User Login Problem
Posted: Sat Feb 20, 2010 4:11 am
Hi all,
On my website, I have a login system which fails on some computers and works on some.
User registers, and my script sends them an email validation link.
Users were able to validate account.
User then tries to login, but fails. For testing purposes, for the time being I am keeping a copy of the user's password in pre-md5 encoded form. Using that, I was able to log in with their username and password, where they said they cannot log in.
In my login script, I have
and in my member's area, I have an authorisation check at the start of the page
and the following is my auth_member.php.
I am aware that to use $_SESSION variables, the user needs to enable cookies for their browser. However, I am getting user tickets telling me they couldn't log in to their account after they registered way too often - like 1 out of 3 or 4 perhaps.
I am thinking that if they are able to validate their email, they should have cookies enabled in order to login to their email accounts in the first place. Of course they could have cookies allowed for certain sites only, but if they are savvy enough to do that, they should know how to turn on cookies for my site too and not actually getting confused and sending in a ticket.
I have one user who tells me he couldn't log in that night he registered, but was able to do so the next morning.
Basically the question I have is, is there a problem with my system or is it a cookies problem (do they happen that frequently)
A perplexing problem, any thoughts?
On my website, I have a login system which fails on some computers and works on some.
User registers, and my script sends them an email validation link.
Users were able to validate account.
User then tries to login, but fails. For testing purposes, for the time being I am keeping a copy of the user's password in pre-md5 encoded form. Using that, I was able to log in with their username and password, where they said they cannot log in.
In my login script, I have
Code: Select all
session_start();
//$r is mysql fetch result
$_SESSION['SESS_MEMBER_ID'] = $r['id'];
$_SESSION['SESS_NAME'] = $r['name'];
$_SESSION['SESS_EMAIL'] = $r['email'];
Code: Select all
require_once('auth_member.php');
session_start();
//rest of the webpage
Code: Select all
session_start();
$id = $_SESSION['SESS_MEMBER_ID'];
if(!isset($id) || (trim($id) == '')) {
$action = "Cannot log in due to no SESS_MEMBER_ID";
header("location: access_denied.php");
exit();
}
I am thinking that if they are able to validate their email, they should have cookies enabled in order to login to their email accounts in the first place. Of course they could have cookies allowed for certain sites only, but if they are savvy enough to do that, they should know how to turn on cookies for my site too and not actually getting confused and sending in a ticket.
I have one user who tells me he couldn't log in that night he registered, but was able to do so the next morning.
Basically the question I have is, is there a problem with my system or is it a cookies problem (do they happen that frequently)
A perplexing problem, any thoughts?