SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Some users having to login Twice to get to restricted area - please help

    Hi,

    I have a restricted area for customers of my work's company. This is an area where registered customers with their own user name and password can access to download manuals and technical documents etc.

    I am hearing some reports that users will have to login twice to get to the area - This happens in Chrome, IE 7/8 and some Firefox's.

    It has only happened to me once or twice. Does anyone know why this may be?

    Any help or ideas would be greatly appreciated.

  2. #2
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    What are they getting in their browser when they log in the first time?

  3. #3
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    The login form is on the index page. When they login and submit the page seems to refresh the index page ( or goes back to there).

    When they then log in again, it will take them to the restricted directory page

  4. #4
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Here is the code for the log in form. This is on the index page:

    HTML Code:
     <form name="login_form" method="post" action="log.php?action=login">
    <p>Login:<br /> <input type="text" name="user" /> </p>
          
    <p>Password: <br /><input type="password" name="pwd" />  </p>
           
    <p class="submit">
     <input type="submit" value="Submit" name="submit" class="submit" />
    </p>
    
     </form>

    Here is the PHP (log.php) (with personal details taken out):

    PHP Code:

    <?php

        $hostname 
    "IP:3306";
        
    $username "name";
        
    $password "password";
        
    $database "db_name";

        
    $link MYSQL_CONNECT($hostname,$username,$password);
        
        
    mysql_select_db($database);    
    ?>

    <?
    session_name
    ("MyWebsiteLogin");
    session_start();

    if(
    $_GET['action'] == "login") {
    $conn mysql_connect("213.171.218.228:3306","db_name","password");
    $db mysql_select_db("db_name"); //Your database name goes in this field.
    $name $_POST['user'];
    $q_user mysql_query("SELECT * FROM customer WHERE username='$name'");

    ?>

    <?
                   $insert_query 
    = ("INSERT INTO login(username) VALUES ('$name');");
                   
    mysql_query($insert_query) or die('Error, insert query failed');

    ?>

    <?
    if(mysql_num_rows($q_user) == 1) {

    $query mysql_query("SELECT * FROM customer WHERE username='$name'");
    $data mysql_fetch_array($query);
    if(
    $_POST['pwd'] == $data['password']) {
    session_register("name");
    header("Location: http://#/download/index.php?un=$name"); // This is the page that you want to open if the user successfully logs in to your website.
    exit;
    } else {
    header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
    exit;
    }
    } else {
    header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
    exit;
    }
    }

    // if the session is not registered
    if(session_is_registered("name") == false) {
    header("Location: login.php");
    }
    ?>

  5. #5
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    Without seeing the code your login form submits to, it's really a guess as to what the problem is.

    Normally, the script doing the username/password authentication will set a session variable (for login confirmation on restricted access pages) if the username/password are correct and then redirect to user to the restricted access area. If the username/password are not correct or invalid, the session variable is not created and the user is sent back to the login page. So it sounds like you have a system problem with how sessions are handled or there is a logic error in the code doing the username/password authentication. I suspect it's the latter, but without seeing your code I can't be sure.

    Edit:


    I didn't see your post with the code until I posted this post

  6. #6
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for your reply.

    Please see code above.

  7. #7
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    ok, you have at least a few issues there.

    1) session_register is deprecated and should not be used. You should be using session_start() as you have elsewhere in your code.

    2) you are attempting to start a session with session_start() and session_register() at different parts of your code. That is not correct.
    session_start() should be at the very top of your script as the first line after your opening php tag <?php.

    If the username/password are correct, then set a session variable should be set. I don't see this variable in your code. Then at the top of each page where a user needs to be logged in, first check if the session variable exists and has the correct value. If it does, then continue loading the page. If it doesn't, then abort loading the page and display a message saying the user must be logged in to view the page.

    3) You are mixing short and long php tags. That is not a good idea generally. Usually it's safer to use long php tags (<?php......?>) as short php tags can cause issues if your server is not configured correctly (but I'm not an expert on that side of things, or anything really come to think of it ).

    4) For a login script, I'm not sure why you need to insert any records like in your code.

    So to summarise, apart from the incorrect way you are attempting to start a session, you have logic errors in your code that need to be fixed.

  8. #8
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks!

    I will look into this now and will post changes.

  9. #9
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    I have tried editing this, but running into some difficulties when removing session register ().

    I have taken the last if statement out from the bottom, that is ok, as I dont think it was needed!

    When I take session_register("name"); out, or change it to session register the login does not work:


    Here is what the updated code looks like currently:


    PHP Code:
    <?php

        $hostname 
    "IP:3306";
        
    $username "user";
        
    $password "password";
        
    $database "db_name";

        
    $link MYSQL_CONNECT($hostname,$username,$password);
        
        
    mysql_select_db($database);    
    ?>

    <?php
    session_name
    ("MyWebsiteLogin");
    session_start();

    if(
    $_GET['action'] == "login") {
    $conn mysql_connect("IP:3306","user","password");
    $db mysql_select_db("db_name"); //Your database name goes in this field. 
    $name $_POST['user'];
    $ip=$_SERVER['REMOTE_ADDR'];
    $country file_get_contents('http://api.hostip.info/country.php?ip='.$ip);
    $q_user mysql_query("SELECT * FROM customer WHERE username='$name'");

    ?>

    <?php
                   $insert_query 
    = ("INSERT INTO login(username, ip, country) VALUES ('$name','$ip','$country');");
                   
    mysql_query($insert_query) or die('Error, insert query failed');

    ?>

    <?php
    if(mysql_num_rows($q_user) == 1) {

    $query mysql_query("SELECT * FROM customer WHERE username='$name'");
    $data mysql_fetch_array($query);
    if(
    $_POST['pwd'] == $data['password'])
    {
    session_register("name");
    header("Location: http://#/download/index.php?un=$name"); // This is the page that you want to open if the user successfully logs in to your website.
    exit;
    } else {
    header("Location: login.php?login=failed&cause=".urlencode('Wrong Password'));
    exit;
    }
    } else {
    header("Location: login.php?login=failed&cause=".urlencode('Invalid User'));
    exit;
    }
    }


    ?>

    Also, when I took out the insert statement the login would not work.

    Any help would be much appreciated.

  10. #10
    Non-Member Max Height's Avatar
    Join Date
    Dec 2011
    Posts
    303
    Mentioned
    6 Post(s)
    Tagged
    1 Thread(s)
    You haven't made all the changes I suggested.

    Did you write all that code or is this someone else's code you are trying to fix?

  11. #11
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It was a downloaded script by someone else and I am tasked with getting it all ironed out.

    I didn't understand what you meant with some bits that I didn't change.

    Would you mind explaining a little more about it please? I am currently just learning php at the moment, all advice would be gladly received

  12. #12
    SitePoint Wizard TheRedDevil's Avatar
    Join Date
    Sep 2004
    Location
    Norway
    Posts
    1,198
    Mentioned
    4 Post(s)
    Tagged
    1 Thread(s)
    The issue you mentioned is usually caused then the "login page" is on non SSL, and redirect the member to SSL as it log him/her in.

    If you are using SSL, make certain that the user is redirected to SSL on the login page if he enterer it without using SSL.

    For your issues with sessions, put the session_start at the top of the page right before your database login info, then remove session_name and use $_SESSION['name'] = true; instead of session_register.

    I would also recommend you to read some tutorials on PHP before continuing with your work, it will most probably make a lot more sense if you do that.

  13. #13
    SitePoint Addict Zapppa's Avatar
    Join Date
    Aug 2009
    Posts
    315
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Update!

    This has been fixed now!

    I had two duplicate files which were conflicting - one (an older log.php file) in the root directory and one in the restricted directory. I removed the one ion the root directory and kept the other in the restricted directory.

    They were causing the whole problem.

    I = noob,

    but at least I am learning.

    I also swatted up on books and videos and removed lots of garbage code that wasn't needed.

  14. #14
    SitePoint Zealot ablueman's Avatar
    Join Date
    Jun 2005
    Posts
    178
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Zapppa View Post
    Update!

    This has been fixed now!

    I had two duplicate files which were conflicting - one (an older log.php file) in the root directory and one in the restricted directory. I removed the one ion the root directory and kept the other in the restricted directory.

    They were causing the whole problem.

    I = noob,

    but at least I am learning.

    I also swatted up on books and videos and removed lots of garbage code that wasn't needed.
    Make sure you do update to put session_start(); at the very beginning of your document. The problem you had could easily be caused by this, as session_start(); Begins your session. If you are applying a name to the session prior to session_start(); Then it might only get the session name the second time around.

    It should be as close to the top of your page as you can get it.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •