Login Problems

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
BCVisin
Forum Newbie
Posts: 8
Joined: Fri Jun 11, 2004 4:39 pm

Login Problems

Post by BCVisin »

I have created a website with a login at http://usoba.org/mem/memlogin.php I am using session variables to store user data. The problem I am having is that sometimes when some people try to log in, the page just appears to refresh, and they do not get to log in. I have solved this with many people by changing their cookie settings, but now I have someone who set their cookies to accept all and not even that worked. I am a little confused on how session variables are handled. Is this a problem that can be fixed?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Please post your code.


Moved to PHP - Code.
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

Since I don't see a hidden value in your login form, I'm guessing your checking for the submit button? That might not work if the user hits enter in a text field instead of clicking the submit button.

To fix this insert a hidden input value and check for it instead. Like this:

Code: Select all

<input type="HIDDEN" name="form_sumitted" value="login">
<input class="button" type="SUBMIT"  name="submit" value="SUBMIT">
In this case, you would check for "form_submitted" with the value "login".
BCVisin
Forum Newbie
Posts: 8
Joined: Fri Jun 11, 2004 4:39 pm

Post by BCVisin »

Code: Select all

// Begin Function checkPass()
function checkPass($login, $password) &#123;

	global $link;
	global $mysql_prefix;

	$password = encrypt($password);
	
	$query="SELECT login, password FROM ".$mysql_prefix."users WHERE login='$login' AND password='$password' AND deleted != 1";
	$result=mysql_query($query, $link)
		or die("checkPass fatal error: ".mysql_error());
	

    if(mysql_num_rows($result)==1) &#123;
        $row=mysql_fetch_array($result);
        return $row;
    &#125;

    return false;
&#125;
// End Function checkPass()

// Begin Function cleanMemberSession()
function cleanMemberSession($login, $password, $company_name, $contact_name) &#123;

	$_SESSION&#1111;"company_name"]=$company_name;
  $_SESSION&#1111;"contact_name"]=$contact_name;
  $_SESSION&#1111;"login"]=$login;
	$_SESSION&#1111;"password"]=$password;
	$_SESSION&#1111;"loggedIn"]=true;
&#125;
// End Function cleanMemberSession()
That is the code in my functions file to check the password and clean the members section. The code in the login page is as follows:

Code: Select all

if($_POST&#1111;"submit"])
&#123;


field_validator("login name", $_POST&#1111;"login"], "alphanumeric", 4, 15);
field_validator("password", $_POST&#1111;"password"], "string", 4, 15);

$login = mysql_escape_string($_POST&#1111;"login"]);
$password= mysql_escape_string($_POST&#1111;"password"]);

	if($messages)
  &#123;
	doIndex();
	exit;
	&#125;

  if( !($row = checkPass($login, $password)) )
  &#123;
  $messages&#1111;]="Incorrect login/password, try again\n ";
  &#125;

	if($messages)
  &#123;
	doIndex();
	exit;
	&#125;


$query="SELECT * FROM ".$mysql_prefix."users WHERE login='$login' AND deleted != 1";
$result=mysql_query($query, $link);
$printforsession=mysql_fetch_array($result);

	
cleanMemberSession($row&#1111;login], $row&#1111;password], $printforsession&#1111;company_name], $printforsession&#1111;contact_name]);
	
$logins_month = $printforsession&#1111;"logins_month"] + 1;

$logins_total = $printforsession&#1111;"logins_total"] + 1;
	
  $query="UPDATE ".$mysql_prefix."users SET logins_month = '$logins_month', logins_total = $logins_total where login='$login' AND deleted = 0";
	$result=mysql_query($query, $link) or die("Died inserting login info into db.  Error returned if any: ".mysql_error());

	header("Location: memsect.php");
&#125;
else
&#123;	
doIndex();
&#125;
The doIndex function is the page before it is submitted.
BCVisin
Forum Newbie
Posts: 8
Joined: Fri Jun 11, 2004 4:39 pm

Post by BCVisin »

Ya, I was looking for the submit button. That may be the problem, but then why would changing the cookie settings fix the problem for some people?
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

Is the session_start missing or have you just clipped it from the sample to keep it simple?
BCVisin
Forum Newbie
Posts: 8
Joined: Fri Jun 11, 2004 4:39 pm

Post by BCVisin »

Nope, never knew you needed session start.
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

This is part of the help for session_start

Description
bool session_start ( void )

session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.

This function always returns TRUE.

Note: If you are using cookie-based sessions, you must call session_start() before anything is outputted to the browser.
BCVisin
Forum Newbie
Posts: 8
Joined: Fri Jun 11, 2004 4:39 pm

Post by BCVisin »

Is this a cookie based session? Is it possible to create a non cookie based session?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

yes. Have a read :: http://php.net/session
User avatar
smpdawg
Forum Contributor
Posts: 292
Joined: Thu Jan 27, 2005 3:10 pm
Location: Houston, TX
Contact:

Post by smpdawg »

Yes. Look at these flags in your php.ini.

session.use_cookies
session.use_only_cookies
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

http://www.faqts.com/knowledge_base/vie ... /774/fid/6
I used to use the SubmitFoo method shown above until I realized that
IE5.0 does not always send the SubmitFoo name/value pair! If you have a
form with only one input element (e.g., an input box and a submit
button), and if you submit the form from IE5.0 by simply hitting
<RETURN> rather than explicitly mouse-clicking the submit button, then
the SubmitFoo value will NOT be passed to the server and the above
check will not work. You can get around this by also passing in a
hidden field called SubmitFoo with some arbitrary value. I don't know
which versions of IE5.x do this, but I see it in 5.00.2314.1003 without
fail. -Loren
Almost like being at work... no one listen to me there either. :D
Post Reply