2

I am trying to add a simple login to a website and had it working perfectly on my localhost XAMPP server but now when uploaded to my website I am able to register new users but when I go to login the page just goes blank.

 <?php
$error = '';
if (isset($_POST['login'])) {
    session_start();
    $username = trim($_POST['username']);
    $password = trim($_POST['pwd']);
    // location to redirect on success
    $redirect = './adminArea_db.php';
    require_once('./includes/authenticate_pdo.inc.php');
}
?>
 <!DOCTYPE HTML>
 <html>
 <link href="css/screen.css" rel="stylesheet" media="screen" />
    <meta charset="utf-8">
    <title>Login</title>
</head>

 <body>
 <div id="main">
<?php
 if ($error) {
 echo "<p>$error</p>";
 } elseif (isset($_GET['expired'])) { 
?>
 <p>Your session has expired. Please log in again.</p>
 <?php } ?>
 <form id="form1" method="post" action="">
   <p>
    <label for="username">Username:</label>
    <input type="text" name="username" id="username" value="">
    </p>
     <p>
    <label for="pwd">Password:</label>
    <input type="password" name="pwd" id="pwd">
     </p>
     <p>
    <input name="login" type="submit" id="login" value="Log in">
   </p>
    </form>
   </div>
     </body> 
    </html>

Any ideas?

Found some errors in my error_log, not sure if useful?

[11-Feb-2014 20:48:52 Europe/London] PHP Warning:  session_start()   [<ahref='function.session-start'>function.session-start</a>]: Cannot send session cookie - headers already sent by (output started at /home/georgepa/public_html/login_db.php:2) in /home/georgepa/public_html/login_db.php on line 6
[11-Feb-2014 20:48:52 Europe/London] PHP Warning:  session_start() [<a href='function.session-start'>function.session-start</a>]: Cannot send session cache limiter - headers already sent (output started at /home/georgepa/public_html/login_db.php:2) in /home/georgepa/public_html/login_db.php on line 6
[11-Feb-2014 20:48:52 Europe/London] PHP Warning:  session_regenerate_id() [<a href='function.session-regenerate-id'>function.session-regenerate-id</a>]: Cannot regenerate session id - headers already sent in /home/georgepa/public_html/includes/authenticate_pdo.inc.php on line 28
[11-Feb-2014 20:48:52 Europe/London] PHP Warning:  Cannot modify header information - headers already sent by (output started at /home/georgepa/public_html/login_db.php:2) in /home/georgepa/public_html/includes/authenticate_pdo.inc.php on line 29

Think there is a problem with my authenticate_pdo.inc.php file...

  <?php
   require_once('./includes/connection.inc.php');
   $conn = dbConnect();
    // get the username's details from the database
    $sql = 'SELECT salt, pwd FROM users WHERE username = :username';
    // prepare statement
     $stmt = $conn->prepare($sql);
     // bind the input parameter
     $stmt->bindParam(':username', $username, PDO::PARAM_STR);
     // bind the result, using a new variable for the password
      $stmt->bindColumn(1, $salt);
     $stmt->bindColumn(2, $storedPwd);
       try{
       $stmt->execute();
       $stmt->fetch();
      }catch(PDOException $e){
       exit('problem reading from table users'.$e->getMessage());
      }

       dbClose($conn) ;
       // encrypt the submitted password with the salt and compare with stored password
       if (sha1($password . $salt) == $storedPwd) {
        $_SESSION['authenticated'] = 'admin'; // role of authenticated user
         $_SESSION['username']=$username;
         // get the time the session started
         $_SESSION['start'] = time();
         session_regenerate_id();
         header("Location: $redirect");
         exit;
        } else {
        // if no match, prepare error message
         $error = 'Invalid username or password';
        } 
      ?>
Isaac Bennetch
  • 10,266
  • 2
  • 27
  • 38
user3010383
  • 91
  • 1
  • 1
  • 12
  • 2
    First of all turn on error reporting. – Hast Feb 09 '14 at 19:40
  • How do I turn on error reporting? – user3010383 Feb 09 '14 at 19:56
  • 1
    Look here: http://stackoverflow.com/questions/6575482/how-do-i-enable-error-reporting-in-php and http://stackoverflow.com/questions/6127980/enabling-error-display-in-php-via-htaccess-only – Hast Feb 09 '14 at 20:02
  • Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator, webmaster@george-paterson.co.uk and inform them of the time the error occurred, and anything you might have done that may have caused the error. More information about this error may be available in the server error log. Additionally, a 500 Internal Server Error error was encountered while trying to use an ErrorDocument to handle the request. – user3010383 Feb 09 '14 at 20:06
  • This doesn't change enything. You need to get exact error message instead of 500 server error. Try this: http://stackoverflow.com/questions/2687730/how-can-i-make-php-display-the-error-instead-of-giving-me-500-internal-server-er – Hast Feb 09 '14 at 20:13
  • [Sun Feb 09 20:05:48 2014] [alert] [client 80.177.190.113] /home/georgepa/public_html/.htaccess: Invalid command 'php_flag', perhaps misspelled or defined by a module not included in the server configuration, referer: http://george-paterson.co.uk/login_db.php That make any sense? – user3010383 Feb 09 '14 at 20:27
  • That means your hosting doesn't allow changing php settings via `.htaccess`. Remove all php flags from it and use just ini_set and error_reporting(E_ALL) as explained on pages I've linked before. – Hast Feb 09 '14 at 20:34
  • [Tue Feb 11 20:45:50 2014] [alert] [client 80.177.190.113] /home/georgepa/public_html/.htaccess: Invalid command 'ini_set('display_errors',', perhaps misspelled or defined by a module not included in the server configuration – user3010383 Feb 11 '14 at 20:54
  • Also I can't find a php.ini file :( – user3010383 Feb 11 '14 at 20:58
  • php.ini file is not available on virtual hostings. `ini_set` is php function, it should be put at the start of your php script, forget about .htaccess for now. – Hast Feb 11 '14 at 21:25
  • Ok the site is not 500 erroring now. I have found more errors though and added them to the op. Also added another .php file used to authenticate the login. – user3010383 Feb 12 '14 at 11:34
  • finally we've got the error :) – Hast Feb 12 '14 at 13:00

2 Answers2

1

session_start() as well as session_regenerate_id() should be put at the start of the php script before any other output.

As it is not always possible you can set up output buffering by putting ob_start() at the beginning of your program.

It might be helpful for you to read these articles:

Hast
  • 8,664
  • 5
  • 42
  • 64
0

Remove any blanks before <?php.

tjati
  • 5,069
  • 3
  • 31
  • 49