Need help with login code - session starts on 2nd attempt
Posted: Sun Jan 27, 2008 9:15 am
Hello. I having trouble getting this login code to work on the first attempt. This script is called login.php. When I enter a valid username and password, it posts to login.php, starts a session, and redirects back to login.php. On the first attempt, it's not recognizing the session so it goes back to the login page. On the 2nd attempt, it works fine, but it recognizes the session from the first attempt, even if I entered an invalid username and password on the 2nd attempt. I tried moving session_start(); all over the script, and still the same result... Anyone have any ideas what's missing here? Thanks.
login.php:
login.php:
Code: Select all
<?php
ob_start("ob_gzhandler");
session_start();
$e = $_SESSION['ship_email'];
echo "$e"; //for testing
?>
<html>
<head>
<SCRIPT language="JavaScript">
function submitform()
{
document.myform.submit();
}
</SCRIPT>
<link rel="stylesheet" href="http://domain.com/new/css.css" type="text/css">
<!--[if IE]><style type="text/css">@import "ie.css";</style><![endif]-->
</head>
<body>
<div align="center">
<table information...>
<?php
if(isset($_SESSION['ship_email']))
{
$e = $_SESSION['ship_email'];
?>
<div class="header">
<ul>
<li><a href="http://domain.com/new">Home</a></li>
<li><a href="http://domain.com/new/index.php?page=products">Products</a></li>
</table>
<?php
require_once('mysqladmin.php');
$query = "SELECT * FROM cust WHERE ship_email='$e'";
$result = mysql_query($query);
$num = mysql_num_rows($result);
$row = mysql_fetch_array($result, MYSQL_NUM);
echo "Welcome $row[4] $row[5]";
}
else if(isset($_POST['login_submit'])) //form has just been submitted
{
require_once('mysqladmin.php');
if(empty($_POST['user']))//if email is not entered
{
$ship_email = FALSE;
echo '<B><P ALIGN=RIGHT>YOU FORGOT TO ENTER YOUR EMAIL!</p></B>';
}
else// email is entered, parse it
{
$ship_email = $_POST['user'];
}
if(empty($_POST['password']))//if password is not entered
{
$p = FALSE;
echo '<P ALIGN=RIGHT><B>YOU FORGOT TO ENTER A PASSWORD!</B></P>';
}
else //password entered, parse it
{
$p = $_POST['password'];
}
if($ship_email && $p)//username and password are OK - QUERY DATABASE
{
$query = "SELECT * FROM cust
WHERE ship_email='$ship_email' AND password=PASSWORD('$p')";
$result = @mysql_query($query);
$row = mysql_fetch_array($result, MYSQL_NUM);
if($row)
{
session_start();
$_SESSION['ship_email'] = $row[15];
$e = $_SESSION['ship_email'];
?>
<table>
<div class="header">
<ul>
<li><a href="http://domain.com/new">Home</a></li>
<li><a href="http://domain.com/new/index.php?page=products">Products</a></li>
</div>
</table>
<META HTTP-EQUIV="Refresh" CONTENT="3;
URL=http://www.domain.com/new/login.php">
<?php
echo "$e"; //for testing
ob_end_flush();
}//if($row)
else// username and password are not found in the database
{
echo '<P ALIGN=RIGHT><B>THE USERNAME-PASSWORD DO NOT MATCH OUR DATABASE!</B></P>';
}
}//if($ship_email && $p)
else
{
echo '<P ALIGN=RIGHT><B>PLEASE TRY AGAIN!</B></P>';
}
mysql_close();
}//if(isset($_POST['login_submit']))
?>
else
{
?>
<div class="header">
<ul>
<li><a href="http://domain.com/new">Home</a></li>
<li><a href="http://domain.com/new/index.php?page=products">Products</a></li>
</div>
</table>
<table>
<tr>
<form name="myform" action="http://domain.com/new/login.php" method="post">
<td>Email address:</td>
<td></td>
<td><p class="regbox">
<input type="Text" name="user" value="" size="70" /></td>
</tr>
<tr>
<td><p class="regbox">
<input type="password" name="password" value="" size="70" /></td>
</tr>
<tr>
<td><a href="javascript: submitform()">
<input type="hidden" name="login_submit" value="Login">Login</td>
</tr>
<?php
}
?>
</div>
</body>
</html>