Jump to content

[SOLVED] Login Script forcing me to login twice?

cooldude832

By cooldude832
in PHP Coding Help

 Share

Recommended Posts

cooldude832 Advanced Member

cooldude832

Posted
Posted

I have built a login script and for some strange reason its forcing me to login twice. Not saying the user/pass is wrong first time, it moves the headers fine, it just show the old page with the login any ideas?

here is some relative code:

protected.php

<?php
<?php
session_start();
if (!empty($_SESSION['loggedon']))
{
$view = "login";
}
function selfURL() 
{
	$s = empty($_SERVER["HTTPS"]) ? '' : ($_SERVER["HTTPS"] == "on") ? "s" : "";
	$protocol = strleft(strtolower($_SERVER["SERVER_PROTOCOL"]), "/").$s;
	$port = ($_SERVER["SERVER_PORT"] == "80") ? "" : (":".$_SERVER["SERVER_PORT"]);
	return $protocol."://".$_SERVER['SERVER_NAME'].$port.$_SERVER['REQUEST_URI']; 
}
function strleft($s1, $s2) 
{
	return substr($s1, 0, strpos($s1, $s2)); 
}
$url = selfURL();
//down the doc
if ($view == "login")
{
echo "Welcome: ".$firstname." (".$username.")<br />
		<ul class='account_links'>
			<li><a href='user_update.php' alt='update user data'>Update User Information</a></li>     
			<li><a href='user_account.php' alt='account management'>Account Manager</a></li>
			<li><a href='placead_form.php' alt='place an ad'>Place an Ad</a></li>
			<li><a href='logout.php?url=".$url."' alt='logout'>Logout</a></li>
			</ul><br />";
}
else
{

include("login.html");
}
?>

this is my login script

login.php

<?php
<?php
$start = session_start();
$ob = ob_start();

// Recreation of variables for later encryption uses the $_POST  will be replaced with the decrypted source
$username = trim($_POST['username']);
$password =  trim($_POST['password']);
$cryptpassword = md5($password);
$url =  trim($_POST['url']);
//Connects to DB
require("includes/mysql_include.php");
$table = "users";
$sql="SELECT * FROM $table WHERE Username='$username' and Password='$cryptpassword'";
$result=mysql_query($sql);
// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
$storage=  mysql_fetch_array($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count==1)
{
// Register $myusername, $mypassword and redirect to file "login_success.php"
$_SESSION['loggedon'] = "yes";
$_SESSION['user'] = $username;
$_SESSION['firstname'] = $storage['Firstname'];
header("location: $url");
}
else 	
{
echo "Wrong Username or Password";
}
?>

any help be great thanks

 

Couple extra notes:

if you logout and relogin you only need enter login data once, logout loggsout fine and i've tried refreshing the page after logging in once no good

Link to comment
Share on other sites
micah1701 Member

micah1701

Posted
Posted

going out on a limb here but...

 

why do you have $start = session_start();

 

why not just call session_start(); at the start of the page?

 

I haven't looked through all your code so i don't know if this is relevant but I might guess that the first time you submit the page, it hasn't started the session yet. On reload, the sessios has now been started/continued and it works fine.  Would explain why it works after logging out too -- because the session is already working

Link to comment
Share on other sites
ericamcampbell Newbie

ericamcampbell

Posted
Posted

Try something like this - you will have two files one with the login interface & then the php... the action calls the script...

 

LOGIN:

<table>

<form method="POST" action="login.php">

<tr><td align="center" class="header">Employee Login</td></tr>

<tr><td>Username:

<input type="text" name="username" size="18" maxlength="50"/></td></tr>

<tr><td>Password:

<input type="password" name="password" size="18" maxlength="50" /></td></tr>

<tr><td align="center">

<input type="submit" value="submit" name="login" />

<input type="reset" value="clear" name="clear" /></td></tr>

</form>

</table>

 

 

 

SCRIPT:

<?php

//check that the user is calling the page from the login form and not accessing it directly

//and redirect back to the login form if necessary

if (!isset($_POST['username']) || !isset($_POST['password'])) {

header( "Location: index.shtml" );

exit();

}

//check that the form fields are not empty, and redirect back to the login page if they are

elseif (empty($_POST['username']) || empty($_POST['password'])) {

header( "Location: index.shtml" );

exit();

}

else{

//Connect to MySQL

$db = mysql_connect('localhost', 'root', 'pswd') or die ("Error Connecting to MySQL: " . mysql_error());

 

//Connect to DB

mysql_select_db("transport", $db) or die ('<font color="red"><h1>Could not select the database: </h1></font>' . mysql_error());

 

//Check for connection

If ($db) {

echo 'Connected to Database: ';

echo $db . "<br />";

}

else {

echo'<font color="red"><h1>Cannot connect to MySQL Database.</h1></font>';

header("Refresh: 2; URL=index.shtml");

}

 

//add slashes to the username and md5() the password

$user = addslashes($_POST['username']);

$pass = md5($_POST['password']);

 

//Query database

$result = mysql_query("SELECT * FROM transport.users WHERE username='$user' AND password='$pass'", $db) or die ('<font color="red"><h1>Could not select the database: </h1></font>' . mysql_error()); 

 

//check that at least one row was returned

$rowCheck = mysql_num_rows($result);

echo "Returned " . $rowCheck . " number of rows.<br />";

 

if($rowCheck > 0){

while($row = mysql_fetch_array($result)){

//clear any old sessions

if (isset($_SESSION['username']) || isset($_SESSION['password'])){

session_unset();

session_destroy();

$_SESSION['username'] = NULL;

$_SESSION['password'] = NULL;

unset($_SESSION['username']);

unset($_SESSION['password']);

}

 

//start the session and register a variable

session_start();

$_SESSION['username'] = $user;

$_SESSION['password'] = $pass;

 

 

if (isset($_SESSION['username']) ) {

echo "Session started: " . $_SESSION['username'] .  '<br />';

}

 

//logged in redirect to internal site

header("Refresh: 2; URL=internal.shtml");

echo '<font color="red"><h1>Thank you, ' . $user . ' you are successfully logged in.</h1></font><br />';

}

}

else {

header("Refresh: 2; URL=index.shtml");

 

//if nothing is returned by the query, unsuccessful login code goes here...

echo ('<font color="red"><h1>Incorrect login name or password.</h1></font>');

exit();

}

}

?>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.