strangest error

[reportingsjr]

I have a login script and works fine, at least in every rowser but IE. For some reason it doesnt set the user as login, it says on my login page "login succesful" but when it tries to redirect, it is logged out. Is this because IE uses its own sessions and cookies? Anyways, here is my scripts:auto login script (says yes):

	 /* Login attempt */	  $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));	  echo "<font color='gray'>";	  /* Login successful */	  if($retval){		 header("Location: excibius/index.php");	 echo "<meta http-equiv='refresh' content='0;excibius/index.php'>";	 echo "Sucessful login!";	  }	  /* Login failed */	  else{		 $_SESSION['value_array'] = $_POST;		 $_SESSION['error_array'] = $form->getErrorArray();		 header("Location: /welcome.php");	 echo "Login failed :(.";	 echo "<meta http-equiv='refresh' content='0;/welcome.php'>";	  }	  echo "</font>";

actual logging in script:

	  global $database, $form;  //The database and form object	  /* Username error checking */	  $field = "user";  //Use field name for username	  if(!$subuser || strlen($subuser = trim($subuser)) == 0){		 $form->setError($field, "* Username not entered");	  }	  else{		 /* Check if username is not alphanumeric */		 if(!eregi("^([0-9a-z])*$", $subuser)){			$form->setError($field, "* Username not alphanumeric");		 }	  }	  /* Password error checking */	  $field = "pass";  //Use field name for password	  if(!$subpass){		 $form->setError($field, "* Password not entered");	  }	  	  /* Return if form errors exist */	  if($form->num_errors > 0){		 return false;	  }	  /* Checks that username is in database and password is correct */	  $subuser = stripslashes($subuser);	  $result = $database->confirmUserPass($subuser, md5($subpass));	  /* Check error codes */	  if($result == 1){		 $field = "user";		 $form->setError($field, "* Username not found");	  }	  else if($result == 2){		 $field = "pass";		 $form->setError($field, "* Invalid password");	  }	  	  /* Return if form errors exist */	  if($form->num_errors > 0){		 return false;	  }	  /* Username and password correct, register session variables */	  $this->userinfo  = $database->getUserInfo($subuser);	  $this->username  = $_SESSION['username'] = $this->userinfo['username'];	  $this->userid	= $_SESSION['userid']   = $this->generateRandID();	  $this->userlevel = $this->userinfo['userlevel'];	  	  /* Insert userid into database and update active users table */	  $database->updateUserField($this->username, "userid", $this->userid);	  $database->addActiveUser($this->username, $this->time);	  $database->removeActiveGuest($_SERVER['REMOTE_ADDR']);	  /**	   * This is the cool part: the user has requested that we remember that	   * he's logged in, so we set two cookies. One to hold his username,	   * and one to hold his random value userid. It expires by the time	   * specified in constants.php. Now, next time he comes to our site, we will	   * log him in automatically, but only if he didn't log out before he left.	   */	  if($subremember){		 setcookie("cookname", $this->username, time()+COOKIE_EXPIRE, COOKIE_PATH);		 setcookie("cookid",   $this->userid,   time()+COOKIE_EXPIRE, COOKIE_PATH);	  }	  /* Login completed successfully */	  return true;

Now, to check if its logged in it checks if the variable $logged_in (in the session class) is true, appparently its getting set as false. Can anyone seee why?

[justsomeguy]

IE has issues with starting a session or setting a cookie followed by a redirect header. Use this function to do your redirection:

function session_redirect ($url = ""){  function _safe_set (&$var_true, $var_false = "")  {	if (!isset ($var_true))	$var_true = $var_false;  }  $parse_url = parse_url ($url);  _safe_set ($parse_url["scheme"], $_SERVER["HTTPS"] ? "https" : "http");  _safe_set ($parse_url["host"], $_SERVER['HTTP_HOST']);  _safe_set ($parse_url["path"], "");  _safe_set ($parse_url["query"], "");  _safe_set ($parse_url["fragment"], "");  if (substr ($parse_url["path"], 0, 1) != "/")  {	$parse_url["path"] = dirname ($_SERVER['PHP_SELF']) . "/" . $parse_url["path"];  }  if ($parse_url["query"] != "")  {	$parse_url["query"] = $parse_url["query"] . "&";  }  $parse_url["query"] = "?" . $parse_url["query"] .						session_name () . "=" .						strip_tags (session_id ());  if ($parse_url["fragment"] != "")  {	$parse_url["fragment"] = "#" . $parse_url["fragment"];  }  $url = $parse_url["scheme"] . "://" . $parse_url["host"] .		 $parse_url["path"] . $parse_url["query"] .		 $parse_url["fragment"];  #session_write_close ();  write_session();  header ("Location: " . $url);  exit;}

[reportingsjr]

hmm, ill try it. Thanks! ut why does it exit?

[reportingsjr]

Well, it works in IE now, but its not redirecting at all. Plus its not displaying any of the text I have .

[justsomeguy]

I might need to see the code, it should be redirecting to whatever page you are trying to get to. So, instead of this:header("Location: excibius/index.php");You should have this:session_redirect("excibius/index.php");The exit is there to stop the script. Since you are sending a redirect header anything else you send will not be displayed anyway, so it might as well just stop there.

[reportingsjr]

Thats exactly what I did, check out my site (log in name is blehe and password is blehe) and try to log in. It doesnt redirect...

[justsomeguy]

There's no link to your site. I believe you that it doesn't redirect though. In looking at your code above, you have an echo statement above the redirect, and I'm assuming you have errors turned off. You cannot echo or print anything before sending a header unless you have output buffering turned on. Remove all of the output above your redirects and see if it works. Change it to something like this:

	  /* Login attempt */	  $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));	  /* Login successful */	  if($retval){		session_redirect("excibius/index.php");	  }	  /* Login failed */	  else{		$_SESSION['value_array'] = $_POST;		$_SESSION['error_array'] = $form->getErrorArray();		session_redirect("/welcome.php");	  }

If that still doesn't work, try using the absolute path to redirect to instead of a relative path.

[reportingsjr]

Do'h! Ill try that. Some times you just forget..link to site:http://excibius.comsorry! Right now I would just like it to be IE accessible so more people will play my game .EDIT:Nope, that doesnt work either . I think it might be the function... Let me check again.Thanks so far though!

[justsomeguy]

If you're still having problems, go ahead and post as much as you can for the login/redirect pages. I have a feeling that errors are disabled and you are getting an error but not seeing it.

[reportingsjr]

hmm, okay.session_redirect function:

   function session_redirect ($url = "")   {	 function _safe_set (&$var_true, $var_false = "")	 {	   if (!isset ($var_true))	   $var_true = $var_false;	 }	 $parse_url = parse_url ($url);	 _safe_set ($parse_url["scheme"], $_SERVER["HTTPS"] ? "https" : "http");	 _safe_set ($parse_url["host"], $_SERVER['HTTP_HOST']);	 _safe_set ($parse_url["path"], "");	 _safe_set ($parse_url["query"], "");	 _safe_set ($parse_url["fragment"], "");	 if (substr ($parse_url["path"], 0, 1) != "/")	 {	   $parse_url["path"] = dirname ($_SERVER['PHP_SELF']) . "/" . $parse_url["path"];	 }	 if ($parse_url["query"] != "")	 {	   $parse_url["query"] = $parse_url["query"] . "&";	 }	 $parse_url["query"] = "?" . $parse_url["query"] .						   session_name () . "=" .						   strip_tags (session_id ());	 if ($parse_url["fragment"] != "")	 {	   $parse_url["fragment"] = "#" . $parse_url["fragment"];	 }   	 $url = $parse_url["scheme"] . "://" . $parse_url["host"] .			$parse_url["path"] . $parse_url["query"] .			$parse_url["fragment"];	 #session_write_close ();	 write_session();	 header ("Location: " . $url);	 exit;   }

login function:

   /**	* procLogin - Processes the user submitted login form, if errors	* are found, the user is redirected to correct the information,	* if not, the user is effectively logged in to the system.	*/   function procLogin(){	  global $session, $form;	  /* Login attempt */	  $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));	  echo "<font color='gray'>";	  /* Login successful */	  if($retval){		 session_redirect("excibius/index.php");	 echo "Sucessful login!";	 echo "<br />We are sorry for the trouble, but while trying to make this game work for Internet Explorer we have had to do the way we redirect to pages. Right now it isnt working, so you will just need to 	 hit the \"home\" button above this text. Either that, or you can refresh the page or go to Excibius.com<br />Again, we are sorry and we are trying to get this fixed! You will see other various problems	 with the site while we try to make it compatible with Internet Explorer. Sorry!";	  }	  /* Login failed */	  else{		 $_SESSION['value_array'] = $_POST;		 $_SESSION['error_array'] = $form->getErrorArray();		 session_redirect("/welcome.php");	 echo "Login failed :(.";	  }	  echo "</font>";   }

Ummm, thats all that really deals with login! I will try several things here..

[justsomeguy]

You're still trying to send HTML output. Either send HTML output, or redirect, but you can't send HTML output first, and then try to redirect. There's no point to sending HTML output after you redirect, because they won't see it because the page will have redirected. Use this function:

   /**	* procLogin - Processes the user submitted login form, if errors	* are found, the user is redirected to correct the information,	* if not, the user is effectively logged in to the system.	*/   function procLogin(){	  global $session, $form;	  /* Login attempt */	  $retval = $session->login($_POST['user'], $_POST['pass'], isset($_POST['remember']));	  /* Login successful */	  if($retval){		 session_redirect("excibius/index.php");	  }	  /* Login failed */	  else{		 $_SESSION['value_array'] = $_POST;		 $_SESSION['error_array'] = $form->getErrorArray();		 session_redirect("/welcome.php");	  }   }

Also, make sure that before the procLogin function is called, that no HTML output is being sent to the browser, like a menu, or a <head>, or a doctype or anything else. If any output at all gets sent, the redirect will not work. The reason is because the redirection uses an HTTP header to specify the location, and if you send any output to the browser, all headers get sent before it. So, this code is actually triggering an error that says something like "cannot send header. headers already sent by output starting at <line #>", but you are not seeing the message because errors are disabled.The only other thing you can do, if you insist on trying to send output before a header, is to use output buffering. It will slow things down a little bit, and may run into problems on larger pages, but you can use output buffering to not send any output at all until you tell it to.

[reportingsjr]

Do you think it would matter if this was in a frame? I think that could be the issue. The page with all this in it doesnt have any html, but its in a frame..

[justsomeguy]

When the server sends the page inside the frame, the first thing it sends are the headers. If one of those headers is a Location header, then the browser will ask for the next page. If that page sends any HTML before you send that redirect header, the header will never be sent.It might be a good idea to enable error messages until you get this worked out, it would make the debugging quicker. Or, one thing you can do is inside the session_redirect function, have it echo something out, with newlines, something like this:echo "*\n\n\n**********redirect**********\n\n\n";Log in, look at the HTML source for the page, and if that line does not show up on the very top of the generated source, then you are sending output before you redirect.

The page with all this in it doesnt have any html, but its in a frame..

That's not true, the function you were originally using was outputting HTML.

[reportingsjr]

I had it echo out, and oddly enough nothing got echoed! I think that the function isnt running at all.. Hmm, you find anything wrong?Oh yeah, I tried echoing it out in the procLogin function and that worked... Hmm, so its not even running .

[justsomeguy]

There's nothing wrong with the function itself. Post all the code that gets executed before the function runs. Or send it to me. Or enable error messages. If the problem is that the function doesn't get executed, I can't tell what the reason is unless I can look at the code.

[Guest darkninja]

Hi, I'm kinda new but I've had an issue similiar to that one before.The problem I had was I didnt put this -

session_start();

Hope that helps lol

[reportingsjr]

darkninja, no, thats not it. If it was that then I would know.Anyways, all the code up here is the only stuff that uses this function, and there is not one piece of html! soooo, I need to figure this out to release my game, and I dont understand/see anything wrong with this function.

[justsomeguy]

The code you've posted is not enough to execute. I think you're leaving out a fair amount of code, and I'm almost positive that the problem is that you are sending the headers prematurely.Use this on the top of your page:ini_set("display_errors", 1);error_reporting(E_ALL);