VenomLeon Posted September 18, 2008 Share Posted September 18, 2008 Hello! I'm currently adding a usersystem to my website, which i've build up from a tutorial. Everything is working well, except for one thing: logging in at once. After filling the Username and Password form, the area of which these 2 forms are in, changes into a menu for members, however this isnt always the case. Even after it says that the loggin in is complete (one which then the script will send you to another page), you'll keep on seeing the login form . But i've noticed that when I go to www.website.com/logout.php?logout without being logged in, and THEN try logging in, it works =S, al least untill i logged myself out and try to log in again. I hope you can understand what i'm trying to say. I've even let some of my friends try the system out on the website. Registering theirselfs goes perfectly, but logging in does not.. It is funny that the Who's Online feature does show the username(s), despite not being "fully" logged in. I personally think that the problem lies somewhere in my config.php.. these are my codes (if usefull): login.php <?php session_start(); //allows session include "config.php"; if($logged[id]) { //welcomes the member echo "Welcome $logged[username]<br><br>"; //shows the user menu $new = mysql_query("select * from pmessages where unread = 'unread' and touser = '$logged[username]'"); $new = mysql_num_rows($new); echo " - <a href='welcome.php'>Members Page</a><br> - <a href='members.php'>View Members</a><br> - <a href='editprofile.php'>Edit Profile</a><br> - <a href='messages.php'>Private Messages ($new New)</a><br> - <a href='newfriends.php'>Friend Requests</a><br> - <a href='changepassword.php'>Change Password</a><br> - <a href='logout.php?logout'>Logout</a>"; }else //if there trying to login if(isset($_GET['login'])) { //removes sql injections from the data $username= htmlspecialchars(addslashes($_POST[username])); //encrypts the password $password = sha1(md5(md5(sha1(md5(sha1(sha1(md5($_POST[password])))))))); //gets the username data from the members database $uinfo = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); //see if the user exists $checkuser = mysql_num_rows($uinfo); //if user name not found in database error if($checkuser == '0') { echo "Username not found"; }else{ //fetch the sql $udata = mysql_fetch_array($uinfo); //checks see if the account is verified if($udata[userlevel] == 1) { echo "This account had not been verified."; } //if it is continue else //if the db password and the logged in password are the same login if($udata[password] == $password) { $query = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error()); //fetchs the sql $user = mysql_fetch_array($query); $last_date = date("l, F j, Y h:i A"); $update = mysql_query("UPDATE `members` SET `last_seen` = '$last_date' WHERE `username` = '$user[username]' AND `id` = '$user[id]';") or die(mysql_error()); //sets the logged session $_SESSION['id'] = "$user[id]"; $_SESSION['password'] = "$user[password]"; echo "You are now logged in, Please wait. . ."; //redirects them echo "<meta http-equiv='Refresh' content='2; URL=welcome.php'/>"; } //wrong password else{ echo "Incorrect username or password!"; } } }else{ //If not the above show the login form echo "<form action='login.php?login' method='post'> <table width='200'> <tr> <td width='120'>Username:</td> <td width='180'><input type='text' name='username' size='17' maxlength='50'></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password' size='17' maxlength='50'></td> </tr> <tr> <td colspan='2'><input type='submit' value='Login'></td> </tr> </table> </form> <a href='register.php'>Register to DE!</a> <strong>::</strong> <a href='forgotpass.php'>Forgot Password</a> <strong>::</strong> <a href='members.php'>View Members</a>"; } ?> config.php <? session_start(); //allows session $conn = mysql_connect("localhost","douglas7","140987"); mysql_select_db(members) or die(mysql_error()); $logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'"); $logged = mysql_fetch_array($logged); //some server details, don't edit! $host = $_SERVER['HTTP_HOST']; $self = $_SERVER['PHP_SELF']; //change this to your site name $sitename = "Douglas Elemex"; //Send emails or not (email activation). 1 = true, 0 = false $semail = "1"; $logout_time = 200; //mili seconds to stay logged in $current = time(); //current time $offline = ($current - $logout_time); //do the math for the logout time if($logged[username]){ //if they are logged in $update = mysql_query("UPDATE `members` SET `online` = '$current' WHERE `username` = '$logged[username]';"); //update their status } //end the check and such ?> I really dont know how to solve this, but I would love to hear how, so i hope to find my help here. I got the usersystem from here: http://rmb-scripting.com/tutorials.php?tutorial&tid=58&page=1 Thanks in advance! Quote Link to comment Share on other sites More sharing options...
nonexistentera Posted September 19, 2008 Share Posted September 19, 2008 Not that this would be the case, but your config.php file has the logged in time to 200 miliseconds. $logout_time = 200; //mili seconds to stay logged in $current = time(); //current time $offline = ($current - $logout_time); //do the math for the logout time So it seems that your database knows that they are logged in, but the Session thinks they are only logged in for 200 miliseconds, so once they log in, they are automatically logged out once the script is done executing. I would just experiment with changing it to something higher. Quote Link to comment Share on other sites More sharing options...
VenomLeon Posted September 22, 2008 Author Share Posted September 22, 2008 Heey tried your suggestion, but with no luck. This part: $logout_time = 200; //mili seconds to stay logged in $current = time(); //current time $offline = ($current - $logout_time); //do the math for the logout time if($logged[username]){ //if they are logged in $update = mysql_query("UPDATE `members` SET `online` = '$current' WHERE `username` = '$logged[username]';"); //update their status } //end the check and such was ment for the users online add-on for the usersystem, but i've removed that one untill i've got the system working 100%, so the config.php page nog looks like this (original code): <?php session_start(); //allows session $conn = mysql_connect("localhost","xxxxxx","xxxxxx"); mysql_select_db(members) or die(mysql_error()); $logged = MYSQL_QUERY("SELECT * FROM `members` WHERE `id` = '$_SESSION[id]' AND `password` = '$_SESSION[password]'"); $logged = mysql_fetch_array($logged); //some server details, don't edit! $host = $_SERVER['HTTP_HOST']; $self = $_SERVER['PHP_SELF']; //change this to your site name $sitename = "Douglas Elemex"; //Send emails or not (email activation). 1 = true, 0 = false $semail = "1"; ?> I think the problem lies within the sessions when someone's logged in or logged out (since logging in only works when first visiting logout.php (what should destroy the session), and then trying to log in, though this is only the case after you closed the browser after being logged in and then out (by yourself)). session code in login.php: //sets the logged session $_SESSION['id'] = "$user[id]"; $_SESSION['password'] = "$user[password]"; logout.php: <?php session_start(); //allows session include "config.php"; //checks there trying to logout if(isset($_GET['logout'])) { //deletes the sessions unset($_SESSION['id']); unset($_SESSION['password']); //loggedout message echo "You are now logged out. Redirecting you to homepage.."; //redriects them to index echo "<meta http-equiv='Refresh' content='2; URL=http://www.douglas-elemex.net'/>"; } ?> Maybe the logout doesnt destroy the session that well..? ??? Quote Link to comment Share on other sites More sharing options...
nonexistentera Posted September 23, 2008 Share Posted September 23, 2008 From what I know about sessions, you have to call session_destroy(); which will remove all data registered to a session. Try <?php session_start(); //allows session include "config.php"; //checks there trying to logout if(isset($_GET['logout'])) { //deletes the sessions unset($_SESSION['id']); unset($_SESSION['password']); session_destroy(); //RIGHT HERE //loggedout message echo "You are now logged out. Redirecting you to homepage.."; //redriects them to index echo "<meta http-equiv='Refresh' content='2; URL=http://www.douglas-elemex.net'/>"; } ?> I see that it unsets it, but to my knowledge, session_destroy(); should remove anything else that may be lingering. If not, we will try something else Quote Link to comment Share on other sites More sharing options...
VenomLeon Posted September 23, 2008 Author Share Posted September 23, 2008 this does work, thanks! but after i log out & close the browser, and then try logging in it still wont log me in (i still would have to go to the "logout.php?logout" in order to log in first). If i log out and log in again while not closing the browser the logging in does work. Maybe the login contains some error of not completing the logging in of a member :-\ Quote Link to comment Share on other sites More sharing options...
VenomLeon Posted September 23, 2008 Author Share Posted September 23, 2008 Heey the problem is fixed! It seemed that i had the Head-part still hanging around in the login.php file, causing it to work weird, because its included to other pages who have their own Head. But i'll keep the session_destroy(); on the logout.php, just in case Thanks for helping out, nonexistentera .. i'll post my website here in the forum when it's done ^^ Quote Link to comment Share on other sites More sharing options...
nonexistentera Posted October 16, 2008 Share Posted October 16, 2008 No problem. I get helped, and I give help. Glad to see you found the problem though. Good Job Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.