Jump to content

Log in script issues. I have to log in twice before log in takes


pioneerx01

Recommended Posts

I am working on log-in script, but I am having some issues. Here is what's happening. With history and cookies cleared on browser, I go to my admin page that require log-in and I am presented with my log-in page. I enter my valid credentials and system logs me in and shows me what I should see when logged in as an admin, like admin menu. When I want to navigate to another admin only page via admin menu, I am kicked back to log-in page as if I were not logged in. When I do log-in again, I am back in the admin only pages. After this second log-in I am free to browse around admin pages without having to log-in again. 

 

When I log-out and what to go to another admin page I am asked to log-in, as I should. When I do log-in, I am free to move around without having to log-in second time. I get this "two time" log-in issue when the history and cookies are cleared on the browser. I have same problem in Chrome and Firefox. Coincidentally, Explorer does not seem to have this problem. 

 

All of my admin pages are structured like this:

require_once ("../system_specific/database_connect.php");
require_once ("log-in/session.php");
require_once ("../support_files/admin_header.php");

echo "something here for admins";

require_once ("../support_files/admin_footer.php");

My session.php file is structured like this:

session_start();

if ($_POST['log_in_attempt'] != "")
{
	require_once (__DIR__.'../../../support_files/functions.php');

	$email = trim(mysqli_real_escape_string($dbc, "$_POST[email]"));
	$entered_password = trim(mysqli_real_escape_string($dbc, "$_POST[password]"));
	$encrypted_password = encrypted_password($entered_password);
	
	if ($email == "" or $entered_password == "") $missing_log_in_field = 1;

	else
	{
		$query_user_accounts = "SELECT * FROM user_accounts WHERE `email` = '$email' AND `password` = '$encrypted_password' ";
		$result_user_accounts = $dbc->query($query_user_accounts);
		$num_rows = $result_user_accounts->num_rows;
		
		if ($num_rows == 0) $no_accounts_found = 1;
		
		else if ($num_rows == 1)
		{
			$row_user_account = mysqli_fetch_array($result_user_accounts);
			$_SESSION['active_admin_session'] = 1;
			$_SESSION['user_account_id'] = $row_user_account[ID];
			$_SESSION['email'] = $email;
			$_SESSION['password'] = $encrypted_password;
		}
		
		else $multiple_accounts_found = 1;
		
		$result_user_accounts->close();
	}
}

if ($_SESSION['active_admin_session'] != 1)
{
	require_once (__DIR__."../../../support_files/admin_header.php");
	
	echo "<div id='form_container'>";
		
		echo "<div id='left_form_container'>";
			
			echo "<form action='' method='post'>";
			
			$form_variables = array("in","text","Email:","email","required");
			require (__DIR__."../../../support_files/form_fields.php");
			
			$form_variables = array("in","password","Password:","password","required");
			require (__DIR__."../../../support_files/form_fields.php");
			
			echo "<br/><br/>";
			echo "<input name='log_in_attempt' type='submit' value='Log In'>";
			echo "</form>";
			
		echo "</div>"; // Left Form Container
	
		echo "<div id='right_form_container'>";
		
			if ($missing_log_in_field == 1)
			{
				echo "<h6 class='red_text'>Log In Error</h6>";
				echo "Both <strong>email</strong> and valid <strong>password</strong> are required for administrative log in.";
			}
			
			else if ($no_accounts_found == 1)
			{
				echo "<h6 class='red_text'>Log In Error</h6>";
				echo "Log in credentials that were provided are not valid, Please check your credentials and try again. If the problem persists, please contact the system administrator. ";
			}
			
			else if ($multiple_accounts_found == 1)
			{
				echo "<h6 class='red_text'>Log In Error</h6>";
				echo "There has been a log in error. Please contact the system administrator to resolve this issue.";
			}
			
			else
			{
				echo "<h6>Creating Account</h6>";
				echo "If you have received an email from system administrator in regards to creating an account and you have valid authorization code, you can <a href='../new_account'>create your account now</a>. ";
			}

		echo "</div>"; // Right Form Container
		
	echo "</div>"; // Form Container
		
	echo "</form>";
	
	die();
}

Any ideas? 

Link to comment
Share on other sites

Without looking thru all that code let me state this. You do know that if you set a cookie you cannot retrieve it until the next time you enter that script? The cookies are sent to your session after your next request. I may not be saying it correctly, but if you set a cookie and then try to read it 100 lines later in your code, you will fail. Don't know if that is what you are doing, but if it is, now you know.

Link to comment
Share on other sites

The session script above is called every time an admin page loads. Rest of the code does not handle any session information. But I have figured it out. When initially logging in, with history and cookies cleared, I was going to https://domain.com/... which when logged in took me to that page, however the admin menus are going to https://www.domain.com/. I guess https://domain.com/ and https://www.domain.com/ are seen differently when logging in. 

I learned new thing today :)

Link to comment
Share on other sites

I would actually use www.yoursite.com as the canonical domain for your website, because that's exactly what the subdomain is for: the WWW. In other words, redirect all HTTP(S) requests to www.yoursite.com.

 

The main domain is more like a namespace for different services (e. g. your main site, a forum, a chat, ...).

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.