[SOLVED] PHP login script requires user to login twice

[odysseusming]

I'm trying to create a simple PHP login, where the user logs in on the first page (login.php), and if the login is correct, is directed to the second page (page.php). The problem with my code is that the user is required to login twice in order to be successfully taken to the second page (page.php). Here's my code:

 

login.php page code:

<?php
session_start();

// Define your username and password
$username = "a";
$password = "b";

# define a redirect url
$redirect_url = "http://www.mydomain.com/page.php";

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "yes") {
          header("Location: $redirect_url");
}

if (($_POST['txtUsername'] == $username) && ($_POST['txtPassword'] == $password))
     {
          $_SESSION['logged_in'] = "yes";
          header("Location: $redirect_url");
          die;
     }
?>

<h2>Please Login</h2>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
<br/>
<label for="txtUsername">Username*</label>
<br/>
  <input name="txtUsername" type="text"  id="txtUsername" size="30" />
  <br/>
<label for="txtPassword">Password*</label>
<br/>
  <input name="txtPassword" type="password"  id="txtPassword" size="30" />
<br/>
<br/>
<input name="Submit" type="submit" value="Login" />
</p>
</form>

 

page.php page code:

<?php
session_start();
if ($_SESSION['logged_in'] !== "yes")
     {
          header("Location: http://www.mydomain.com/login.php");
          die;
     }
?>

login successful

[Goafer]

i'd suggest a if(isset($_POST['submit']))

around the validation code

[odysseusming]

not sure what you mean by "validation code"? which code exactly?

[gevans]

On your first attempt does it just reload the same page (login)??

 

Also;

 

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "yes") {
          header("Location: $redirect_url");
}

 

should be

 

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "yes") {
          header("Location: $redirect_url");
die;
}

[odysseusming]

Yes - on the first attempt it just reloads the login page. But if I try to go to the page.php page first, it bounces me back to the login.php page (as it should) - and then if I try to login, it works on the first try. Makes me think it's something with the script on the page.php page.

 

And I added the "die;" you suggested - still no luck.

 

Any further thoughts...

[gevans]

Well, it sounds like the login works the first time, but once you hit the second page it pushes you back to the login page.

 

We'll check to see if that is the case;

 

Use this code for page.php

 

<?php
session_start();
var_dump($_SESSION);
exit;
if ($_SESSION['logged_in'] !== "yes")
     {
          header("Location: http://www.mydomain.com/login.php");
          die;
     }
?>

login successful

 

Try to login the same way as you would when it doesn't work and post what was printed to screen.

[jcombs_31]

edit: I should fix my eyes

 

!=

[odysseusming]

gevans - I pasted your code into the page.php page and it gave me:

 

array(0) { }

[gevans]

Ahhh, I did have a reply, but just though of something quick... Are you accessing your site via;

 

www.you-domain.com

 

or

 

you-domain.com

 

I've seen that cause issues when your session is setting an SID cookie...

[revraz]

Remove the absolute links and use relative instead.

[odysseusming]

that did it. thanks very much...