I have some PHP code that works fine on my local server (via XAMPP), and it runs fine on a Unix server on my campus, but when I use it on DreamHost servers, for some reason I am having numerous issues.
For one, the $_SESSION is not being remembered at all upon form submission.Another issue is that the header redirect does not work (nothing happens).
Both of these work fine locally and on one server I tested, but not my VPS on DreamHost. I have been trying numerous things for hours and not found a solution.
login.php:
<!DOCTYPE html>
<html>
<head>
<title>Log In - password hash example</title>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="../css/normalize.css">
<link rel="stylesheet" href="../css/main.css">
</head>
<?php
include ("functions.php");
session_start();
require_once("../includes/open_db.php");
//need to save whether log in is new or existing
if (isset($_POST['type'])) {
$_SESSION['type'] = $_POST['type'];
unset($_POST['type']);
}
//want to keep username if it has been entered
if (isset($_POST['username'])) {
$username_check = htmlspecialchars($_POST['username']);
}
else {
$username_check = "";
}
//check username availability
if (isset($_POST['check_username']) && isset($_POST['username'])) {
$check = true; //will need to know if username needs to be put back
if (existing_username($db, $username_check)) {
echo "<script type='text/javascript'>alert('Username unavailable.');</script>";
}
else {
echo "<script type='text/javascript'>alert('Username is available.');</script>";
}
unset($_POST['check_username']);
unset($_POST['username']);
}
else {
$check = false; //no name in the input box
}
//log in existing user
if ($_SESSION['type'] == 'existing') {
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if (verify_login($db, $username, $password)) {
$_SESSION['message'] = 'You have successfully logged in';
$_SESSION['current_user'] = $_POST['username'];
header('Location: login_message.php');
}
else {
$_SESSION['message'] = 'Login failed';
header('Location: login_message.php');
}
}
}
else { //create new user
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = htmlspecialchars($_POST['username']);
$password = htmlspecialchars($_POST['password']);
if (validPassword($password)) {
$password2 = htmlspecialchars($_POST['password2']);
if ($password !== $password2) {
echo "<script type='text/javascript'>alert('Passwords do not match.');</script>";
}
else //passwords match
{
if (existing_username($db, $username)) {
echo "<script type='text/javascript'>alert('username unavailable');</script>";
}
else { //username available
$encrypt_password = password_hash($password, PASSWORD_DEFAULT);
if (addUser($db, $username, $encrypt_password)){
$_SESSION['message'] = 'Your account has been created and you are logged in';
$_SESSION['current_user'] = $_POST['username'];
header('Location: login_message.php');
}
else {
echo "<script type='text/javascript'>alert('Unable to create account.');</script>";
}
}//!existing_username
}//passwords match
}//valid password
else { //invalid password
echo "<script type='text/javascript'>alert('Password must be at least 8 characters and "
. "contain at least one number, one uppercase letter, and one lowercase letter');</script>";
}
}//isset
}//else (new user)
?>
<body>
<header>
<?php
if ($_SESSION['type'] == "existing"){
echo "<h1>User Log-In</h1>";
}
else {
echo "<h1>Enter new account information</h1>";
}
?>
</header>
<main>
<form action="" method="post">
<label for="username" class="login_label">Username</label>
<?php
echo "<input type='text' name='username' value=$username_check>";
if ($_SESSION['type'] == "new") {
echo '<input type="submit" name="check_username" value="Check Username Availability" id="check_button">';
}
echo '<br/>';
?>
<label for="password" class="login_label">Password</label>
<!-- would normally make the input type="password", but want to see what we type -->
<input type="text" name="password" value=""><br />
<?php
if ($_SESSION['type'] == "new"){
echo "<label for='password2' class='login_label'>Retype password</label>";
//would normally make the input type="password", but want to see what we type
echo "<input type='text' name='password2' value=''><br />";
}
?>
<input type="submit" value="Log-in">
</form>
</main>
</body>
</html>
functions.php:
function verify_login($db, $username, $password)
{
$query = "SELECT user_password FROM users WHERE username = :user";
$statement = $db->prepare($query);
$statement->bindValue(':user', $username);
$statement->execute();
$result = $statement->fetch();
$statement->closeCursor();
$hash = $result['user_password'];
return password_verify($password, $hash);
}
function existing_username($db, $username)
{
$query = "SELECT COUNT(username) FROM users WHERE username = :username";
$statement = $db->prepare($query);
$statement->bindValue(':username', $username);
$statement->execute();
$exists = $statement->fetch();
$statement->closeCursor();
return $exists[0] == 1;
}
function addUser($db, $username, $password) {
$query = "INSERT INTO users (username, user_password)
VALUES (:username, :password)";
$statement = $db->prepare($query);
$statement->bindValue(':username', $username);
$statement->bindValue(':password', $password);
$success = $statement->execute();
$statement->closeCursor();
return $success;
}
function validPassword($password){
$valid_pattern = '/(?=^.{8,}$)(?=.*\d)(?=.*[A-Z])(?=.*[a-z]).*$/';
if (preg_match($valid_pattern, $password))
return true;
else
return false;
}