This is a basic login script i created an on XAMMP server on my local computer. Worked perfectly fine on the local server. Uploaded it to my windows deluxe go daddy hosting service and it no longer works. The script is properly pulling in the user name and password the user is entering and is correctly validating it. However it seems that the $_SESSION vars are being set to null. However i know that the array it is using to set the vars is not null because it is in fact using same array to validate the login credentials. Currently when you login you get the success message in the url bar as set in the code and correctly get errors when you should, so validation is not the issue. Also i have double checked that the session is indeed been started, however it appears to not be updating. I also have the session_start() method in my header which is included in all my pages as an independent script that in included at the top of the page. i have tried removing it and having the login script be the only code that starts that session and it doesn't make a difference. However, if i include the setting of the session vars in the header itself it works fine. So somehow the session vars are being set to null. Any ideas?
Edit2: you can go to selfscales.com to see the bug in action
<?php
session_start();
if(isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//error handlers
//check if inputs are empty
if(empty($uid) || empty($pwd)){
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if($row = mysqli_fetch_assoc($result)){
//deashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//login in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
}
else {
header("Location: ../index.php?login=error");
exit();
}
Edit1: Index Page
<?php
include_once 'header.php';
include 'includes/ssdb.inc.php';
?>
<link rel="stylesheet" href="testingPHP/stylesheets/w3.css">
<section class="main-container">
<div class="main-wrapper">
<?php
if(isset($_SESSION['u_id'])){
echo '<h2>Weigh</h2>';
} else{
echo '<h2>Welcome To Selfscale!</h2>';
echo '<h4>Selfscale is a web application that eliminates the need
for a scalehouse.</h4>';
echo '<h4>Selfscale allows truck drivers to purchase a weigh
without the need to talk to anyone.</h4>';
echo '<h4>Please sign in or login.</h4>';
echo '<h4> Notice: First time users will need to register their
company, truck and trailer.</h4>';
echo '<h4>Then purchase a weigh for a small fee.</h4>';
echo '<h4>You will have the option to download your weigh ticket,
email it to yourself, or print it out the old fashion way.</h4>';
include 'weighForm.php';
}
?>
<?php
if(isset($_SESSION['u_id'])){
}
?>
</div>
</section>
<?php
include_once 'footer.php';
?>
Try to add ob_start() on top of your script that may solve your problem.
<?php
ob_start();
session_start();
if(isset($_POST['submit'])) {
include 'dbh.inc.php';
$uid = mysqli_real_escape_string($conn, $_POST['uid']);
$pwd = mysqli_real_escape_string($conn, $_POST['pwd']);
//error handlers
//check if inputs are empty
if(empty($uid) || empty($pwd)){
header("Location: ../index.php?login=empty");
exit();
} else {
$sql = "SELECT * FROM users WHERE user_uid='$uid' OR user_email='$uid'";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if($resultCheck < 1) {
header("Location: ../index.php?login=error");
exit();
} else {
if($row = mysqli_fetch_assoc($result)){
//deashing the password
$hashedPwdCheck = password_verify($pwd, $row['user_pwd']);
if($hashedPwdCheck == false){
header("Location: ../index.php?login=error");
exit();
} elseif ($hashedPwdCheck == true) {
//login in the user here
$_SESSION['u_id'] = $row['user_id'];
$_SESSION['u_first'] = $row['user_first'];
$_SESSION['u_last'] = $row['user_last'];
$_SESSION['u_email'] = $row['user_email'];
$_SESSION['u_uid'] = $row['user_uid'];
header("Location: ../index.php?login=success");
exit();
}
}
}
}
}
else {
header("Location: ../index.php?login=error");
exit();
}
Hope this will resolve your issue. For more understanding of ob_start()
In the end I called GoDaddy support. The issue was the default save path for the session_start() method was not an actual dir in the server. This was an issue on their end and was resolved quickly. Thanks to anyone that attempted to help!