SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    User has to log in twice - please help

    Hi,

    I am having an issue in IE8 where the user has to log in twice to get access to a restricted zone.

    It used to happen in Firefox 4, but seems to have gone now with the update.

    Can anyone let me know why this is happening please?

    Any help greatly appreciated.


    Code HTML4Strict:
    <div id="login">  
     
    <h2 class="white">Customer Login</h2>
     
     
    	<div class="margin">
    	<form name="login_form" method="post" action="log.php?action=login">
    	Login:<br /> <input type="text" name="user"><br />
    	Password: <br /><input type="password" name="pwd"><br />
     
        <p class="submit">
    	<input type="submit" value="Submit" name="submit" class="submit" />
    	</p>
    	</form>
     
        <p>Not registered? <br />If you are a customer please <a href="register.html" class="links">Register</a></p>
    	</div>
     
     
    </div>
    </div>




    Code PHP:
    <?php
     
    	$hostname = "my_ip";
    	$username = "username";
    	$password = "pass";
    	$database = "db";
     
    	$link = MYSQL_CONNECT($hostname,$username,$password);
     
    	mysql_select_db($database);	
    ?>
     
    <?
    session_name("MyWebsiteLogin");
    session_start();
     
    if($_GET['action'] == "login") {
    $conn = mysql_connect("my_ip","db","pass");
    $db = mysql_select_db("db"); //Your database name goes in this field.
    $name = $_POST['user'];
    $q_user = mysql_query("SELECT * FROM customer WHERE username='$name'");
     
    ?>
     
    <?
                   $insert_query = ("INSERT INTO login(username) VALUES ('$name');");
                   mysql_query($insert_query) or die('Error, insert query failed');
     
    ?>
     
    <?
    if(mysql_num_rows($q_user) == 1) {
     
    $query = mysql_query("SELECT * FROM customer WHERE username='$name'");
    $data = mysql_fetch_array($query);
    if($_POST['pwd'] == $data['password']) {
    session_register("name");
    header("Location: http://mysite.com/access.html"); // This is the page that you want to open if the user successfully logs in to your website.
    exit;
    } else {
    header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
    exit;
    }
    } else {
    header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
    exit;
    }
    }
     
    // if the session is not registered
    if(session_is_registered("name") == false) {
    header("Location: login.php");
    }
    ?>

  2. #2
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    73 Post(s)
    Tagged
    0 Thread(s)
    first impulse is to say 'dont use session_register' (deprecated). Same goes for session_is_registered. replace with $_SESSION['name'] = $data['username'] or whatever your field is called, and if(!isset($_SESSION['name']))

    second impulse is to say dont use the header for successful logins. You're already including this file in every pageload. You want them to see log.php when they log in, so dont redirect them anywhere.

  3. #3
    Non-Member bronze trophy
    Join Date
    Nov 2009
    Location
    Keene, NH
    Posts
    3,760
    Mentioned
    23 Post(s)
    Tagged
    0 Thread(s)
    Yeah, I'm with Starlion on this -- my question would be why all the redirects when you could just do an include instead. That's really not a great way of building a site -- if for no other reason than the extra handshake involved for nothing.

    Seems needlessly complex for something simple.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •