Log in script issues. I have to log in twice before log in takes

[pioneerx01]

I am working on log-in script, but I am having some issues. Here is what's happening. With history and cookies cleared on browser, I go to my admin page that require log-in and I am presented with my log-in page. I enter my valid credentials and system logs me in and shows me what I should see when logged in as an admin, like admin menu. When I want to navigate to another admin only page via admin menu, I am kicked back to log-in page as if I were not logged in. When I do log-in again, I am back in the admin only pages. After this second log-in I am free to browse around admin pages without having to log-in again. 

 

When I log-out and what to go to another admin page I am asked to log-in, as I should. When I do log-in, I am free to move around without having to log-in second time. I get this "two time" log-in issue when the history and cookies are cleared on the browser. I have same problem in Chrome and Firefox. Coincidentally, Explorer does not seem to have this problem. 

 

All of my admin pages are structured like this:

require_once ("../system_specific/database_connect.php");
require_once ("log-in/session.php");
require_once ("../support_files/admin_header.php");

echo "something here for admins";

require_once ("../support_files/admin_footer.php");

My session.php file is structured like this:

session_start();

if ($_POST['log_in_attempt'] != "")
{
	require_once (__DIR__.'../../../support_files/functions.php');

	$email = trim(mysqli_real_escape_string($dbc, "$_POST[email]"));
	$entered_password = trim(mysqli_real_escape_string($dbc, "$_POST[password]"));
	$encrypted_password = encrypted_password($entered_password);
	
	if ($email == "" or $entered_password == "") $missing_log_in_field = 1;

	else
	{
		$query_user_accounts = "SELECT * FROM user_accounts WHERE `email` = '$email' AND `password` = '$encrypted_password' ";
		$result_user_accounts = $dbc->query($query_user_accounts);
		$num_rows = $result_user_accounts->num_rows;
		
		if ($num_rows == 0) $no_accounts_found = 1;
		
		else if ($num_rows == 1)
		{
			$row_user_account = mysqli_fetch_array($result_user_accounts);
			$_SESSION['active_admin_session'] = 1;
			$_SESSION['user_account_id'] = $row_user_account[ID];
			$_SESSION['email'] = $email;
			$_SESSION['password'] = $encrypted_password;
		}
		
		else $multiple_accounts_found = 1;
		
		$result_user_accounts->close();
	}
}

if ($_SESSION['active_admin_session'] != 1)
{
	require_once (__DIR__."../../../support_files/admin_header.php");
	
	echo "<div id='form_container'>";
		
		echo "<div id='left_form_container'>";
			
			echo "<form action='' method='post'>";
			
			$form_variables = array("in","text","Email:","email","required");
			require (__DIR__."../../../support_files/form_fields.php");
			
			$form_variables = array("in","password","Password:","password","required");
			require (__DIR__."../../../support_files/form_fields.php");
			
			echo "<br/><br/>";
			echo "<input name='log_in_attempt' type='submit' value='Log In'>";
			echo "</form>";
			
		echo "</div>"; // Left Form Container
	
		echo "<div id='right_form_container'>";
		
			if ($missing_log_in_field == 1)
			{
				echo "<h6 class='red_text'>Log In Error</h6>";
				echo "Both <strong>email</strong> and valid <strong>password</strong> are required for administrative log in.";
			}
			
			else if ($no_accounts_found == 1)
			{
				echo "<h6 class='red_text'>Log In Error</h6>";
				echo "Log in credentials that were provided are not valid, Please check your credentials and try again. If the problem persists, please contact the system administrator. ";
			}
			
			else if ($multiple_accounts_found == 1)
			{
				echo "<h6 class='red_text'>Log In Error</h6>";
				echo "There has been a log in error. Please contact the system administrator to resolve this issue.";
			}
			
			else
			{
				echo "<h6>Creating Account</h6>";
				echo "If you have received an email from system administrator in regards to creating an account and you have valid authorization code, you can <a href='../new_account'>create your account now</a>. ";
			}

		echo "</div>"; // Right Form Container
		
	echo "</div>"; // Form Container
		
	echo "</form>";
	
	die();
}

Any ideas? 

[ginerjm]

Without looking thru all that code let me state this. You do know that if you set a cookie you cannot retrieve it until the next time you enter that script? The cookies are sent to your session after your next request. I may not be saying it correctly, but if you set a cookie and then try to read it 100 lines later in your code, you will fail. Don't know if that is what you are doing, but if it is, now you know.

[pioneerx01]

The session script above is called every time an admin page loads. Rest of the code does not handle any session information. But I have figured it out. When initially logging in, with history and cookies cleared, I was going to https://domain.com/... which when logged in took me to that page, however the admin menus are going to https://www.domain.com/. I guess https://domain.com/ and https://www.domain.com/ are seen differently when logging in. 

I learned new thing today

[QuickOldCar]

Yes is treated as a subdomain.

 

add a htaccess redirect to make all www redirect to non www.

You can also do this at your domain registrar.

[pioneerx01]

Yes, I am going to htaccess that. 

[Jacques1]

I would actually use www.yoursite.com as the canonical domain for your website, because that's exactly what the subdomain is for: the WWW. In other words, redirect all HTTP(S) requests to www.yoursite.com.

 

The main domain is more like a namespace for different services (e. g. your main site, a forum, a chat, ...).