Login Page Kills Members Session

[justlukeyou]

Hi,

 

I have finally created a membership script which I can start to work on the security aspect. However when I go back to the Login page it kills the members session.

 

When someone logs the login page automatically loads another page but if the user goes back to this page it will kill their login. Can anyone advise how I can ensure the by revisting the login page it does not kill their login.

 

 

 

mysql_connect($host, $username, $password);
mysql_select_db($database);
   ini_set(’session.gc_maxlifetime’, 60*60);
?>

<?php
   session_start();
   $_SESSION['userLoggedIn'] = 0;
   $_SESSION['userEmail'] = '';
   $_SESSION['userID'] = '';
$_SESSION['userfirstname'] = '';
$_SESSION['usersurname'] = '';

   // Reset errors and success messages
   $errors = array();
   $success = array();

   // Login attempt
   if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true')
   {
    $loginEmail = filter_var(trim($_POST['email']), FILTER_VALIDATE_EMAIL);
    $loginPassword    = trim($_POST['password']);


    if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12)
    {
	    $errors['loginPassword'] = 'Your password must be between 6-12 characters.';
    }
    if(count($errors) === 0)
    {
$query    = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . mysql_real_escape_string($loginPassword) . '") LIMIT 1'; 
	    $result = mysql_query($query);
	    if (!$result)
	    {
		    die('Invalid query: ' . mysql_error());
	    }

	    if(mysql_num_rows($result) === 1)
	    {
		    $row = mysql_fetch_assoc($result);
		    $_SESSION['userLoggedIn'] = 1;
		    $_SESSION['userEmail'] = $loginEmail;
		    $_SESSION['userID'] = $row['id'];
		    $_SESSION['userfirstname'] = $row['firstname'];
   $_SESSION['usersurname'] = $row['surname'];

		    header('Location: complete.php');
		    exit;
	    } else {
		    $errors['login'] = 'No user was found with the details provided.';
	    }
    }
   }
   /*
  The rest of your login page code
   */
 // Reset errors and success messages 
   $errors = array(); 
   $success = array(); 
   // Login attempt 
   if(isset($_POST['loginSubmit']) && $_POST['loginSubmit'] == 'true'){ 
    $loginEmail = trim($_POST['email']); 
    $loginPassword  = trim($_POST['password']); 

$email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL);
if (!$email)
{
 $error = 'Please enter your email address in a valid format.  Example: [email protected]';
}

    if(strlen($loginPassword) < 6 || strlen($loginPassword) > 12) 
	    $errors['loginPassword'] = 'Your password must be between 6-12 characters.'; 

    if(!$errors){ 
	    $query  = 'SELECT * FROM users WHERE email = "' . mysql_real_escape_string($loginEmail) . '" AND password = MD5("' . $loginPassword . '") LIMIT 1'; 
	    $result = mysql_query($query); 
	    if(mysql_num_rows($result) == 1){ 
		    $user = mysql_fetch_assoc($result); 
		    $query = 'UPDATE users SET session_id = "' . session_id() . '" WHERE id = ' . $user['id'] . ' LIMIT 1'; 
		    mysql_query($query); 
		    header('Location: index.php'); 
		    exit; 
	    }else{ 
		    $errors['login'] = 'No user was found with the details provided.'; 
	    } 
    } 
   } 

   // Register attempt 
   if(isset($_POST['registerSubmit']) && $_POST['registerSubmit'] == 'true'){
   $registerfirstname = mysql_real_escape_string(trim($_POST['firstname']));
   $registersurname = mysql_real_escape_string(trim($_POST['surname']));
    $registerEmail = trim($_POST['email']); 
    $registerPassword = trim($_POST['password']); 
    $registerConfirmPassword    = trim($_POST['confirmPassword']); 

   if(!isset($registerfirstname) || empty($registerfirstname)) {
    $errors['firstname'] = "Please enter your First Name.";
   }

if(!isset($registersurname) || empty($registersurname)) {
    $errors['surname'] = "Please enter your Surname.";
   }

  if ($loginEmail === false)
    {
	  $errors['loginEmail'] = 'Please enter your email address in a valid format.    Example: [email protected]';
    }

    if(strlen($registerPassword) < 6 || strlen($registerPassword) > 12)	
	    $errors['registerPassword'] = 'Your password must be between 6-12 characters.'; 

    if($password != $confirmPassword && !$error) {
    $error = "The passwords you entered did not match.";
   }

$Email = filter_var($_POST['registerEmail'], FILTER_VALIDATE_EMAIL);
if (!registerEmail)
{
$errors['registerEmail'] = 'Please enter your email address in a valid format.  Example: [email protected]';
}

    if($registerPassword != $registerConfirmPassword) 
	    $errors['registerConfirmPassword'] = 'Your passwords did not match.'; 

    // Check to see if we have a user registered with this email address already 


if(!$errors){
  $query = "INSERT INTO users (firstname, surname, email, password, date_registered) VALUES ('" . $firstname . "', '" . $surname . "', '" . mysql_real_escape_string($registerEmail) . "', MD5('" . mysql_real_escape_string($registerPassword) . "'), NOW())";

 $result = mysql_query($query) or die(mysql_error()); // remove the or die(mysql_error()) code after you resolve the error
 if($result){
	  $success['register'] = 'Thank you for registering. You can now log in on the left.';
  }else{
	  $errors['register'] = 'There was a problem registering you. Please check your details and try again.';
 }
} 
		   }



   $query = mysql_query("SELECT id FROM users WHERE email = '".$email."' LIMIT 1");
   if(mysql_num_rows($query) > 0 && !$error) {
    $error = "Sorry, that email is already in use!";
   }

   if(!$error) {
    $query = mysql_query("INSERT INTO users (email) VALUES ('".$password."', '".$password."', '".mysql_real_escape_string(md5($password))."', '".$email."')");
    if($query) {
	    $message = "Hello ".$_POST['email'].",\r\n\r\nThanks for registering with .com! We hope you enjoy your stay.\r\n\r\n Many Thanks,\r\n.com";
	    $headers = "From: ".$website['name']." <".$website['email'].">\r\n";
	    mail($_POST['email'], "Welcome", $message, $headers);
	    setcookie("user", mysql_insert_id(), $time);
	    setcookie("pass", mysql_real_escape_string(md5($password)), $time);
	    header("Location: users.php");
    } else {
	    $error = "There was a problem with the registration. Please try again.";
    }
   }


   ?>   

[MDCode]

<?php
session_start();
$_SESSION['userLoggedIn'] = 0;
$_SESSION['userEmail'] = '';
$_SESSION['userID'] = '';
$_SESSION['userfirstname'] = '';
$_SESSION['usersurname'] = '';
?>

 

You're setting everything back to nothing without even checking.

[justlukeyou]

Thanks,

 

I took that out but it still has the same affect.

 

Could it have something to do with this:

 

 $row = mysql_fetch_assoc($result);
		    $_SESSION['userLoggedIn'] = 1;
		    $_SESSION['userEmail'] = $loginEmail;
		    $_SESSION['userID'] = $row['id'];
		    $_SESSION['userfirstname'] = $row['firstname'];
   $_SESSION['usersurname'] = $row['surname'];

[berridgeab]

No, if a user resubmits the POST then the query would get run and set the session again. Maybe there is another page unsetting the session array.

[MDCode]

No, if a user resubmits the POST then the query would get run and set the session again. Maybe there is another page unsetting the session array.

 

I have to agree with them. Seeing as you are not showing the entire page it does not help either

[justlukeyou]

Cheers guys. Im sure I have it structured the same as the other pages. The register page also does the same thing. I have to compare the pages that work agains the pages which kill the session. Hopefully I will be able to pick out what is causing the problem.