Log in problem

[Juraj256]

Hello,

i´m making simple website where users must log in to see pictures in photo album, using flat file database.

Problem is that only user who can log in is called admin. If I create user with any other name, non of the can log in. They are not redirected to Error page, they are kicked right back into log in page. It´s like when I hit F5 button to refresh the page.

Any suggestions, please?

[Pablo]

Either there is a problem with the data base or with PHP sessions on the server.

To be able to help you with this, I need to see all settings, the URL of the page and the generated PHP code.

[Juraj256]

Sorry. This is the code of the index page:

<?php
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['form_name']) && $_POST['form_name'] == 'loginform')
{
$success_page = './odpytovanie.php';
$error_page = './chyba.php';
$database = './z98d25aaq68hho.php';
$crypt_pass = md5($_POST['password']);
$found = false;
$fullname = '';
$session_timeout = 600;
if(filesize($database) > 0)
{
$items = file($database, FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
foreach($items as $line)
{
list($username, $password, $email, $name, $active) = explode('|', trim($line));
if ($username == $_POST['username'] && $active != "0" && $password == $crypt_pass)
{
$found = true;
$fullname = $name;
}
}
}
if($found == false)
{
header('Location: '.$error_page);
exit;
}
else
{
if (session_id() == "")
{
session_start();
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['fullname'] = $fullname;
$_SESSION['expires_by'] = time() + $session_timeout;
$_SESSION['expires_timeout'] = $session_timeout;
header('Location: '.$success_page);
exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Úvod</title>
<meta name="description" content="Ďakujeme vám, milá naša rodina a priatelia, že ste s nami strávili náš svadobný deň.">
<meta name="author" content="Jurko">
<meta name="robots" content="noindex, nofollow">
<meta name="revisit-after" content="365 days">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link href="icon.png" rel="icon" sizes="166x157" type="image/png">
<link href="css/nasa_svadba.css" rel="stylesheet">
<link href="css/index.css" rel="stylesheet">
<script src="jquery-1.12.4.min.js"></script>

<script>
$(document).ready(function()
{
setTimeout(function()
{
$('body').addClass('loaded');
}, 2000);
});
</script>
<!-- Insert Google Analytics code here -->
</head>
<body>
<div id="container">

</div>
<div id="wb_LayoutGrid1">
<div id="LayoutGrid1-overlay"></div>
<div id="LayoutGrid1">
<div class="col-1">
<div id="wb_LayoutGrid2">
<div id="LayoutGrid2">
<div class="col-1">
<div id="wb_Login1" style="display:inline-block;width:100%;text-align:center;z-index:0;">
<form name="loginform" method="post" accept-charset="UTF-8" action="<?php echo basename(__FILE__); ?>" id="loginform">
<input type="hidden" name="form_name" value="loginform">
<table id="Login1">
<tr>
<td class="row"><input class="input" name="username" type="text" id="username" value="<?php echo $username; ?>" placeholder="Meno"></td>
</tr>
<tr>
<td class="row"><input class="input" name="password" type="password" id="password" value="<?php echo $password; ?>" placeholder="Heslo"></td>
</tr>
<tr>
<td style="text-align:center;vertical-align:bottom"><input class="button" type="submit" name="login" value="Prihlásiť" id="login"></td>
</tr>
</table>
</form>

</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="loader-wrapper">
<div id="loader"></div>
<div class="loader-section section-left"></div>
<div class="loader-section section-right"></div>
</div>
</body>
</html>

[Pablo]

I do not see any issues in the code.
Did you make sure the database is writable on the server?

[Juraj256]

Yes, when I create a new user, I can see the size of database file has changed and when I download it from the ftp, I can see users in the file. But only one who can actually log in is "admin". Is there any way I can send you private message with administrator password, so you can try on your own?

[Pablo]

Is 'admin' also a user that you have added yourself?
Maybe the other username s are invalid. For example, maybe it has spaces or other special characters?

[Juraj256]

Yes, I added admin as well. No special characters. Right now there is a user: adka and password: adriana987

Please try to log in and you will see it will kick you right back to index page.

[Pablo]

Where can I login?

[Juraj256]

-

[Pablo]

There is only one user in the database, there is no 'admin'
But it looks like you also have protected the success page?
The success and error page should not be protected.

[Juraj256]

You are right, but how is the success page protected? If somebody knows URL of success page...?

[BaconFries]

The success page should not be protected. The purpose of the success page is simply let the user know they have logged in successfully were the error page is the opposite it will let them know they have been unsuccessful. The page that requires protection is the one used for the gallery. To learn more about this please read the following:
http://www.wysiwygwebbuilder.com/login_basics.html
http://www.wysiwygwebbuilder.com/login_tools.html

[Juraj256]

Thank you for your help and explanation.

[Juraj256]

I´m terribly sorry to report, that I still have the same problem. I created new success page with no protection. But still, only user who will go trough is "admin".

Please take a look on success page: /prihlasenie.php
Please try to login on index page as user: adka password: adriana987 (this username is added in database) it will let you go to success page, but when you choose album, it will send you right back to index page. It is just like before, but this time it will allow you to see non protected page. It will not send you to error page, like when you are trying to login with username that is not in database. But when you login with username admin, you can go trough all pictures.

I must be missing something and I´m really sorry to ask you for help

[Pablo]

How did you add the 'admin'? Yesterday, there was no 'admin' in the database.
Did you password protect the page 'prihlasenie'? Because I can go to the the page without logging in.

Can you share a demo project so I can see all your settings?

[Juraj256]

I´m adding users via admin panel at: /adminlogin.php

Page "Prihlasenie" is now not protected, as BaconFries suggested yesterday. He said success page should not be protected, so I made new success page, this time without protection.


Thank you for your help!

[Pablo]

In the properties of the 'Protected Page' object you have set 'Allow Users to 'admin'. This means that only 'admin' can access the page.

[Juraj256]

Damn, I´m really sorry. I knew it would be something simple... Thank you very much for excellent support!