Jump to content

simple login script requires refresh

evanct

By evanct
in PHP Coding Help

 Share

Recommended Posts

evanct Member

evanct

Posted
Posted

Beginner here. In this simple script, once the correct login details are submitted, it seems like the session variables aren't set until the page is refreshed once. see what i mean here:

 

www.evanct.com/php/logintest.php

use the username: markj

and password: thimble

 

here's the login code:

 

<?php
session_start();
if (empty($_SESSION['user_id'])) {
echo '
<p>This form should not show if the user is logged in.</p><br/>
<form action="'.htmlentities($_SERVER["PHP_SELF"]).'" method="POST">
<p>USERNAME</p>
<input type="text" name="username"><br>
<p>PASSWORD</p>
<input type="text" name="password">
<input type="submit" value="LOGIN" name="submit"></form>';

if (isset($_POST['submit'])) {
include('login.php');
$connection=mysql_connect($db_host, $db_username, $db_password);
mysql_select_db($db_database);
$username=htmlentities($_POST['username']);
$password=htmlentities($_POST['password']);
if (isset($username) || isset($password)) {
$query="SELECT * FROM users WHERE username='".$username."' AND password='".md5($password)."' LIMIT 1";
$result=mysql_query($query);

while ($row=mysql_fetch_assoc($result)) {
$userid=$row['user_id'];
$firstname=$row['firstname'];
$lastname=$row['lastname'];

}

if (mysql_num_rows($result)==0) {
echo "Incorrect username or password.";
}
else {
$_SESSION['user_id']=$userid;
$_SESSION['username']=$username;
$_SESSION['firstname']=$firstname;
$_SESSION['lastname']=$lastname;
echo ("<p>Refresh the page.</p><br/>");
}
}
}
} else {
echo "
<p>This text is supposed to show when the user is logged in.</p><br/>
<a href='logouttest.php'>Log out</a>";
}

?>

 

What am i doing wrong here?

Link to comment
https://forums.phpfreaks.com/topic/137474-simple-login-script-requires-refresh/
Share on other sites
mmarif4u Regular Member

mmarif4u

Posted
Posted

Give this a try:

<?php
session_start();
if (empty($_SESSION['user_id'])) {
echo '
<p>This form should not show if the user is logged in.</p><br/>
<form action="'.htmlentities($_SERVER["PHP_SELF"]).'" method="POST">
<p>USERNAME</p>
<input type="text" name="username"><br>
<p>PASSWORD</p>
<input type="text" name="password">
<input type="submit" value="LOGIN" name="submit"></form>';
} else {
if (isset($_POST['submit'])) {
include('login.php');
$connection=mysql_connect($db_host, $db_username, $db_password);
mysql_select_db($db_database);
$username=htmlentities($_POST['username']);
$password=htmlentities($_POST['password']);
if (isset($username) || isset($password)) {
$query="SELECT * FROM users WHERE username='".$username."' AND password='".md5($password)."' LIMIT 1";
$result=mysql_query($query);

while ($row=mysql_fetch_assoc($result)) {
$userid=$row['user_id'];
$firstname=$row['firstname'];
$lastname=$row['lastname'];

}

if (mysql_num_rows($result)==0) {
echo "Incorrect username or password.";
}
else {
$_SESSION['user_id']=$userid;
$_SESSION['username']=$username;
$_SESSION['firstname']=$firstname;
$_SESSION['lastname']=$lastname;
echo ("<p>Refresh the page.</p><br/>");
}
}
}

echo "
<p>This text is supposed to show when the user is logged in.</p><br/>
<a href='logouttest.php'>Log out</a>";
}
?>

.josh Advanced Member

.josh

Posted
Posted

You don't assign anything to your session vars unless they aren't set AND the login info is posted and vars verified through db.  So when you first submit the form, first condition that checks for session var still evaluates false, because your script hasn't verified the posted info and assigned anything to them yet.  When you post the vars and it checks out and assigns session vars, they will exist the next time around (refresh).

evanct Member

evanct

Posted
  • Author
Posted

You don't assign anything to your session vars unless they aren't set AND the login info is posted and vars verified through db.  So when you first submit the form, first condition that checks for session var still evaluates false, because your script hasn't verified the posted info and assigned anything to them yet.  When you post the vars and it checks out and assigns session vars, they will exist the next time around (refresh).

 

Alright I'm trying to wrap my head around this... does this mean i should declare the session vars(as null) at the beginning of the script?

.josh Advanced Member

.josh

Posted
Posted

No, there's nothing you can really do to change that.  There's no way to put your form, validation, and a 'logged in' message in the same script, without experiencing this session 'jet lag'.  You would have to at the very least split up your validation portion into a separate script and redirect back to this original script upon success. 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.