I'm actually a little embarrassed to ask this, but this one has me stumped and I've never run into something like it before.
I have a password validation page (index2.php) that takes a username/pwd entered by a user and validates. For relevance here, it checks two things:
- username/pword match is valid
- The user does not have a pending password update request
If 1 is valid, but two is true, the user should be redirected to a no-auth page with a message that they have a password change request pending and a link to reset again. The redirect happens in Javascript. I set a variable ($valid) as true or false, and if it's false, javascript redirects to the no-auth page with a message based on a $_GET variable set on index2.php.
So this all works fine in firefox and chrome, but in Safari it ALWAYS hits the redirect to the noauth page with the 'pending password reset' message. In troubleshooting this, I've been trying to print out various data throughout the auth process on index2.php and killing the page before the redirect. This is working fine in chrome/ff (I get the printouts) but again in safari I get no print outs. In this debugging I also found that it seems when I'm in safari it's not, for some reason, seeing certain $_POST variable data from index.php that IS seen when I'm in Chrome/FF.
I fully understand that none of this should be happening in theory (all browsers should be seeing the output of the php code the exact same), so I have no idea what may be going on here.
Below is what I think is the relevant code:
extract($_POST);
if($type != 'password') {
// *** DO SOMETHING **** //
}
else if($type == 'password') {
$checkPwd = new passwords();
// **** FIRST CHECK TO SEE IF THEY HAVE RESET THEIR PASSWORD - IF SO, WE NEED TO RESTRICT THEM FROM LOGGING IN **** //
$pwdResets = new passwordResets();
if($pwdResets->resetExists($email)) {
// *** DON'T LET THEM LOGIN, REDIRECT TO NOAUTH WITH MSG TO RESET PASSWORD. **** //
$valid = false;
$failReason = "pwdReset";
}
// *** SOME OTHER STUFF **** //
}
// **** LATER IN THE PAGE **** //
if($valid == false){
?>
<script type="text/javascript">
window.location.href="noauth.php?reason=<?php echo $failReason; ?>"
</script>
<?php
}
I must be missing something major, but I'm at a loss here. As far as I understand browsers, this should not be happening. Also, I was made aware of this issue by a general user, so it's not a problem specific to my environment, etc.
Any thoughts on this are greatly appreciated!