craisondigital craisondigital - 2 months ago 13
MySQL Question

Why does my php login script work in Chrome, but not in FireFox or Edge?

I'm working on a php login based on mysql table. It's all working fine w/in Chrome, however in both Firefox and Edge, when I type a username and password I am just brought back to the login page. (with correct OR incorrect credentials)

Here is my php code..

<?php session_start();
if(isset($_POST['login'])) {

$uname = mysqli_real_escape_string($con, $_POST['uname']);
$pass = mysqli_real_escape_string($con, $_POST['pass']);
$sel_user = "SELECT * FROM employees WHERE username='$uname' AND pass='$pass'";
$run_user = mysqli_query($con, $sel_user);
$check_user = mysqli_num_rows($run_user);
if($check_user>0) {
$_SESSION['username']=$uname;

header("Location: xadmin.php" );
}

else {

echo "<script>alert('Email or password is not correct')</script>";
}}?>


Here is the html form..

<form action="login.php" method="post">
<table width="100%" border="0">
<tbody>
<tr>
<td bgcolor="#3B3B3B" height ="35" class="BodyTxtB" align="center">Administrator Login</td></tr>
<tr height="20"><td></td></tr>
<tr>
<td class="BodyTxtB" align="center">Username</td>
</tr>
<tr>
<td class="BodyTxtB" align="center"><input type="text" class="BodyTxtBC" name="uname" required="required"/></td>
</tr>
<tr height="20"><td></td></tr>
<tr>
<td class="BodyTxtB" align="center">Password</td>
</tr>
<tr>
<td class="BodyTxtB" align="center"><input type="password" class="BodyTxtBC" name="pass" required="required"/></td>
</tr>
<tr height="20"><td></td></tr>
<tr height="35"><td align="center"><input type="image" src="images/btn_login.jpg" name="login" value="Login"/></td></tr>
<tr height="20"><td></td></tr>
</tbody>
</table>
</form>


Here is the validation from xadmin.php

<?php session_start();

if (!isset($_SESSION['username']))
{
header("Location: login.php?e=access_denied");
exit();
}
?>


Does anyone know what could be causing the issue?

Answer

Firefox/Edge don't pass through the name of <input type="image" ... />

If you do a print_r($_POST) and submit the form with Firefox you'll get:

Array
(
    [login_x] => 0
    [login_y] => 0
)

Do the same thing with Chrome, however:

Array
(
    [login_x] => 8
    [login_y] => 8
    [login] => Login
)

... and there you have it.

You could pass through login as a hidden form field:

<input type="image" src="images/btn_login.jpg" />
<input type="hidden" name="login" value="Login" />