Css issue internet and intranet

HTML & CSS
#1

I created my website using php css mysql. As long as I am using php & css the website every thing works.
I then added Mysql and using a config.php to connect to my database the site stops working from the place my config.php starts. ie if the first half of the php has no mysql element it works, but the other half where my sql comes into play it becomes blank.

<?php

setlocale(LC_MONETARY, 'en_IN');

date_default_timezone_set('Asia/Kolkata');

$server = "localhost";

$username = "root";

$password = "xxxxxxx";

$database = "fdms";

$conn = mysqli_connect($server, $username, $password, $database) or die ("Could not connect to mysql");
#2

Do you have php’s error_reporting set to E_ALL and display_errors set to ON, in the php.ini on your system so that php will help you by reporting and displaying all the errors it detects? Stop and start your web server to get any changes made to the php.ini to take effect and use a phpinfo(); statement in a .php file to confirm that the settings actually got changed to those values.

You haven’t shown how you are requiring the config.php file. It is that statement that is probably failing and having php’s error related settings setup so that php will report and display all the errors that it detects will help you find out why.

#3

this is on a shared public server so don’t know if error_reporting set to E_ALL and display_errors will be changed just for me.

<?php 
session_start();
session_regenerate_id (true); 
setlocale(LC_MONETARY, 'en_IN');
date_default_timezone_set('Asia/Kolkata');
include "config.php"
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8"/>
    <title> FDMS Login : </title>
    <link rel="stylesheet" href="../mobile.css" media= "screen and (max-width: 480px)"  type="text/css" />
    <link rel="stylesheet" href="/css/login.css" type="text/css"/>
    
</head>
        <header>FDMS Staff Login</header>
<?php

$username=$_REQUEST['username'];
$password=$_REQUEST['password'];

$query = "SELECT * FROM staff WHERE staff_name='$username'";
$result = mysqli_query($conn, $query) or die(mysqli_error($conn));
while ($row=mysqli_fetch_array($result)) {
        $staff=$row['staff_name'];
        $password_hash=$row['password'];
        $userlevel=$row['level'];

        if (password_verify($password,$password_hash )) {
            $_SESSION['username'] = $username;
            $_SESSION['user_level'] = $userlevel;
            if ($userlevel==0) {      
            header("Location:attendence.php");
            } 
            if ($userlevel==9) {
            header("Location:complaint.php"); 
            } else {
                echo "invalid";
            }
    }
    }
?>   
<body> 
    <main>
        <div class="form_login">
            <form method="GET" name="login" id="login">
            <div class="row">
            <input type="text"  name="username" placeholder="Username" autofocus="true"/>
            </div>
            <div class="row">
            <input type="password"  name="password" placeholder="Password"/>
            </div>
            <div class = "button">
            <input type="submit" value="Login" name="submit_pass"/>
            </div>
            </form>
        </div>
    </main>
                    
        <div class='bottom'>
            <a href='index.php'>Return to Website</a>
        </div>
    <footer>@ Deepak</footer>

    
    </body> 
</html>

you can connect to my website at www.fdms.in.
you will see what I am trying to say.

if I remove the <?php ie $query …
then the form_login is displayed

Thanks for your reply,

#4

You should be learning, developing, and debugging your code/query(ies) on a localhost development system. Constantly uploading your code to a remote server to see the result of each change is an error prone waste of time. Also, until your code is secure, putting your code onto a live/public server opens the server up to abuse by hackers/bot scripts. You should only put your code onto a live/public server once it is mostly working and is secure.

You should be able to temporarily put the suggested error_reporting/display_errors settings into a local php.ini on the live/public server. You can also temporarily put them into your code, though this may be disabled on cheap web hosting.

Whatever learning resource you are using, is poorly designed. The code for any page should be laid out in this general order -

  1. initialization
  2. post method form processing
  3. get method business logic - get/produce data needed to display the page
  4. html document

Your login form should be a post method form, since it is performing an action on the server.

The post method form processing code should -

  1. detect if a post method form was submitted before accessing any of the form data.
  2. use the expected $_POST data. don’t ever use $_REQUEST since it combines, $_GET, $_POST, and $_COOKIE data.
  3. keep the form data as a set in a (one) php array variable, i.e. don’t write out lines of code copying each field value to other variables for nothing.
  4. trim all the input data at once.
  5. validate all the inputs at once, storing user/validation errors in an array, using the field name as the array index.
  6. after the end of the validation logic, if there are no errors (the array holding the errors will be empty), use the form data.
  7. list out the columns you are SELECTing in the query.
  8. do NOT put external, unknown, dynamic data directly into the sql query statement. use a prepared query instead. this would be a good time to switch to the much simpler and more modern PDO database extension.
  9. DON’T use or die(…) for database error handling. use exceptions instead and only catch and handle the exception in your code for user recoverable errors, such as when inserting/updating duplicate or out of range user submitted data.
  10. don’t use a loop to fetch what will be at most one row of data. just fetch/test the data in one statement.
  11. don’t copy variables to other variables for nothing. just use the original variables.
  12. the only value you should store in a session variable upon successful login is the user id (auto-increment primary index.) you should query on each page request to get any other user data, such as the username, or user level. this will insure that any changes made to the user data will take effect on the very next page request without requiring the user to log out and back in again.
  13. the only redirect you should have in the post method form processing code should be to the exact same url of the current page to cause a get request for that page. to allow the user to goto any other page, provide navigation links or more simply put the login code on any page that needs it.
  14. every redirect needs an exit/die statement to stop php code execution.
Php 8.1 header not working
#5

Thanks very mush for the detailed observations, appreciate the time taken by you. I have made some changes as suggested. Of the 14 suggestions ie 1,2,4,9,14 I have changed as enclosed:

<?php 
session_start();
session_regenerate_id (true); 
setlocale(LC_MONETARY, 'en_IN');
date_default_timezone_set('Asia/Kolkata');
include "config.php"
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8"/>
    <title> FDMS Login : </title>
    <link rel="stylesheet" href="/css/mobile.css" media= "screen and (max-width: 768px)"  type="text/css" />
    <link rel="stylesheet" href="/css/login.css" type="text/css"/>
    
</head>
<body> 
        <header>FDMS Staff Login</header>
<?php
if ($_POST['login']) {
$username=trim($_POST['username']);
$password=trim($_POST['password']);

$query = "SELECT * FROM staff WHERE staff_name='$username'";
$result = mysqli_query($conn, $query) ;
while ($row=mysqli_fetch_array($result)) {
        $staff=$row['staff_name'];
        $password_hash=$row['password'];
        $userlevel=$row['level'];

        if (password_verify($password,$password_hash )) {
            $_SESSION['username'] = $username;
            $_SESSION['user_level'] = $userlevel;
            if ($userlevel==0) {      
            header("Location:attendence.php");
            exit();
            } 
            if ($userlevel==9) {
            header("Location:complaint.php"); 
            exit();
            } else {
                echo "invalid";
            }
    }
    }
}
?>   

    <main>
        <div class="form_login">
            <form method="POST" name="login" id="login">
            <div class="row">
            <input type="text"  name="username" placeholder="Username" autofocus="true"/>
            </div>
            <div class="row">
            <input type="password"  name="password" placeholder="Password"/>
            </div>
            <div class = "button">
            <input type="submit" value="Login" name="submit_pass"/>
            </div>
            </form>
        </div>
    </main>
                    
        <div class='bottom'>
            <a href='index.php'>Return to Website</a>
        </div>
    <footer>@ Deepak</footer>

    
    </body> 
</html>

the rest 4,5,6,7,8,11,12,13 I did not get
Thanks again

#6

in my config.php I removed the die statement and added:
if(isset($conn)){
echo “connected:1”;
} else {
echo “Not Connected”;

I then tried again but got Neither of the two echos!

#7

Did you succeed in getting php’s error_reporting set to E_ALL and display_errors set to ON and checking that they actually got changed to those values using a .php script with a phpinfo(); statement in it?

You are getting some php error concerning the database extension. Until you get php to help you by reporting and displaying all the errors it detects, you will never find out why the code is stopping. The phpinfo() output will also tell you if the mysqli database extension is enabled (it is probably not.)

#8

to add in error settings, just add these to the top of your code. Usually the first line is your session_start(),
then these two lines:

error_reporting(E_ALL);
ini_set(“display_errors”, 1);

#9

The issue was elsewhere altogether, the public server required “…/”" before the config file. And presto every thing worked.

#10

A strange problem came up, none of my header statements are working. This happened after a week of using it.
eg I can log in but the header statement does not work.
I can access the individual php files by entering them into the url, I don’t even know where to look!
please help!

#11

Sorry, Dmanghani, but, YOU assign the layout of your website’s folder structure.
You must decide where your libraries or headers/footers exist.
Normally, you would create a folder called something like “includes” or whatever and put it in your root.
Then, you can use " /includes/header " to get to all your headers in all of your " include " commands.
Lay out your needed files ahead of time and make sense of the folder structure.
Do this for external libraries and main included HTML files. ( includes and lib folders… )

#12

I raised this question because the website was working properly for over a month, and I did not change anything. The issue cropped up without warning after a month

#13

Your web host probably updated the php version and/or php configuration (master php.ini) causing something in your code to stop working.

You need to set php’s error_reporting and display_errors settings, to the values already suggested, to get php to help you find why your code is not working.

#14

yes php was updated to 8.1 from 7.4

#15

Not sure if it helps at this point but I generally rqn into the same issue when moving from local to live.

  1. Confirm your configuration settings… has the database and users been set up and granted same access as your testing

  2. Confirm the language versions… php/mysql could have different versions that is not recognizing your original code… versions should be able to be changed on the live server too.

  3. Headers, no html white space before headers are loaded on live site

  4. Lastly if I’m too lazy to go through errors, I duplicate the page and add a var_dump($GLOBALS) statement and manually direct to the page to get a full dump of anything that could be an issue… just remove the page when you done… you generally don’t want people seeing var dumps.

Sponsor our Newsletter | Privacy Policy | Terms of Service