Page 1 of 1

Login Problems

Posted: Tue Feb 22, 2005 1:28 pm
by BCVisin
I have created a website with a login at http://usoba.org/mem/memlogin.php I am using session variables to store user data. The problem I am having is that sometimes when some people try to log in, the page just appears to refresh, and they do not get to log in. I have solved this with many people by changing their cookie settings, but now I have someone who set their cookies to accept all and not even that worked. I am a little confused on how session variables are handled. Is this a problem that can be fixed?

Posted: Tue Feb 22, 2005 1:46 pm
by feyd
Please post your code.


Moved to PHP - Code.

Posted: Tue Feb 22, 2005 1:51 pm
by Buddha443556
Since I don't see a hidden value in your login form, I'm guessing your checking for the submit button? That might not work if the user hits enter in a text field instead of clicking the submit button.

To fix this insert a hidden input value and check for it instead. Like this:

Code: Select all

<input type="HIDDEN" name="form_sumitted" value="login">
<input class="button" type="SUBMIT"  name="submit" value="SUBMIT">
In this case, you would check for "form_submitted" with the value "login".

Posted: Tue Feb 22, 2005 1:54 pm
by BCVisin

Code: Select all

// Begin Function checkPass()
function checkPass($login, $password) &#123;

	global $link;
	global $mysql_prefix;

	$password = encrypt($password);
	
	$query="SELECT login, password FROM ".$mysql_prefix."users WHERE login='$login' AND password='$password' AND deleted != 1";
	$result=mysql_query($query, $link)
		or die("checkPass fatal error: ".mysql_error());
	

    if(mysql_num_rows($result)==1) &#123;
        $row=mysql_fetch_array($result);
        return $row;
    &#125;

    return false;
&#125;
// End Function checkPass()

// Begin Function cleanMemberSession()
function cleanMemberSession($login, $password, $company_name, $contact_name) &#123;

	$_SESSION&#1111;"company_name"]=$company_name;
  $_SESSION&#1111;"contact_name"]=$contact_name;
  $_SESSION&#1111;"login"]=$login;
	$_SESSION&#1111;"password"]=$password;
	$_SESSION&#1111;"loggedIn"]=true;
&#125;
// End Function cleanMemberSession()
That is the code in my functions file to check the password and clean the members section. The code in the login page is as follows:

Code: Select all

if($_POST&#1111;"submit"])
&#123;


field_validator("login name", $_POST&#1111;"login"], "alphanumeric", 4, 15);
field_validator("password", $_POST&#1111;"password"], "string", 4, 15);

$login = mysql_escape_string($_POST&#1111;"login"]);
$password= mysql_escape_string($_POST&#1111;"password"]);

	if($messages)
  &#123;
	doIndex();
	exit;
	&#125;

  if( !($row = checkPass($login, $password)) )
  &#123;
  $messages&#1111;]="Incorrect login/password, try again\n ";
  &#125;

	if($messages)
  &#123;
	doIndex();
	exit;
	&#125;


$query="SELECT * FROM ".$mysql_prefix."users WHERE login='$login' AND deleted != 1";
$result=mysql_query($query, $link);
$printforsession=mysql_fetch_array($result);

	
cleanMemberSession($row&#1111;login], $row&#1111;password], $printforsession&#1111;company_name], $printforsession&#1111;contact_name]);
	
$logins_month = $printforsession&#1111;"logins_month"] + 1;

$logins_total = $printforsession&#1111;"logins_total"] + 1;
	
  $query="UPDATE ".$mysql_prefix."users SET logins_month = '$logins_month', logins_total = $logins_total where login='$login' AND deleted = 0";
	$result=mysql_query($query, $link) or die("Died inserting login info into db.  Error returned if any: ".mysql_error());

	header("Location: memsect.php");
&#125;
else
&#123;	
doIndex();
&#125;
The doIndex function is the page before it is submitted.

Posted: Tue Feb 22, 2005 1:58 pm
by BCVisin
Ya, I was looking for the submit button. That may be the problem, but then why would changing the cookie settings fix the problem for some people?

Posted: Tue Feb 22, 2005 1:59 pm
by smpdawg
Is the session_start missing or have you just clipped it from the sample to keep it simple?

Posted: Tue Feb 22, 2005 2:03 pm
by BCVisin
Nope, never knew you needed session start.

Posted: Tue Feb 22, 2005 2:05 pm
by smpdawg
This is part of the help for session_start

Description
bool session_start ( void )

session_start() creates a session or resumes the current one based on the current session id that's being passed via a request, such as GET, POST, or a cookie.

This function always returns TRUE.

Note: If you are using cookie-based sessions, you must call session_start() before anything is outputted to the browser.

Posted: Tue Feb 22, 2005 2:07 pm
by BCVisin
Is this a cookie based session? Is it possible to create a non cookie based session?

Posted: Tue Feb 22, 2005 2:12 pm
by feyd
yes. Have a read :: http://php.net/session

Posted: Tue Feb 22, 2005 2:14 pm
by smpdawg
Yes. Look at these flags in your php.ini.

session.use_cookies
session.use_only_cookies

Posted: Tue Feb 22, 2005 2:40 pm
by Buddha443556
http://www.faqts.com/knowledge_base/vie ... /774/fid/6
I used to use the SubmitFoo method shown above until I realized that
IE5.0 does not always send the SubmitFoo name/value pair! If you have a
form with only one input element (e.g., an input box and a submit
button), and if you submit the form from IE5.0 by simply hitting
<RETURN> rather than explicitly mouse-clicking the submit button, then
the SubmitFoo value will NOT be passed to the server and the above
check will not work. You can get around this by also passing in a
hidden field called SubmitFoo with some arbitrary value. I don't know
which versions of IE5.x do this, but I see it in 5.00.2314.1003 without
fail. -Loren
Almost like being at work... no one listen to me there either. :D