The character encoding of the HTML document was not declared.

[jarv]

hi, on my site: http://m.slapp.me/
When I login, user: test pass: test

it checks the login against the database on a seperate page and then redirects if login successful but the URL stays the same, please help.

here is my checking page:

PHP Code:

<?php
ob_start();
$host="xxx"; // Host name
$username="xxx"; // Mysql username
$password="xxx"; // Mysql password
$db_name="xxx"; // Database name
$tbl_name="xxx"; // Table name


// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// Define $myusername and $mypassword
$myusername=$_POST['rsUser'];
$mypassword=$_POST['rsPass'];

// To protect MySQL injection (more detail about MySQL injection)
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);

$sql="SELECT * FROM $tbl_name WHERE rsUser='$myusername' and rsPass='$mypassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$num_rows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
// If result matched $myusername and $mypassword, table row must be 1 row


if ($num_rows > 0) {
session_start();
$_SESSION['login'] = "1";
$_SESSION['UserID'] = $row['UserID']; 
$rsUser = $row['rsUser'];
header ("Location: http://m.slapp.me/login_success.php?rsUser=$rsUser");
}
else {
$errorMessage = "Invalid Login";
session_start();
$_SESSION['login'] = '';
}

ob_end_flush();
?>

here is the page I end up on when successful

PHP Code:

<?
session_start();
if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {
header ("Location: index.php");
}
mysql_connect("xxx", "xxx", "xxx") or die(mysql_error());
mysql_select_db("xxx") or die(mysql_error());

$rsUser = $_REQUEST['rsUser'];
$query1 = mysql_query("SELECT * FROM rstarget INNER JOIN users ON users.UserID=rstarget.UserID WHERE currentTarget = '1'");
$row1 = mysql_fetch_array($query1);

$query3 = mysql_query("SELECT * FROM users WHERE rsUser = '$rsUser'");
$row3 = mysql_fetch_array($query3);

$TargetID = $row1['TargetID'];

$result1 = mysql_query("SELECT * FROM rstargetpictures WHERE TargetID = '$TargetID' AND PictureApproval = '1'");
$msg = $_REQUEST['msg'];
?>
<!DOCTYPE html> 
<html>

<head>
        <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1"> 
    <title>Multi-page template</title> 
    <link rel="stylesheet" href="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.css" />
    <script src="http://code.jquery.com/jquery-1.8.2.min.js"></script>
    <script src="http://code.jquery.com/mobile/1.2.0/jquery.mobile-1.2.0.min.js"></script>
    <script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-2434589-28']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
<script type="text/javascript">

  var _gaq = _gaq || [];
  _gaq.push(['_setAccount', 'UA-2434589-29']);
  _gaq.push(['_trackPageview']);

  (function() {
    var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
    ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
    var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
  })();

</script>
</head> 

    
<body> 

<!-- Start of first page: #one -->
<div data-role="page" id="success">

    <header data-role="header"data-theme="b">
        <h1>Slapp.ME</h1>
        <?php
if($_SESSION['UserID'] == '1'){
echo '<a href="#success" data-icon="home" class="ui-btn-right">Admin</a>';
}
?>
    </header><!-- /header -->

    <div data-role="content" >    
        Todays target is: <h2><?php echo $row1['TargetName']; ?></h2>
        <p><a href="#add" data-role="button" data-rel="dialog" data-transition="pop">Add Image</a></p>
        <p><a href="#" data-role="button" data-icon="star">Suggest new Target</a></p>    
        <p><a href="#" data-role="button" data-icon="star">View Profile</a></p>
        <p><a href="#" data-role="button" data-icon="star">Logout</a></p>
    
    </div><!-- /content -->
    
    <div data-role="footer" data-theme="d">
        <h4>Page Footer</h4>
    </div><!-- /footer -->
</div><!-- /page one -->

<!-- Start of third page: #add -->
<div data-role="page" id="add">

    <div data-role="header" data-theme="e">
        <h1>Add Image</h1>
    </div><!-- /header -->

    <div data-role="content" data-theme="d">    
        <h2>Login to Slapp.ME</h2>
        <div data-role="fieldcontain">
        <form id="login" name="form1" method="post" action="checklogin.php">
            <label for="name">Username:</label>
            <input type="text" name="rsUser" id="name" value=""  />
            <label for="name">Password:</label>
            <input type="password" name="rsPass" id="name" value=""  />
            <br />
            <button value="submit-value" name="submit" data-theme="b" type="submit" class="ui-btn-hidden" aria-disabled="false">Login</button>
        </form>
        </div>        
    </div><!-- /content -->
    
    <div data-role="footer">
        <h4>Page Footer</h4>
    </div><!-- /footer -->
</div><!-- /page popup -->


</body>

</html>

when logged in, the URL shows: http://m.slapp.me/checklogin.php it should be http://m.slapp.me/login_success.php as there is a redirect

[mlseim]

First, remove these lines (red) from the 1st script:

$errorMessage = "Invalid Login";
session_start();
$_SESSION['login'] = '';
}


In the 2nd script, change this line:

if (!(isset($_SESSION['login']) && $_SESSION['login'] != '')) {


To this:

if (isset($_SESSION['login'])) {
// logged in OK
}
else{
header ("Location: index.php");
exit;
}


Basically, don't even set a SESSION if they didn't log in correctly.


.

[jarv]

I have done that, it hasn't changed anything?!

[mlseim]

I guess I missed this part of your post:

Code:

when logged in, the URL shows: http://m.slapp.me/checklogin.php it should be http://m.slapp.me/login_success.php as there is a redirect

Looks like it's getting a script error.
Turn on PHP error reporting and see if you can get an answer to what it is.

This is what I get when I try to login:

undefined

There's a mistake somewhere, I can't see it.

[jarv]

how do I turn on PHP error reporting?

[jarv]

Ok I added:

PHP Code:

ini_set('display_errors',1); 
 error_reporting(E_ALL); 


To the login_susccess.php and check login.php pages

[Fou-Lu]

Start by removing the output buffering. Its not needed (ever really), and here you don't have any previous output so its not necessary.
You sure you are storing passwords without any type of hashing? If so, don't. If you are hashing, then you are not pulling any results, and therefore you have no redirect (or output) so it doesn't go anywhere.
Also change this:

PHP Code:

$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword); 


To this:

PHP Code:

if (ini_get('magic_quotes_gpc'))
{
    $myusername = stripslashes($myusername);
    $mypassword = stripslashes($mypassword); 
} 


Stripslashes should only occur if magic quotes are enabled. Otherwise I couldn't make my username \\FouLu\C$.
I'd take the querystring off that redirect and throw it into the sessions as well.