that you need are set.

motherHubbard

I know that the form submitted properly because in my test I put echo $name $link in the accessGranted function and every browser (out of the 12 I tested), including IE5 & IE6, responded correctly based on what I entered in the login page.

The issue is that the variable is not getting passed to the 2nd php page in IE5 & IE6 only.

paulnaj

Hi again,

When you say IE6, do you mean a computer that only has IE6 on it, or do you mean you're using a standalone IE6 alongside IE7?

If it's standalone, then that's the problem. I use IE5, IE6 standalones (just to check HTML and CSS) and cookies/sessions don't work at all on them.

There maybe ways of fixing the installs so that cookies and sessions work. Here's an example http://tredosoft.com/Multiple_IE

Paul.

motherHubbard

If you hear a loud thumping, it is me banging my head against a wall.
That is exactly the issue! I had a friend who is still running IE6 test it & it worked fine. Thanks for the link, I will investigate that further.
Paul... you are the man!