Jump to content

User have to login twice to get logged in - why? :/


Zola

Recommended Posts

Hi,

 

I have an issue with user logins. Basically they hgavce to login twice to get access to the member zone.

I have a form on a page and also a slider login form. Both go to the same place.

 

For some reason I and other users have to log in twice to get access. Can anyone please advise as to why this is happening?  I have tested it in several browsers and the problem remains.

 

Here is the code for the forms:

 

            <form name="login_form" method="post" action="download/log.php?action=login">
              <p>Login:<br /> <input type="text" name="user" autofocus="true" placeholder="Type Here" />
              </p>
            
             <p>Password: <br /><input type="password" name="pwd" placeholder="Type Here" />  </p>
             
              <p class="submit">
                <input type="submit" value="Submit" name="submit" class="submit" />
                </p>
              </form>

 

 

Here is the code from log.php. This file sits in the restricted directory and checks that details match the database before letting entry.

 

<?php session_start(); ?>


<?php

$hostname = "::";
$username = "::";
$password = "::";
$database = "::";

$link = MYSQL_CONNECT($hostname,$username,$password);

mysql_select_db($database); 
?>

<?php

if($_GET['action'] == "login") {
$conn = mysql_connect("::","::","::");
$db = mysql_select_db("dbname");  database name goes in this field.
$name = $_POST['user'];
$ip=$_SERVER['REMOTE_ADDR'];
$var = mysql_real_escape_string($var);
$country = file_get_contents('http://stonito.com/script/geoip/?ip='.$ip);
$q_user = mysql_query("SELECT * FROM customer WHERE username='$name'");

?>

<?php
               $insert_query = ("INSERT INTO login(username, ip, country) VALUES ('$name','$ip','$country');");
               mysql_query($insert_query) or die('Error, insert query failed');

?>



<?php
if(mysql_num_rows($q_user) == 1) {

$query = mysql_query("SELECT * FROM customer WHERE username='$name'");
$data = mysql_fetch_array($query);

if($_POST['pwd'] == $data['password']) {
$_SESSION['name'] = true;
header("Location: http://mydomain.com/download/index.php?un=$name");    // This is the page that you want to open if the user successfully logs in to your website.
exit;
} else {
header("Location: http://mydomain.com/failed_login.php");
exit;
}
}
}

if(!isset($_SESSION['name'])) {
header("Location: http://mydomain.com/support.php");
}
?>

 

 

 

 

Any help would be greatly appreciated.

Link to comment
Share on other sites

This symptom is typical of redirecting around between url's that have and don't have the www. on them, which causes the session to no longer match the variation of the domain name you happen to be on.

 

You are likely reaching the login form through a link that either does or does not have the www. in it. When the form is submitted it goes to your log in page with the same variation of the domain. When your log in code successfully authenticates the user, you redirect to - http://mydomain.com/download/index.php?un=$name (probably without the www. in the url.) The session check in your code at download/index.php doesn't work and it redirects back to the log in form. However, now the url you are using on the log in form will have the same variation of the url (probably without the www. in it) and the session will carry through to all pages.

 

If this sounds like what is occuring, there are two ways of correcting this -

 

1) You can set the session.cookie_domain to be '.yourdomain.com' (with the leading dot) so that the session id cookie will match all variations of your domain. You must do this before every session_start statement (putting it into a file that you are including on every page before the session_start is generally the surest and most portable solution.)

 

2) You can set up a .htaccess redirect to send all non-www. requests to the corresponding www. variation of your domain.

Link to comment
Share on other sites

This symptom is typical of redirecting around between url's that have and don't have the www. on them, which causes the session to no longer match the variation of the domain name you happen to be on.

 

You are likely reaching the login form through a link that either does or does not have the www. in it. When the form is submitted it goes to your log in page with the same variation of the domain. When your log in code successfully authenticates the user, you redirect to - http://mydomain.com/download/index.php?un=$name (probably without the www. in the url.) The session check in your code at download/index.php doesn't work and it redirects back to the log in form. However, now the url you are using on the log in form will have the same variation of the url (probably without the www. in it) and the session will carry through to all pages.

 

If this sounds like what is occuring, there are two ways of correcting this -

 

1) You can set the session.cookie_domain to be '.yourdomain.com' (with the leading dot) so that the session id cookie will match all variations of your domain. You must do this before every session_start statement (putting it into a file that you are including on every page before the session_start is generally the surest and most portable solution.)

 

2) You can set up a .htaccess redirect to send all non-www. requests to the corresponding www. variation of your domain.

 

Sorry for the late reply, I have been away for a few days.  Thank you very much for your reply!

 

I changed the log information to redirect to http://www.mysite.com/etc

The issue seems to only crop up if the user has mysite.com in the address bar and not www.mysite.com

 

When the WWW. is in the address bar it seems to work in all browsers... but it takes two attempts when the www. is not there.

 

Can you please explain what you mean when setting session.cookie_domain  ?

 

I am fairly new to php. What would I need to write before my session start call to get this to work for all users?

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.