Hello,

I am using a login system that malfunctions when a fresh browser session is opened. It appears to happen across all browsers. Here's what happens:

I open a new browser session.
I enter a user name and password, and I am logged in just fine.
I navigate to another page (any page), and I am no longer logged in (this is bad - not what I want).
I enter a user name and password, and I am logged in just fine.
I navigate elsewhere, and I am still logged in (this is good - this is what I want).
During the same browser session, the log-in / log-out works fine. I can even log in with different usernames and navigate freely and all functions as it should.
This happens every time I open a new browser window. So basically, I have to do the initial log-in twice for the first username I user per browser session. Then, everything works just fine, even for multiple users.

Any idea why this might be happening?

The code I am using is below.

Thanks in advance,

John

login.php:

PHP Code:
<?php
if (!isLoggedIn())
{
    
// user is not logged in.
    
if (isset($_POST['cmdlogin']))
    {
        
// retrieve the username and password sent from login form & check the login.
        
if (checkLogin($_POST['username'], $_POST['password']))
        {
            
show_userbox();


        } else
        {
            echo 
"Incorrect Login information !";
            
show_loginform();
        }
    } else
    {
        
// User is not logged in and has not pressed the login button
        // so we show him the loginform
        
show_loginform();
    }

} else
{
    
// The user is already loggedin, so we show the userbox.
    
show_userbox();


}
Show Login Form Function:

PHP Code:
function show_loginform($disabled false)
{

    echo 
'<form name="login-form" id="login-form" method="post" action="./index.php?'.$_SERVER['QUERY_STRING'].'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/.../register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/.../lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" '
;
    if (
$disabled == true)
    {
        echo 
'disabled="disabled"';
    }
    echo 
' /></p></form>';



Login functions:

PHP Code:
<?php

#### Login Functions #####


function isLoggedIn()
{

    if (
session_is_registered('loginid') && session_is_registered('username'))
    {
        return 
true// the user is loged in
    
} else
    {
        return 
false// not logged in
    
}

    return 
false;

}

function 
checkLogin($u$p)
{
global 
$seed// global because $seed is declared in the header.php file

    
if (!valid_username($u) || !valid_password($p) || !user_exists($u))
    {
        return 
false// the name was not valid, or the password, or the username did not exist
    
}

    
//Now let us look for the user in the database.
    
$query sprintf("
        SELECT loginid 
        FROM login 
        WHERE 
        username = '%s' AND password = '%s' 
        AND disabled = 0 AND activated = 1 
        LIMIT 1;"
mysql_real_escape_string($u), mysql_real_escape_string(sha1($p $seed)));
    
$result mysql_query($query);
    
// If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same username and password, so the login will fail.
    
if (mysql_num_rows($result) != 1)
    {
        return 
false;
    } else
    {
        
// Login was successfull
        
$row mysql_fetch_array($result);
        
// Save the user ID for use later
        
$_SESSION['loginid'] = $row['loginid'];
        
// Save the username for use later
        
$_SESSION['username'] = $u;
        
// Now we show the userbox
        
return true;
    }
    return 
false;
}

?>