0

The following code works on my university server just fine but doesn't work on a private one that I have paid for.

The problem lies in the: 

            header("Location: products.php");
        }
    } else {
        echo "Invalid username or password!";
    }

If I enter the wrong name/password the code echo's as expected. But if the user enters their details correctly, nothing happens at all!

I am new to PHP so I don't know where to start to troubleshoot but I have tried replacing the "header("Location: products.php");" with an echo but with no avail still.

I have also considered that the PHPmyadmin servers might be different versions or the character encoding might be causing some of this trouble.

Here is the full code.

Any help would be absolutely appreciated!

<?php

if(isset($_POST["submit"])){
    $user=$_POST['user'];
    $pass=$_POST['pass'];
    $username = "";
    $password = "";
    $hostname = ""; 
    $md5pass = md5($pass);

    //connection to the database
    $dbhandle = mysqli_connect($hostname, $username, $password);

    $con=mysql_connect($hostname, $username, $password) or die(mysql_error());
    $select=mysql_select_db("l1233156", $con) or die("cannot select DB");

    $query=mysql_query("SELECT * FROM login WHERE username='".$user."' AND password='".$md5pass."'");
    $numrows=mysql_num_rows($query);
    if($numrows!=0)
    {
        while($row=mysql_fetch_assoc($query))
        {
            $dbusername=$row['username'];
            $dbpassword=$row['password'];
        }

        if($user == $dbusername && $md5pass == $dbpassword)
        {
            session_start();
            $_SESSION['sess_user']=$user;

            /* Redirect browser */
            header("Location: products.php");
        }
    } else {
        echo "Invalid username or password!";
    }
}
?><!doctype html> 
<html>
<head>
<title>Login</title>
<link rel="stylesheet" href="main.css"/>
</head>
<body>
<div class="center">
<p><a href="register.php">Register</a> | <a href="login.php">Login</a></p>
<h3>Login Form</h3>
<form action="" method="POST">
Username: <input type="text" name="user"><br />
Password: <input type="password" name="pass"><br /> 
<input type="submit" value="Login" name="submit" />
</form>
</div>
</body>
</html>

EDIT: This is what I managed to grab from the error logs.

[Mon Jul 14 10:30:34.134187 2014] [autoindex:error] [pid 28718:tid 140153014126336] [client 86.153.7.34:55032] AH01276: Cannot serve directory /home/joesadmin123/public_html/productreviews/: No matching DirectoryIndex (index.html.var,index.htm,index.html,index.xhtml,index.wml,index.perl,index.pl,index.plx,index.ppl,index.cgi,index.jsp,index.js,index.jp,index.php4,index.php3,index.php,index.phtml,index.shtml,default.htm,default.html,home.htm,index.php5,Default.html,Default.htm,home.html,welcome.html) found, and server-generated directory index forbidden by Options directive

War10ck
  • 12,387
  • 7
  • 41
  • 54
Joe D
  • 49
  • 9
  • 2
    I would suggest you to look in the logs it might be error of any kind. Find some logs and paste them here in your question. Is it possible that the URL of your server and the other to have different structure? This way redirect from /mysite/index.php to /mysite/products.php for example may cause you trouble, while you may expect it to be on /products.php. – Rolice Jul 14 '14 at 18:40
  • 7
    Why are you trying to use both `mysqli_*` *and* `mysql_*` functions? Also, you're wide open to SQL injection attacks. Indenting your code to be human-readable would also help you find logical errors. – David Jul 14 '14 at 18:43
  • 1
    Move your session_start() up to the top of your document. – Jim Jul 14 '14 at 18:43
  • sorry guys I'm extremely fresh to PHP! How can I view the logs of what is going on? firefox and chromes inspect element doesn't show anything. and I've tried that @jim – Joe D Jul 14 '14 at 18:53
  • The logs they speak of are on the server itself. Assuming the server is *nix-based, try executing `locate php.log` on the command prompt. That log file is usually the place you want to look. Again, assuming *nix, learn about the `tail` command if you don't already, particularly `tail -f`. – Starson Hochschild Jul 14 '14 at 19:23
  • I think I found them, they're in the edit @StarsonHochschild – Joe D Jul 14 '14 at 19:25
  • This means your server cannot locate a folder named productreviews, nor index file inside, and directory browsing is formbidden with `Option -Indexes`. I think this is another problem of your website, but not the one you are searching for. Try searching these logs for phrases like *products.php*, *mysql* and related ones that might mean something useful, related to the page you have posted above. In addition I would suggest to try opening products.php manually to verify the problem is outside that page. – Rolice Jul 14 '14 at 20:12
  • And at the end, I would suggest you to start using frameworks like **Laravel**, **Kohana**, **CodeIgniter**, at first. You are free to inspect, learn and use their code. So see how they work, then start writing code from the scratch. They will provide you with solid and secure base, which you currently do not have. – Rolice Jul 14 '14 at 20:16
  • Try adding `exit();` one line after your `header("Location: products.php");` call, still within the `if($user == $dbusername && $md5pass == $dbpassword) {}` block. This will ensure that nothing is output after the redirect header is sent, which can sometimes cause issues. – Starson Hochschild Jul 14 '14 at 20:39
  • I will definitely look into those frameworks @rolice thank you. I tried using exit(); and that didn't work either unfortunately. I'm starting to think it might be a different problem, if I replace header("Location: products.php"); with echo "this works!"; nothing happens still, so maybe the code isn't getting executed? – Joe D Jul 14 '14 at 22:07
  • On the top of your file `error_reporting(E_ALL); ini_set('display_errors', 'yes');` – Rolice Jul 15 '14 at 06:06
  • What happens if you comment out `session_start();` and `$_SESSION['sess_user']=$user;`? You can also try adding an `else` to `if($user == $dbusername && $md5pass == $dbpassword)`. Just echo something out in the else. Logically I don't see how this `else` could ever happen, but when you're stuck like this it's worth exploring every path you can think of. – Starson Hochschild Jul 15 '14 at 11:14
  • thank you all for the help, it turns out I was looking in the wrong place for the error. There was a problem with my tables and not with the PHP so after amending my tables everything works as expected! But I will definitely look into mysql injection. – Joe D Jul 16 '14 at 17:09

1 Answers1

0

- try using meta tag refresh -

<?php
if($user == $dbusername && $md5pass == $dbpassword)
{
session_start();
$_SESSION['sess_user']=$user;
?>
<html>
  <head>
    <META http-equiv="refresh" content="5;URL=/<?php echo 'products.php'; ?>">
  </head>
  <body>
  </body>
</html>
<?php
}
?>
Rolice
  • 3,063
  • 2
  • 24
  • 32
AbhishekTaneja
  • 111
  • 5