Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 7 of 7
  1. #1
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts

    Question The character encoding of the HTML document was not declared.

    hi, on my site: http://m.slapp.me/
    When I login, user: test pass: test

    it checks the login against the database on a seperate page and then redirects if login successful but the URL stays the same, please help.

    here is my checking page:

    PHP Code:
    <?php
    ob_start
    ();
    $host="xxx"// Host name
    $username="xxx"// Mysql username
    $password="xxx"// Mysql password
    $db_name="xxx"// Database name
    $tbl_name="xxx"// Table name


    // Connect to server and select databse.
    mysql_connect("$host""$username""$password")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    // Define $myusername and $mypassword
    $myusername=$_POST['rsUser'];
    $mypassword=$_POST['rsPass'];

    // To protect MySQL injection (more detail about MySQL injection)
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword);
    $myusername mysql_real_escape_string($myusername);
    $mypassword mysql_real_escape_string($mypassword);

    $sql="SELECT * FROM $tbl_name WHERE rsUser='$myusername' and rsPass='$mypassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $num_rows mysql_num_rows($result);
    $row mysql_fetch_array($result);
    // If result matched $myusername and $mypassword, table row must be 1 row


    if ($num_rows 0) {
    session_start();
    $_SESSION['login'] = "1";
    $_SESSION['UserID'] = $row['UserID']; 
    $rsUser $row['rsUser'];
    header ("Location: http://m.slapp.me/login_success.php?rsUser=$rsUser");
    }
    else {
    $errorMessage "Invalid Login";
    session_start();
    $_SESSION['login'] = '';
    }

    ob_end_flush();
    ?>

    here is the page I end up on when successful
    PHP Code:
    <?
    session_start
    ();
    if (!(isset(
    $_SESSION['login']) && $_SESSION['login'] != '')) {
    header ("Location: index.php");
    }
    mysql_connect("xxx""xxx""xxx") or die(mysql_error());
    mysql_select_db("xxx") or die(mysql_error());

    $rsUser $_REQUEST['rsUser'];
    $query1 mysql_query("SELECT * FROM rstarget INNER JOIN users ON users.UserID=rstarget.UserID WHERE currentTarget = '1'");
    $row1 mysql_fetch_array($query1);

    $query3 mysql_query("SELECT * FROM users WHERE rsUser = '$rsUser'");
    $row3 mysql_fetch_array($query3);

    $TargetID $row1['TargetID'];

    $result1 mysql_query("SELECT * FROM rstargetpictures WHERE TargetID = '$TargetID' AND PictureApproval = '1'");
    $msg $_REQUEST['msg'];
    ?>
    <!DOCTYPE html> 
    <html>

    <head>
            <meta charset="utf-8">
        <meta name="viewport" content="width=device-width, initial-scale=1"> 
        <title>Multi-page template</title> 
        <link rel="stylesheet" href="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.css" />
        <script src="http://code.jquery.com/jquery-1.8.2.min.js"></script>
        <script src="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.js"></script>
        <script type="text/javascript">

      var _gaq = _gaq || [];
      _gaq.push(['_setAccount', 'UA-2434589-28']);
      _gaq.push(['_trackPageview']);

      (function() {
        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
      })();

    </script>
    <script type="text/javascript">

      var _gaq = _gaq || [];
      _gaq.push(['_setAccount', 'UA-2434589-29']);
      _gaq.push(['_trackPageview']);

      (function() {
        var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
        ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
        var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
      })();

    </script>
    </head> 

        
    <body> 

    <!-- Start of first page: #one -->
    <div data-role="page" id="success">

        <header data-role="header"data-theme="b">
            <h1>Slapp.ME</h1>
            <?php
    if($_SESSION['UserID'] == '1'){
    echo 
    '<a href="#success" data-icon="home" class="ui-btn-right">Admin</a>';
    }
    ?>
        </header><!-- /header -->

        <div data-role="content" >    
            Todays target is: <h2><?php echo $row1['TargetName']; ?></h2>
            <p><a href="#add" data-role="button" data-rel="dialog" data-transition="pop">Add Image</a></p>
            <p><a href="#" data-role="button" data-icon="star">Suggest new Target</a></p>    
            <p><a href="#" data-role="button" data-icon="star">View Profile</a></p>
            <p><a href="#" data-role="button" data-icon="star">Logout</a></p>
        
        </div><!-- /content -->
        
        <div data-role="footer" data-theme="d">
            <h4>Page Footer</h4>
        </div><!-- /footer -->
    </div><!-- /page one -->

    <!-- Start of third page: #add -->
    <div data-role="page" id="add">

        <div data-role="header" data-theme="e">
            <h1>Add Image</h1>
        </div><!-- /header -->

        <div data-role="content" data-theme="d">    
            <h2>Login to Slapp.ME</h2>
            <div data-role="fieldcontain">
            <form id="login" name="form1" method="post" action="checklogin.php">
                <label for="name">Username:</label>
                <input type="text" name="rsUser" id="name" value=""  />
                <label for="name">Password:</label>
                <input type="password" name="rsPass" id="name" value=""  />
                <br />
                <button value="submit-value" name="submit" data-theme="b" type="submit" class="ui-btn-hidden" aria-disabled="false">Login</button>
            </form>
            </div>        
        </div><!-- /content -->
        
        <div data-role="footer">
            <h4>Page Footer</h4>
        </div><!-- /footer -->
    </div><!-- /page popup -->


    </body>

    </html>
    when logged in, the URL shows: http://m.slapp.me/checklogin.php it should be http://m.slapp.me/login_success.php as there is a redirect

  • #2
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,471
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    First, remove these lines (red) from the 1st script:

    $errorMessage = "Invalid Login";
    session_start();
    $_SESSION['login'] = '';

    }


    In the 2nd script, change this line:

    if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {


    To this:

    if (isset($_SESSION['login'])) {
    // logged in OK
    }
    else{
    header ("Location: index.php");
    exit;
    }


    Basically, don't even set a SESSION if they didn't log in correctly.


    .

  • #3
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts
    I have done that, it hasn't changed anything?!

  • #4
    Master Coder
    Join Date
    Jun 2003
    Location
    Cottage Grove, Minnesota
    Posts
    9,471
    Thanks
    8
    Thanked 1,085 Times in 1,076 Posts
    I guess I missed this part of your post:

    Code:
    when logged in, the URL shows: http://m.slapp.me/checklogin.php it should be http://m.slapp.me/login_success.php as there is a redirect
    Looks like it's getting a script error.
    Turn on PHP error reporting and see if you can get an answer to what it is.

    This is what I get when I try to login:

    undefined

    There's a mistake somewhere, I can't see it.

  • #5
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts
    how do I turn on PHP error reporting?

  • #6
    Banned
    Join Date
    Mar 2007
    Posts
    1,523
    Thanks
    116
    Thanked 0 Times in 0 Posts
    Ok I added:
    PHP Code:
    ini_set('display_errors',1); 
     
    error_reporting(E_ALL); 
    To the login_susccess.php and check login.php pages

  • #7
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,987
    Thanks
    4
    Thanked 2,660 Times in 2,629 Posts
    Start by removing the output buffering. Its not needed (ever really), and here you don't have any previous output so its not necessary.
    You sure you are storing passwords without any type of hashing? If so, don't. If you are hashing, then you are not pulling any results, and therefore you have no redirect (or output) so it doesn't go anywhere.
    Also change this:
    PHP Code:
    $myusername stripslashes($myusername);
    $mypassword stripslashes($mypassword); 
    To this:
    PHP Code:
    if (ini_get('magic_quotes_gpc'))
    {
        
    $myusername stripslashes($myusername);
        
    $mypassword stripslashes($mypassword); 

    Stripslashes should only occur if magic quotes are enabled. Otherwise I couldn't make my username \\FouLu\C$.
    I'd take the querystring off that redirect and throw it into the sessions as well.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •