0

I have a simple loginpage that shows a username and password login section and when the login button is pressed the form data gets sent back to the page for processing. If the data is valid and they`ve logged in successfully it directs them to a homepage, if not it shows them the login screen again and tells them what they did wrong (incorrect password, empty field, etc).

My problem is that for certain browsers (Chrome and Opera) the form needs to be submitted twice in order for the data to be set(Literally set, I've checked this using isset, empty & is_null checks).

I've read that there have been problems with this before on certain browsers (Chrome & IE), but the only other solution I found was to use javascript to pass the information instead. Is there anything I can do to make the form more "browser friendly"?

Update 1

Here's the form, its as basic as you can get, nothing special about it.

<form action="loginpage.php" method="POST">
Username: <input type="text" name="Username" autofocus="autofocus" />
<br/>
Password: <input type="password" name="Password" />
<br/>
<input type="submit" name="submit" />
</form>

Update 2

PHP Code

if (isset($_POST['submit']))
{
    if ($_POST['Username']=="" || $_POST['Password']=="")
    {
        echo '<script type="text/javascript">';
        echo "window.alert('You did not fill in a required field.')";
        echo "</script>";
    }
    else
    {
        $username = $_POST['Username'];
        $password = $_POST['Password'];

        $sql = "SELECT * FROM Logins WHERE `Username` = '$username'";
        $validate = mysql_query($sql);

        while ($check = mysql_fetch_array($validate))
        {
            if ($password != $check['Password'])
            {
                echo "<script type='text/javascript'>";
                echo "window.alert('password was incorrect.')";
                echo "</script>";
            }
            else
            {
                header("Location: streaming/videosearch.php?order=dated&q=*");
            }
        }
    }
}
Cœur
  • 37,241
  • 25
  • 195
  • 267
Mason
  • 139
  • 1
  • 12
  • 4
    `Is there anything I can do to make the form more "browser friendly"?` No idea - without seeing the code... – Nick R Jul 05 '13 at 14:45
  • can you show us the form code? – WayneC Jul 05 '13 at 14:45
  • As I stated, its as simple as it gets, I posted it though. – Mason Jul 05 '13 at 14:54
  • 1
    That's just the form html, post the `php` code too. – Nick R Jul 05 '13 at 14:54
  • Added the php code, although I don't think it would be an issue as it works find on IE and Firefox – Mason Jul 05 '13 at 15:02
  • from your description it seems that form is submitted but the $_POST on server is empty? you can try chrome developer tools (ctr+shift+I) to see what is actually being posted. – fsw Jul 05 '13 at 15:42
  • 1
    You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jul 05 '13 at 19:52
  • I realize that I'm using an obsolete database API, thats because the version of php thats on the server is outdated. Thanks for reminding me though, I really should get used to the new API so that when we do update its not a huge issue. As for the SQL injection attacks, I realize that, I was just working on the functionality part of the page first and have already added the mysql_real_escape_string() function and am working on restricting the characters that can be used in the text and password input boxes. – Mason Jul 08 '13 at 15:18

2 Answers2

1

Try adding a value attribute to the submit button. It occurs to me that without even a blank value, some browsers might not send the submit button back in the POST:

<input type="submit" value="login" name="submit" />

Also, try printing out the contents of the $_POST superglobal to help debug:

print_r($_POST);
Nathaniel Granor
  • 326
  • 1
  • 9
  • Thanks, the value wasn't the problem, but the print_r($_POST) revealed that the variables were being sent as lowercase despite being Propercase. Never came across that before, but now I know. – Mason Jul 05 '13 at 19:34
0

Solution by OP.

The variables were being sent as lowercase despite being Propercase.

Solution: Never put capital letters in the names of the form elements.

Cœur
  • 37,241
  • 25
  • 195
  • 267