views:

97

answers:

2

i've tested my site on 2 phone models using the 'generic' browser that came with the phone, but sadly, everytime I tried to login, it will return me back to my index page.

here's my login code

    <form name='login' method='POST' action='authentication.php'>
<table border=0 cellpadding=2>
<tr><td>Login:</td><td></td></tr>
<tr><td>E-mail: </td><td><input type=text name='email' id='email' size=20 maxlength="200"></td></tr>
<tr><td>Password: </td><td><input type=password name='password' id='password' size=20 maxlength="100"></td></tr>
<tr><td></td><td><input type=submit value='Login'></td></tr>
</table></form>

and here's the authentication.php (snippet)

$currentUserEmail = $_POST["email"];
$currentUserPwd = md5($_POST["password"]);
$stmt = $dbi->prepare("select status from users where email=? and pwd=?");
$stmt->bind_param('ss', $currentUserEmail,$currentUserPwd); 
mysqli_stmt_execute($stmt);
mysqli_stmt_store_result($stmt);
$isUserAvailable = mysqli_stmt_num_rows($stmt);
$stmt->bind_result($getUserStatus);
$stmt->execute() or die (mysqli_error());
$stmt->store_result();
$stmt->fetch();
$stmt->close();

if($isUserAvailable > 0){
    if ($getUserStatus == "PENDING") {
        $userIsLoggedIn = "NO";
        $registeredUser = "NO"; 
        unset($userIsLoggedIn);
        setcookie("currentMobileUserName", "", time()-3600);
        setcookie("currentMobileUserEmail", "", time()-3600);
        setcookie("currentMobileSessionID", "", time()-3600);
        setcookie("currentMobileUID", "", time()-3600);
        header('Location: '.$config['MOBILE_URL'].'/index.php?error=2&email='.$currentUserEmail);
    }elseif (($getUserStatus == "ACTIVE") || ($getUserStatus == "active")){ //means successfully logged in

        //set the cookie

        setcookie("currentMobileUserName", $currentUserName, $expire);
        setcookie("currentMobileUserEmail", $currentUserEmail, $expire);
        setcookie("currentMobileSessionID", $getGeneratedMobileUSID, $expire);
        setcookie("currentMobileUID", $currentUID, $expire);
        $userIsLoggedIn = "YES";
        $registeredUser = "YES";


        $result = $stmt->execute() or die (mysqli_error($dbi));

        if ($caller == "indexLoginForm"){
            header('Location: '.$config['MOBILE_URL'].'/home.php');
        }else{

            header('Location: '.$config['MOBILE_URL'].'/home.php');

        }


    }

}else{
    $userIsLoggedIn = "NO";
    $registeredUser = "NO"; 
    unset($userIsLoggedIn);
    setcookie("currentMobileUserName", "", time()-3600);
    setcookie("currentMobileUserEmail", "", time()-3600);
    setcookie("currentMobileSessionID", "", time()-3600);
    setcookie("currentMobileUID", "", time()-3600);
    header('Location: '.$config['MOBILE_URL'].'/index.php?error=1');

}

The only way I can access my mobile site is by using opera mini. Just FYI, both the 'generic browsers' i tested my site with supports cookie (at least this is what the browser settings said).

thanks

A: 

Probably the mobile browsers you are using don't support cookies and therefore won't be able to store the session ID in the cookie or any other information for that matter.

You should instead try to pass the session ID in the URL so your site will work across all mobile browsers. This can be done by setting session.use_trans_sid to true in your PHP configuration, e.g. ini_set('session.use_trans_sid', true);

The W3C has some good information on cookies in their Mobile Web Best Practices

James
thanks a lot.. i think i will use sessions instead..
imin
You will still have problems if you use sessions, as the session ID gets recorded in a cookie and some mobile phones don't support cookies. Only if you have session ID in URL will this work.
James
omg.. that's quite troublesome isn't it :D... thanks a lot for the reminder
imin
A: 

Some mobile browsers (Blackberries spring to mind) don't process cookies sent in anything but a 2xx response - you are responding with a 302 redirect.

Try this:

setcookie("currentMobileUserName", $currentUserName, $expire);
setcookie("currentMobileUserEmail", $currentUserEmail, $expire);
setcookie("currentMobileSessionID", $getGeneratedMobileUSID, $expire);
setcookie("currentMobileUID", $currentUID, $expire);
$userIsLoggedIn = "YES";
$registeredUser = "YES";
... // some WML/HTML markup...
print "You are logged in. Click <a href='" 
       . $config['MOBILE_URL']. "/home.php'>here</a> to continue.";

Also, some older devices don't like to hold more than one cookie per site - solving this one is a bit more complicated assuming that you want a persistent identifier available so the user doesn't have to log in (generate your own session id encrypting a token which identifies the user with the time and set an expiry time in the future - if no session id is found matching, decrypt to get the remember me value).

C.

symcbean
hmm thanks a lot for the info.. this made me think I really should be using session instead
imin