User Login Problem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

User Login Problem

Post by siko »

Hi all,

On my website, I have a login system which fails on some computers and works on some.

User registers, and my script sends them an email validation link.

Users were able to validate account.

User then tries to login, but fails. For testing purposes, for the time being I am keeping a copy of the user's password in pre-md5 encoded form. Using that, I was able to log in with their username and password, where they said they cannot log in.

In my login script, I have

Code: Select all

 
session_start();
 
//$r is mysql fetch result
$_SESSION['SESS_MEMBER_ID'] = $r['id'];
$_SESSION['SESS_NAME'] = $r['name'];
$_SESSION['SESS_EMAIL'] = $r['email'];
 
and in my member's area, I have an authorisation check at the start of the page

Code: Select all

 
require_once('auth_member.php');
 
session_start();
 
//rest of the webpage
 
and the following is my auth_member.php.

Code: Select all

 
session_start();
 
$id = $_SESSION['SESS_MEMBER_ID'];
 
if(!isset($id) || (trim($id) == '')) {
    $action = "Cannot log in due to no SESS_MEMBER_ID";
    header("location: access_denied.php");
    exit();
}
 
I am aware that to use $_SESSION variables, the user needs to enable cookies for their browser. However, I am getting user tickets telling me they couldn't log in to their account after they registered way too often - like 1 out of 3 or 4 perhaps.

I am thinking that if they are able to validate their email, they should have cookies enabled in order to login to their email accounts in the first place. Of course they could have cookies allowed for certain sites only, but if they are savvy enough to do that, they should know how to turn on cookies for my site too and not actually getting confused and sending in a ticket.

I have one user who tells me he couldn't log in that night he registered, but was able to do so the next morning.

Basically the question I have is, is there a problem with my system or is it a cookies problem (do they happen that frequently)

A perplexing problem, any thoughts?
Last edited by siko on Sat Feb 20, 2010 4:42 am, edited 1 time in total.
jraede
Forum Contributor
Posts: 254
Joined: Tue Feb 16, 2010 5:39 pm

Re: User Login Problem

Post by jraede »

Do you start your session before defining $_SESSION['SESS_MEMBER_ID'] ?
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

Re: User Login Problem

Post by siko »

Yes I have indeed, else it wouldn't work for all computers I believe.

My bad, should have put that in the code too :P

[have edited the code in my first post]
netgoons
Forum Newbie
Posts: 7
Joined: Sat Feb 20, 2010 2:23 am
Location: New Delhi

Re: User Login Problem

Post by netgoons »

How are you using the activation link ?? is there some thing like 0/1 that get set when an user arrives on the activation page? How is that done exactly? Keeping in eye the login possible in the morning thingy.. I believe there is something wrong during the email link validation part.
siko
Forum Commoner
Posts: 37
Joined: Tue Feb 16, 2010 11:28 pm

Re: User Login Problem

Post by siko »

My email validation is done by setting a field in the database named "activation_code". The link sent to them has the code in the url and when they click it, brings them to a php page where I verify and then set their "activation_code" field to "" (nothing).

Flow of login is this:
1) Login script checks if the activation_code field is empty first
2) Then carries on to email/password checks.
3) If both are passed, then their $_SESSION gets set and redirected to members' area
4) Where I have the require_once(auth_member.php) right at the top
5) and in these cases it gets redirected to access_denied because no $_SESSION variable were set.

For non validated accounts the sytem will not tell the users that they cannot log in, but rather it will inform users specifically that their accounts are not validated.

Hmm, I do not think that is the problem either, because their activation_code fields as I view them in the database are all empty. Yet they are still having problems logging in.

The funny thing is I can login to their accounts on my comp, but they cant login at theirs. And 1 out of every 4 registrations seems a little too frequent to blame it on cookies..
Post Reply