PHP login doesn't work in IE

PHP
1

(I resubmitted this thread, with correct link. I probably could have edited my original post, but I couldn’t figure out how to do that. Sorry for the duplicate.)

I am working on a page I did not create, trying to troubleshoot why the log-in form does not function in IE6/IE7. It’s a straightforward login which redirects to an index page when correct info is entered. In IE, the submit button just does not function, and I can’t see any reason why.

The page is here: http://www.asg-llc.com/employee/login.php

The main page to password protected area (which you should be redirected to) is here: http://www.asg-llc.com/employee/index.php

(The login in the code below is not actual info, but if anyone needs to try it, I can just modify existing log-in to match the below)

The code for login.php is:


<? 
session_start(); 

if ($_POST["submit1"] != "") { 
    if (($_POST["username"]=="asg") && ($_POST["password"]=="Asg!1")) { 
        session_register("userAuthenticated"); 
        $userAuthenticated = "1"; 
        header("Location: index.php"); 
        exit; 
    } else { 
        session_unset();   // Unset session variables. 
        session_destroy(); // End Session 
        $errorMsg = "Incorrect username/Password."; 
    } 
} 

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<title>Academy Solutions Group, LLC</title>   

<!--stylesheets --> 

<link rel="stylesheet" type="text/css" media="screen" href="../css/nav_int.css" /> 
<link rel="stylesheet" href="../css/asg_styles_employees.css" type="text/css" /> 
<link rel="stylesheet" href="../css/fonts.css" type="text/css" /> 
<link rel="icon" href="../images/favicon.ico" type="image/ico" /> 
         
        <script type="text/javascript" src="js/supersleight-min.js"></script> 
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script> 
 <!--[if IE 7]> 
        <link rel="stylesheet" type="text/css" href="../css/asg_styles_employees-IE6.css" /> 
        <![endif]-->  
        <!--[if IE 6]> 
        <link rel="stylesheet" type="text/css" href="../css/IE6-dropdownhome.css" /> 
        <![endif]-->  
        </head> 
<body> 
<div id="wrapper"> 
  <div id="header"> 
  <div id="wrapper_content"> 
 <div id="topbanner"> 
     
<div id="header_interior"><img src="../images/employee-banner.jpg" border="0" usemap="#Map" alt="ASG" /> <map name="Map" id="Map"> 
<area shape="rect" coords="333,14,567,173" href="../index.php" alt="ASG" /></map></div> 
</div> 
    <div class="int_wrap_contact"> 
<div class="headerimg"> 
        
      </div> 
      <div id="int_content"> 
       <div id="nav"> 
           <a href="login.php"><img src="../images/sidebar-welcome.png" width="230" height="26" border="0" alt="Welcome!" /></a> 
      <br /> 
           <div style="padding-left:15px; padding-top: 10px; padding-right: 15px;"> 
             <p>Welcome. This section is for employees only. Please sign in.</p></div> 
          <br /> <a href="login.php"><img src="../images/sidebar-new.png" width="230" height="26" border="0" alt="Welcome!" /></a><br />  
             <div style="padding-left:15px; padding-top: 10px; padding-right: 15px;"> 
             We are now running on our new site!</div> 
        </div> 
        <div id="content"> 
          <div id="columns_employees">  
            <br /> 
<br /> 
<br /> 
<div id="contents"> 
       <table width="500"  border="0" cellspacing="6" cellpadding="6"> 
         <tr> 
           <td> 
               <form action="<?=$PHP_SELF?><?if($QUERY_STRING){ echo"?". $QUERY_STRING;}?>" method="post"> 
                 <p align="center">Employees only. Please login to access the Employee Dashboard.</p> 
                 <table align="center" border="0"> 
             </form></td> 
         </tr> 
         <tr> 
           <th> Username: </th> 
           <th> <input type="text" name="username" /> 
           </th> 
         </tr> 
         <tr> 
           <th> Password: </th> 
           <th> <input type="password" name="password" /> 
           </th> 
         </tr> 
         <tr> 
           <th colspan="2" align="right"> <input type="submit" name="submit1" value="Login"> 
            <br /> <br /> <br /> <br /> 
           <br /> 
               <b> 
                 <?=$errorMsg;?> 
               </b> </th> 
         </tr> 
       </table> 
</th></body> 
</html> 
           
        </tr> 
      </table> 
</div> 
          </div> 

</div> 
      </div> 
</div> 

    <div class="clearfloat" /></div> 
   
    <!-- end #header --> 
  </div> 
     
    <!-- end #mainContent --> 
<div class="green_link" id="footer"><?php include ("../includes/footer.php") ?> 

  <!-- end #footer --></div>  
   
<!-- end #wrapper --></div> 
</body> 
</html>

Here’s the index page code that form should redirect to:

<?  
    session_start();  
    if ($_SESSION["userAuthenticated"] != "1") { header("Location: login.php"); exit; } 
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml"> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> 
<title>Academy Solutions Group, LLC</title>   

<!--stylesheets --> 

<link rel="stylesheet" type="text/css" media="screen" href="../css/nav_int.css" /> 
<link rel="stylesheet" href="../css/asg_styles_employees.css" type="text/css" /> 
<link rel="stylesheet" href="../css/fonts.css" type="text/css" /> 
<link rel="icon" href="../images/favicon.ico" type="image/ico" /> 
<script type="text/javascript" src="js/supersleight-min.js"></script> 
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js" type="text/javascript"></script> 
</head> 
<body> 
<div id="wrapper"> 
  <div id="header"> 
  <div id="wrapper_content"> 
 <div id="topbanner"> 
     
<div id="header_interior"><img src="../images/employee-banner.jpg" border="0" usemap="#Map" alt="ASG" /> <map name="Map" id="Map"> 
<area shape="rect" coords="333,14,567,173" href="../index.php" alt="ASG" /></map></div> 
</div> 
    <div class="int_wrap_contact"> 
<div class="headerimg"> 
        
      </div> 
      <div id="int_content"> 
        <div id="nav"> 
           <a href="login.php"><img src="../images/sidebar-welcome.png" width="230" height="26" border="0" alt="Welcome!" /></a> 
      <br /> 
           <div style="padding-left:15px; padding-top: 10px; padding-right: 15px;"> 
             <p>Welcome your the ASG Employee Dashboard. Documents have been added for your usage.  </p></div> 
            <br /> 
<a href="#.php"><img src="../images/sidebar-dashboard.png" alt="Useful Documents" width="230" height="26" border="0" /></a> 
          <ul> 
            <li class="list_blue"><a href="#links">Quick Links</a> 
            <ul class="sub_list_blue"> 
                 
                
              </ul>   
              </li> 
             <li class="list_blue"><a href="#tax">Tax Forms</a> 
              
              </li> 
             <li class="list_blue"><a href="#insurance">Insurance Documents</a> 
             
              </li> 
                <li class="list_blue"><a href="#benefits">Medical Benefits</a> 
              
              </li>   
              <li class="list_blue"><a href="#k401k">401K Documents</a> 
              
              </li>    
              <li class="list_blue"><a href="#employees">ASG Employee Documents</a> 
              
              </li> 
          </ul>  <!--<br /> <a href="login.php"><img src="../images/sidebar-quicklinks.png" width="230" height="26" border="0" alt="Welcome!" /></a><br />  
             <div style="padding-left:15px; padding-top: 10px; padding-right: 15px;"> 
            <a href="http://asg-online.ghg.com/login.jsp" target="_blank"><img src="../images/timecard.png" alt="Time Card" /></a>&nbsp;<a href="https://www.expertplan.com/primebenefits.js" target="_blank"><img src="../images/401k.png" alt="ASG 401K" /></a>&nbsp;<a href="https://mail.google.com/a/asg-llc.com" target="_blank"><img src="../images/asgemail.png" alt="Time Card" /></a><br /></div>--> 
        </div> 
        <div id="content"> 
          <div id="columns_employeedash">  
            <br /> 
<br /> 
<br /> 
<div id="contents"><br /> 
<div class="calloutboxgray"> 
    <center><p class="bolded"><a name="links" id="links"></a>QUICK LINKS</p> 
   <a href="http://asg-online.ghg.com/login.jsp" target="_blank"><img src="../images/timecard.png" alt="Time Card" /></a>&nbsp;&nbsp;<a href="https://www.expertplan.com/primebenefits.jsp" target="_blank"><img src="../images/401k.png" alt="ASG 401K" /></a>&nbsp;&nbsp;<a href="https://mail.google.com/a/asg-llc.com" target="_blank"><img src="../images/asgemail.png" alt="Time Card" /></a></center>  
   <a name="tax" id="tax"></a></div><div class="calloutbox"> <p class="bolded">TAX FORMS</p> 

   <a name="insurance" id="insurance"></a> </div> 
<div class="calloutbox"> <p class="bolded">INSURANCE DOCUMENTS</p> 
  <ul> 
          
  <a name="benefits" id="benefits"></a></div> 
<div class="calloutbox"> <p class="bolded">MEDICAL BENEFITS</p> 
    
  <a name="k401k" id="k401k"></a></div> 
<div class="calloutbox"> <p class="bolded">401K DOCUMENTS</p> 
 </div> 
    <div class="calloutbox"><p class="bolded">ASG EMPLOYEE DOCUMENTS</p> 
    
  </div> 
</body><br /><br /><br /> 
</html> 
     
</div> 
          </div> 

</div> 
      </div> 
</div> 

    <div class="clearfloat" /></div> 
   
    <!-- end #header --> 
  </div> 
     
    <!-- end #mainContent --> 
<div class="green_link" id="footer"><?php include ("../includes/footer.php") ?> 

  <!-- end #footer --></div> 

   
   
<!-- end #wrapper --></div> 
</body> 
</html>

Before I scrap this guys code and start re-building this from scratch, testing all the while, I thought I’d ask. One of you guys might see what I’m missing here!

Thanks!
:kitty2: Haikukitty

2

I found about 6-8+ markup bugs in the code including the main bug which caused nothing to happen when the form was submitted in IE 6&7. Basically it was a mess, who ever coded it previously has an idea of the HTML markup but they are not really clear of how to use specific elements correctly yet.

Below is the fixed code which should work fine.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Academy Solutions Group, LLC</title>

<!-- stylesheets --> 
<link rel="stylesheet" type="text/css" media="screen" href="../css/nav_int.css" />
<link rel="stylesheet" href="../css/asg_styles_employees.css" type="text/css" />
<link rel="stylesheet" href="../css/fonts.css" type="text/css" />
<link rel="icon" href="../images/favicon.ico" type="image/ico" />
<!--[if IE 7]>
    <link rel="stylesheet" type="text/css" href="../css/asg_styles_employees-IE6.css" />
<![endif]-->
<!--[if IE 6]>
    <link rel="stylesheet" type="text/css" href="../css/IE6-dropdownhome.css" />
<![endif]-->

<!-- javascript -->
<script type="text/javascript" src="js/supersleight-min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js"></script>
</head>
<body>

<div id="wrapper"> 
    <div id="header">
        <div id="wrapper_content">
            <div id="topbanner">
                <div id="header_interior">
                    <img src="../images/employee-banner.jpg" border="0" usemap="#Map" alt="ASG" />
                    <map name="Map" id="Map">
                        <area shape="rect" coords="333,14,567,173" href="../index.php" alt="ASG" />
                    </map>
                </div>
            </div>
            
            <div class="int_wrap_contact">
                <div class="headerimg"></div>
                
                <div id="int_content">
                    <div id="nav">
                        <a href="login.php"><img src="../images/sidebar-welcome.png" width="230" height="26" border="0" alt="Welcome!" /></a>
                        <br />
                        <div style="padding-left:15px; padding-top: 10px; padding-right: 15px;">
                            <p>Welcome. This section is for employees only. Please sign in.</p>
                        </div>
                        <br /><a href="login.php"><img src="../images/sidebar-new.png" width="230" height="26" border="0" alt="Welcome!" /></a><br /> 
                        <div style="padding-left:15px; padding-top: 10px; padding-right: 15px;">
                            We are now running on our new site!
                        </div>
                    </div>
    
                    <div id="content">
                        <div id="columns_employees">
                            <br />
                            <br />
                            <br />

                            <div id="contents"> 
                                <table width="500"  border="0" cellspacing="6" cellpadding="6"> 
                                    <tr>
                                        <td>
                                            <form action="<?php echo $PHP_SELF; if ($QUERY_STRING){ echo "?" . $QUERY_STRING; } ?>" method="post">
                                                <p align="center">Employees only. Please login to access the Employee Dashboard.</p>
                                                <table align="center" border="0">
                                                    <tr>
                                                        <th>Username:</th>
                                                        <td><input type="text" name="username" /></td>
                                                    </tr>
                                                    <tr>
                                                        <th>Password:</th>
                                                        <td><input type="password" name="password" /></td>
                                                    </tr>
                                                    <tr>
                                                        <td colspan="2" align="right">
                                                            <input type="submit" name="submit1" value="Login">
                                                            <br /><br /><br /><br /><br />
                                                            <strong><?php echo $errorMsg; ?></strong>
                                                        </td>
                                                    </tr>
                                                </table>
                                            </form>
                                        </td>
                                    </tr>
                                </table> 
                            </div> 
                        </div>
                    </div>

                </div>
            </div>

            <div class="clearfloat"></div>
        </div><!-- end #wrapper_content -->
    </div><!-- end #header -->
    
    <div class="green_link" id="footer">
        <?php include("../includes/footer.php"); ?>
    </div><!-- end #footer -->
</div><!-- end #wrapper -->

</body>
</html>

Let me know how it goes for you.

PS: There are some PHP issues that need to be addressed so let me know if you want me to explain those.

3

Thanks so much! I’ll pull this in and try it.

The HTML code was a mess, but not being the original coder, it would be easier for me to just start over.

Given the php issues, is this even worth fixing? And is it even secure? I’m not very familiar with PHP for authentication, generally have only used it for regular info form processing, that kind of thing.

I don’t know how much I care, though, since ultimately, I’m not responsible for any security holes…

thanks again!
Haikukitty

4

You are awesome! It didn’t even occur to me that the weird duplicate HTML tags at the bottom would cause the form to malfunction. I figured I would address that once I figured out the log-in issue.

What are the PHP problems you referenced above? Anything I really need to worry about? I would appreciate any info you want to share.

Thanks again!!

:kitty: Haikukitty

5

Glad the updated HTML worked for you, the main concerns i had with the PHP are.

  1. session_register() should not be used anymore as its deprecated in PHP 5.3.
  2. isset() should be used when using $_POST and $_GET super globals to eliminate undeclared variable notice errors
  3. htmlentities() or [URL=“http://www.php.net/manual/en/function.htmlspecialchars.php”]htmlspecialchars() should be used on $_POST and $_GET super globals to stop HTML/javascript injection
  4. PHP shorthand Eg. <?=$variable?> shouldn’t be used in my personal opinion
  5. $errorMsg should be declared after session_start() as en empty variable of an [URL=“http://php.net/manual/en/function.isset.php”]isset() statement should be used to check if the variable exists. See the below example.
    php // The below will cause an undefined variable error echo $errorMsg; // The below will NOT caused an undefined variable error if (isset($errorMsg)) { echo $errorMsg; }

Thats about it from what i can see so help that helps.