qwequtimbs Posted February 23 Share Posted February 23 I've implemented a login feature on the site, but whenever a user tries to sign in, the login page takes forever to redirect them to the dashboard or home page after successful authentication. It's frustrating because it's hindering the user experience and I'm afraid it might drive away potential users. I've tried troubleshooting on my own, but I'm hitting a dead end. I thought maybe you could lend me a hand since you're more experienced in web development than I am. please can someone help me out? Quote Link to comment https://forums.phpfreaks.com/topic/318462-login-page-takes-forever-to-redirect-to-dashboard-after-signin/ Share on other sites More sharing options...
mac_gyver Posted February 23 Share Posted February 23 you probably have a redirect-loop or code that's caught in a loop in php. you would need to post all the code, less any database connection credentials, for the login operation and at least the login check code from one of the other pages. btw - the only redirect you should have in your login code should be to the exact same URL of the login page to cause a get request for that page. this will prevent the browser from trying to resubmit the form data should that page get reloaded or browsed back to, where someone can use the browser's developer tools to see what the form data is, even if you prevent the form from being displayed. to allow someone to go to another page, provide navigation links, or put the login form processing/form on any page that needs it. Quote Link to comment https://forums.phpfreaks.com/topic/318462-login-page-takes-forever-to-redirect-to-dashboard-after-signin/#findComment-1616417 Share on other sites More sharing options...
qwequtimbs Posted February 23 Author Share Posted February 23 <?php $UniqueName = "Secure Login"; require_once("auth/header.php"); if (@$_SESSION['internetid']) { header("Location:./accounts/dashboard.php"); } if (isset($_POST['acct_login'])) { $internetid = inputValidation($_POST['login']); // $internetid = inputValidation($_POST['internetid']); $acct_password = inputValidation($_POST['acct_password']); $log = "SELECT * FROM accounts WHERE internetid='$internetid' OR acct_email = '$internetid'"; $stmt = $conn->prepare($log); $stmt->execute(); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($stmt->rowCount() === 0) { toast_alert("error", "Invalid login details"); } else { $validPassword = password_verify($acct_password, $user['acct_password']); if ($validPassword === false) { toast_alert("error", "Invalid login details"); } else { // if ($user['acct_status'] === 'hold') { // toast_alert("error", "Account on Hold, Kindly contact support to activate your account"); // } else { if (true) { //IP LOGIN DETAILS $device = $_SERVER['HTTP_USER_AGENT']; $ipAddress = $_SERVER['REMOTE_ADDR']; $nowDate = date('Y-m-d H:i:s'); $internetid = $user['internetid']; $stmt = $conn->prepare("INSERT INTO audit_logs (internetid,device,ipAddress,datenow) VALUES(:internetid,:device,:ipAddress,:datenow)"); $stmt->execute([ 'internetid' => $internetid, 'device' => $device, 'ipAddress' => $ipAddress, 'datenow' => $nowDate ]); $details = "Login into dashboard"; $internetid = $user['internetid']; $stmt2 = $conn->prepare("INSERT INTO activities (internetid,details) VALUES(:internetid,:details)"); $stmt2->execute([ 'internetid' => $internetid, 'details' => $details ]); if ($page['padiwise_sms'] == '1') { $messageText = "New Login Notification"; $recipient = $user['acct_phone']; $responseBody = send_bulk_sms(array( 'sender_name' => get_setting('display_name'), 'recipient' => $recipient, 'reference' => date('Y') . uniqid() . rand(1, 9), 'message' => $messageText )); } if($page['otp_code'] == "1"){ $acct_otp = substr(number_format(time() * rand(), 0, '', ''), 0, 6); $sql = "UPDATE accounts SET acct_otp=:acct_otp WHERE internetid=:internetid"; $stmt = $conn->prepare($sql); $stmt->execute([ 'acct_otp'=>$acct_otp, 'internetid' => $internetid ]); $full_name = $user['firstname'] . " " . $user['lastname']; $APP_NAME = WEB_TITLE; $APP_URL = WEB_URL; $SITE_ADDRESS = $page['website_address']; $APP_NUMBER = WEB_PHONE; $APP_EMAIL = WEB_EMAIL; $user_email = $user['acct_email']; $message = $sendMail->OtpLoginMsg($full_name, $acct_otp, $APP_NAME, $APP_NUMBER, $APP_EMAIL, $APP_URL, $SITE_ADDRESS); // User Email $subject = "OTP CODE" . "-" . $APP_NAME; $email_message->send_mail($user_email, $message, $subject); $_SESSION['login'] = $user['internetid']; header("Location:./otp-verify.php"); exit; } else { $full_name = $user['firstname'] . " " . $user['lastname']; $APP_NAME = WEB_TITLE; $APP_URL = WEB_URL; $SITE_ADDRESS = $page['website_address']; $APP_NUMBER = WEB_PHONE; $APP_EMAIL = WEB_EMAIL; $user_email = $user['acct_email']; $message = $sendMail->LoginMsg($full_name, $APP_NAME, $APP_NUMBER, $APP_EMAIL, $APP_URL, $SITE_ADDRESS); // User Email $subject = "Login Notification" . "-" . $APP_NAME; $email_message->send_mail($user_email, $message, $subject); $_SESSION['login'] = $user['internetid']; header("Location:./pin.php"); exit; } } } } } // } ?> <div class="form-container"> <div class="form-form"> <div class="form-form-wrap"> <div class="form-container"> <div class="form-content"> <h1 class="">Log In to <a href="/"><span class="brand-name"><?= $page['website_name'] ?></span></a></h1> <p class="signup-link">New Here? <a href="./get-started.php">Create an account</a></p> <form class="text-left" method="POST" enctype="multipart/form-data"> <div class="form"> <div id="username-field" class="field-wrapper input"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-user"> <path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"></path> <circle cx="12" cy="7" r="4"></circle> </svg> <input id="username" name="login" type="text" class="form-control" placeholder="Internet ID"> </div> <div id="password-field" class="field-wrapper input mb-2"> <svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-lock"> <rect x="3" y="11" width="18" height="11" rx="2" ry="2"></rect> <path d="M7 11V7a5 5 0 0 1 10 0v4"></path> </svg> <input id="password" name="acct_password" type="password" class="form-control" placeholder="Password"> </div> <div class="d-sm-flex justify-content-between"> <div class="field-wrapper toggle-pass"> <p class="d-inline-block">Show Password</p> <label class="switch s-primary"> <input type="checkbox" id="toggle-password" class="d-none"> <span class="slider round"></span> </label> </div> </div> <br> <center> <button type="submit" class="btn btn-primary btn-block mb-4 mr-2" name="acct_login">ACCESS DASHBOARD</button></center> <div class="field-wrapper text-center keep-logged-in"> <div class="n-chk new-checkbox checkbox-outline-primary"> <label class="new-control new-checkbox checkbox-outline-primary"> <input type="checkbox" class="new-control-input"> <span class="new-control-indicator"></span>Keep me logged in </label> </div> </div> <div class="field-wrapper"> <a href="reset-password.php" class="forgot-pass-link">Forgot Password?</a> </div> </div> </form> <p class="terms-conditions">© 2024 All Rights Reserved. <a href="/"><?= $page['website_name'] ?></a></p> </div> </div> </div> </div> <div class="form-image"> <div class="l-image"> </div> </div> </div> <?php require_once("auth/footer.php"); ?> Quote Link to comment https://forums.phpfreaks.com/topic/318462-login-page-takes-forever-to-redirect-to-dashboard-after-signin/#findComment-1616418 Share on other sites More sharing options...
qwequtimbs Posted February 23 Author Share Posted February 23 Please thats the code above 20 minutes ago, mac_gyver said: you probably have a redirect-loop or code that's caught in a loop in php. you would need to post all the code, less any database connection credentials, for the login operation and at least the login check code from one of the other pages. btw - the only redirect you should have in your login code should be to the exact same URL of the login page to cause a get request for that page. this will prevent the browser from trying to resubmit the form data should that page get reloaded or browsed back to, where someone can use the browser's developer tools to see what the form data is, even if you prevent the form from being displayed. to allow someone to go to another page, provide navigation links, or put the login form processing/form on any page that needs it. Quote Link to comment https://forums.phpfreaks.com/topic/318462-login-page-takes-forever-to-redirect-to-dashboard-after-signin/#findComment-1616420 Share on other sites More sharing options...
mac_gyver Posted February 23 Share Posted February 23 this code is apparently sending either a text or email with a one-time-pin. my guess is it isn't displaying the pin entry page, eventually times out, and redirects to the dashboard page. you would need to show or state what exactly does happen and what you expect to happen. the only things I can tell you based on the posted code are - don't use the @ error suppressor. If you want to test if a variable is set, either use isset()/!isset() or use the Null coalescing operator to condition the input to a default false value. the first header() redirect needs an exit/die statement to stop php code execution, like the rest of the code is using. whatever your inputValidation() function does, it probably doesn't make a value safe to put directly into an sql query. correctly use a prepared query, like the rest of the code is using. Quote Link to comment https://forums.phpfreaks.com/topic/318462-login-page-takes-forever-to-redirect-to-dashboard-after-signin/#findComment-1616423 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.