Hello,

I am using the code below for a user login. The first I try to login after cache / cookies, etc. have been cleared, the browser refreshes and the user name is not logged in. After that, logging in works fine.

Any idea how I can make it work the first time?

Thanks in advance,

John

index.php:

PHP Code:
<?php 


        
if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../index.php?username='.$username.'&password='.$password.'');} 



         require_once 
"header.php"
         include 
"login.php";
         require_once 
"footer.php";

        
?>
login.php:

PHP Code:
<?php
if (!isLoggedIn())
{
    if (isset(
$_POST['cmdlogin']))
    {
        if (
checkLogin($_POST['username'], $_POST['password']))
        {
            
show_userbox();


        } else
        {
            echo 
"Incorrect Login information !";
            
show_loginform();
        }
    } else
    {

        
show_loginform();
    }

} else
{

    
show_userbox();


}



?>
show_loginform function:

PHP Code:
function show_loginform($disabled false)
{

    echo 
'<form name="login-form" id="login-form" method="post" action="./index.php?'.$_SERVER['QUERY_STRING'].'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/.../register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/.../lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" '
;
    if (
$disabled == true)
    {
        echo 
'disabled="disabled"';
    }
    echo 
' /></p></form>';




header.php includes this:


PHP Code:
session_start(); 

here are the login credential check functions I'm using:

PHP Code:
<?php

#### Login Functions #####


function isLoggedIn()
{

    if (
session_is_registered('loginid') && session_is_registered('username'))
    {
        return 
true// the user is loged in
    
} else
    {
        return 
false// not logged in
    
}

    return 
false;

}

function 
checkLogin($u$p)
{
global 
$seed// global because $seed is declared in the header.php file

    
if (!valid_username($u) || !valid_password($p) || !user_exists($u))
    {
        return 
false// the name was not valid, or the password, or the username did not exist
    
}

    
//Now let us look for the user in the database.
    
$query sprintf("
        SELECT loginid 
        FROM login 
        WHERE 
        username = '%s' AND password = '%s' 
        AND disabled = 0 AND activated = 1 
        LIMIT 1;"
mysql_real_escape_string($u), mysql_real_escape_string(sha1($p $seed)));
    
$result mysql_query($query);
    
// If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same username and password, so the login will fail.
    
if (mysql_num_rows($result) != 1)
    {
        return 
false;
    } else
    {
        
// Login was successfull
        
$row mysql_fetch_array($result);
        
// Save the user ID for use later
        
$_SESSION['loginid'] = $row['loginid'];
        
// Save the username for use later
        
$_SESSION['username'] = $u;
        
// Now we show the userbox
        
return true;
    }
    return 
false;
}

?>