Login twice

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
imstupid
Forum Commoner
Posts: 84
Joined: Fri Feb 18, 2005 1:24 pm

Login twice

Post by imstupid »

hey everybody-
A while ago, i read a post from someone who developed a login script, and for some reason, users had to login twice just to make it work. The after searching for the post, I found it had no solution, so I thought i'd see if anyone else was experiencing this problem becasue it just happened to me.

Basically, I login successfully, start a session, then redirect to page 2.

On page 2, I have the typical, "if session doesn't exist, redirect to login screen" script on there. Even though I just logged in successfully, it still redirects me to the login screen. then, without refreshing the page, i'll just login again using the same username and password, and everything works fine.

Any ideas? Thanks for the help/opinions on why this happens.
User avatar
John Cartwright
Site Admin
Posts: 11470
Joined: Tue Dec 23, 2003 2:10 am
Location: Toronto
Contact:

Post by John Cartwright »

I think it would be best if you posted some code
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

Also which browser?
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Moved to PHP - Code.
imstupid
Forum Commoner
Posts: 84
Joined: Fri Feb 18, 2005 1:24 pm

Post by imstupid »

thanks for the response.
1. I've tried it on multiple browsers (firefox, ie, safari...), and they all give the same problem
i've also tried setting up the "if session doesn't exist" message to either write out "error" or a second option of the redirecting to the login screen. the printing of the word "error" allows the user to login twice and ends in a successfull entry, however the redirect method, just keeps going back to the login screen no matter how many times you login.

login script:

Code: Select all

<?PHP
connect db stuff...

$username = $_POST['username'];
$password = $_POST['password'];

$sql = "SELECT * FROM usertable WHERE username='".$username."' and password='".$password."'"; 

$result = mysql_query($sql) or die ("Couldn't get reults.");

$count = mysql_num_rows($result); 

if ($count == 1 ) {

		session_start(); 
		$_SESSION['username'] = "success"; 

		header( "Location: http://www.example.com/page2.php" );
	}
	else if ($count == 0) {
		header( "Location: http://www.example.com/login.html" );
	}
?>
And here's my page2.php:

Code: Select all

<?php 
	session_start(); 
	header("Cache-control: private"); 
	
	if ( !isset( $_SESSION['username'] ) ) {
	
	echo "error" ;
	//header( "Location: http://www.example.com/login.html" );
		exit;
	}

rest of web page here..

?>
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

a lot of browsers will ignore everything given to them when there's a redirection in the headers, including cookies.
User avatar
Buddha443556
Forum Regular
Posts: 873
Joined: Fri Mar 19, 2004 1:51 pm

Post by Buddha443556 »

imstupid
Forum Commoner
Posts: 84
Joined: Fri Feb 18, 2005 1:24 pm

Post by imstupid »

ok, I read up on the session_write_close() function, and it seems to make sense, however I've got the same problem. I set the session_write_close() on the login script like so:

Code: Select all

<?PHP
connect and sql stuff...

if ($count == 1 ) {

		session_start(); 
		$_SESSION['username'] = "success"; 
		session_write_close();
		header( "Location: http://www.example.com/page2.php" );
	}
	else if ($count == 0) {
		header( "Location: http://www.example.com/login.html" );
	}
?>
There's no reason to put the session_write_close(); on my page2.php right?

Thanks again.
kazaj
Forum Newbie
Posts: 5
Joined: Wed Sep 21, 2005 3:28 am

Post by kazaj »

i sugest you to start session at the start of the script
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

it'd be better to create the session on the previous page...
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

a side note: you might want to google sql injection.
Post Reply