mardi 22 décembre 2015

php not able to read if condition / user logout on refresh

The main problem is that the user loggs of unintentionally when refreshing the page or pressing an update button. I found out through debugging that browsers (yes, I tested several different ones) won't read my if conditions correctly:

if(!empty($_POST)) {
if (isset($_POST['btnLogin'])) {

In this condition the $_SESSION objects are set, so that the user won't stay logged in. The code runs on a mobile web page (subdomain, php 5.4) in a one page design. On the main homepage (not one page-design), the code runs perfectly stable. I asked a friend to look at this problem and researched for hours, with no result. I also checked, if theres anywhere a session_destroy operation in the code. Thx for the help.

<?php
require_once("models/config.php");

$debug=array(); 


if (isset($_POST["btnLogoff"]) ) 
{
if(isUserLoggedIn()) {$loggedInUser->userLogOut();};
}


$debug[]="before";

if(!empty($_POST)) {
$debug[]="before 2";
if (isset($_POST['btnLogin'])) {
    $errors = array();
    $username = trim($_POST["username"]);
    $password = trim($_POST["password"]);
    $remember_choice = trim($_POST["remember_me"]);

 $debug[]="after";


    //Perform some validation
    //Feel free to edit / change as required
    if($username == "")
    {
        $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
    }
    if($password == "")
    {
        $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
    }

    //End data validation
    if(count($errors) == 0)
    {
        //A security note here, never tell the user which credential was incorrect
        if(!usernameExists($username))
        {
            $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
        }
        else
        {
            $userdetails = fetchUserDetails($username);

            //See if the user's account is activation
            if($userdetails["active"]==0)
            {
                $errors[] = lang("ACCOUNT_INACTIVE");
            }
            else
            {
                //Hash the password and use the salt from the database to compare the password.
                $entered_pass = generateHash($password,$userdetails["password"]);

                if($entered_pass != $userdetails["password"])
                {
                    //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
                    $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
                }
                else
                {
                    //passwords match! we're good to go'

                    //Construct a new logged in user object
                    //Transfer some db data to the session object
                    $loggedInUser = new loggedInUser();
                    $loggedInUser->email = $userdetails["email"];
                    $loggedInUser->user_id = $userdetails["user_id"];
                    $user_id = $userdetails["user_id"];
                    $loggedInUser->hash_pw = $userdetails["password"];
                    $loggedInUser->display_username = $userdetails["username"];
                    $loggedInUser->clean_username = $userdetails["username_clean"];
                    $loggedInUser->strasse = $userdetails["strasse"];
                    $loggedInUser->anrede = $userdetails["anrede"];
                    $loggedInUser->vorname = $userdetails["vorname"];
                    $loggedInUser->name = $userdetails["name"];
                    $loggedInUser->plz = $userdetails["plz"];
                    $loggedInUser->ort = $userdetails["ort"];
                    $loggedInUser->geb_dat = $userdetails["geb_dat"];
                    $loggedInUser->tel_p = $userdetails["tel_p"];
                    $loggedInUser->tel_mob = $userdetails["tel_mob"];
                    $loggedInUser->tel_g = $userdetails["tel_g"];
                    $loggedInUser->eintritts_jahr = $userdetails["eintritts_jahr"];
                    $loggedInUser->vorstand = $userdetails["vorstand"];
                    $loggedInUser->vorstand_fkt = $userdetails["vorstand_fkt"];
                    $loggedInUser->mitgl_typ = $userdetails["mitgl_typ"];
                    $loggedInUser->fruhere_jahre = $userdetails["fruhere_jahre"];
                    $loggedInUser->anz_volker = $userdetails["anz_volker"];
                    $loggedInUser->beitrag_bez = $userdetails["beitrag_bez"];
                    $loggedInUser->last_sign_in = $userdetails["last_sign_in"];
                    $loggedInUser->systemVar = $userdetails["system"];
                    $loggedInUser->counter_showdata = "0";   
                    $loggedInUser->group_id = $userdetails["group_id"];


                    $loggedInUser->remember_me = $remember_choice;
                    $loggedInUser->remember_me_sessid = generateHash(uniqid(rand(), true));

                            $debug[]=$remember_choice;
                            $debug[]="test2";
                    if($loggedInUser->remember_me == 0)
                    $_SESSION["userPieUser"] = $loggedInUser;
                    else if($loggedInUser->remember_me == 1) {
                    $db->sql_query("INSERT INTO ".$db_table_prefix."sessions VALUES('".time()."', '".serialize($loggedInUser)."', '".$loggedInUser->remember_me_sessid."')");
                    setcookie("userPieUser", $loggedInUser->remember_me_sessid, time()+parseLength($remember_me_length));
                    }


                    //Update last sign in
                    $last_sign_in = time();
                    $sql = "UPDATE Bienenusers 
                            SET last_sign_in = '".$last_sign_in."' 
                            WHERE user_id = '".$db->sql_escape(sanitize($user_id))."' "    ;                        

                    $result=$db->sql_query($sql);

                    if (!$result) 
                    {
                        $errors[]="Letztes Login-Datum aktualisieren fehlgeschlagen!";
                        die (mysql_error());
                    };


                    //Redirect to user account page
                    header("Location: home.php#Mitgliederbereich");
                    die();
                }
            }
        }
    }
}
}

And here the config file:

<?php
/*
    UserPie Version: 1.0
    http://userpie.com


*/

if(is_dir("install/"))
{
    header("Location: install/");
    die();
}

require_once("settings.php");

//Dbal Support - Thanks phpBB ; )
require_once("db/".$dbtype.".php");

//Construct a db instance
$db = new $sql_db();
if(is_array($db->sql_connect(
                        $db_host, 
                        $db_user,
                        $db_pass,
                        $db_name, 
                        $db_port,
                        false, 
                        false
))) {
    die("Unable to connect to the database");
}

if(!isset($language)) $langauge = "ger";

require_once("lang/".$langauge.".php");
require_once("class.user.php");
require_once("class.mail.php");
require_once("funcs.user.php");
require_once("funcs.general.php");
require_once("class.newuser.php");

//require_once("funcs.events.php");
//require_once("class.newevent.php");

session_start();

//Global User Object Var
//loggedInUser can be used globally if constructed
if(isset($_SESSION["userPieUser"]) &&   is_object($_SESSION["userPieUser"]))
$loggedInUser = $_SESSION["userPieUser"];
else if(isset($_COOKIE["userPieUser"])) {
$db->sql_query("SELECT session_data FROM ".$db_table_prefix."sessions WHERE session_id = '".$_COOKIE['userPieUser']."'");
$dbRes = $db->sql_fetchrowset();
if(empty($dbRes)) {
$loggedInUser = NULL;
setcookie("userPieUser", "", -parseLength($remember_me_length));
}
else {
$obj = $dbRes[0];
$loggedInUser = unserialize($obj["session_data"]);
}
}
else {
$db->sql_query("DELETE FROM ".$db_table_prefix."sessions WHERE ".time()." >= (session_start+".parseLength($remember_me_length).")");
$loggedInUser = NULL;
}



?>

Aucun commentaire:

Enregistrer un commentaire