Page 1 of 1

Problem with login script stuck in a loop

Posted: Mon Sep 08, 2008 6:11 am
by mrgooding
Hi All

I've got a problem with my login script (well, a modified one taken from a tutorial site) - when I open the script in my browser (IE 6), Rather than logging me into the site, it loops back around and displays the login field 'user' within the login form (should only display if the page is being loaded for the first time OR the user gets his user / pass combo wrong, in which case it should display again, with an error message).

Any ideas why this may be? I've read up on redirects and post / get requests and am still, sadly, stumped.

I've attempted to echo a few things to see what the browser is processing, but it seems it isn't picking up the if($_POST['action'] == "login").

Here is my code (there is a bit above it defining the database connection strings, url's and also a session_start(); bit.

Code: Select all

if($_POST['action'] == "login")
    {
    Echo "we've tried to login";
    // check to see if the user field or pass field is empty. if so set message.
    if(empty($_POST['user']) || empty($_POST['pass']))
        {
        // user or pass was empty. set the message text
        $message = "You must enter a valid username and password!";
        }
    else
        {
        $_POST['pass'] = md5($_POST['pass']);
        $test = $_POST['pass'];
        echo $test;
        // query the users table
        $query = mysql_query("SELECT * FROM ".$cfg['usersTable']." WHERE u_mobile='".$_POST['user']."' AND u_pass='".$_POST['pass']."' LIMIT 1") or die('query failed!');
        // did the query return a user
        if(mysql_num_rows($query) == 1)
            {
            // set the session variables with the user data
            while($row = mysql_fetch_assoc($query))
                {
                $_SESSION['auth']['ID']             = $row['u_id'];
                $_SESSION['auth']['mobile']         = $row['u_mobile'];
                $_SESSION['auth']['forename']       = $row['u_forename'];
                $_SESSION['auth']['surname']        = $row['u_surname'];
                $_SESSION['auth']['title']          = $row['u_title'];
                $_SESSION['auth']['password']       = $row['u_password'];
                $_SESSION['auth']['email']          = $row['u_email'];
                $_SESSION['auth']['class']          = $row['u_class'];
                $_SESSION['auth']['status']         = 1;
                }
            // login was successfull. redirect to the onSuccess location
            header("Location: ".$cfg['onSuccess']);
            exit();
            }
        else
            {
                // user did not exist. set the message text
                $message = "<B>User does not exist.</B><br>Check your username and password.".$query."";
            }
        }
 
    // do this if the logout command is set (action=logout)
    }
 
elseif($_GET['action'] == "logout")
    {
        // unset the authentication session variable
        unset($_SESSION['auth']);
        // redirect to the onCancel location
        header("Location: ".$cfg['onCancel']);
        exit();
    }
 
if($_SESSION['auth']['status'] != 1)
{
    //display login form if the user isn't logged in
    Echo"<form method='post' action='login.inc.php'";
    Echo"<input type=hidden name='action' value='login'>";
    Echo"<table align='center'>";
    Echo"<tr>";
    Echo"<td style='text-align:center;'>";
    Echo"<table width='250'>";
    if(isset($message))
        {       
            echo "<tr><td colspan='2'>" . $message . "</td></tr>";
        }
    Echo"<tr>";
    Echo"<td colspan='2' align='center'>Login Here</td>";
    Echo"</tr>";
    Echo"<tr>";
    Echo"<td width='50%'>Mobile:</td>";
    Echo"<td width='50%'><input type='text' name='user' value= " . $_POST['user'] . "></td>";
    Echo"</tr>";
    Echo"<tr>";
    Echo"<td width='50%'>Password:</td>";
    Echo"<td width='50%'><input type='password' name='pass'><td>";
    Echo"</tr>";
    Echo"<tr>";
    Echo"<td colspan=2 align=center>";
    Echo"<input type='submit' value='login'>";
    //Echo"<input type='button' value='Cancel' onClick='window.location=" . $cfg['onCancel'] . ">";
    Echo"</td>";
    Echo"</tr>";
    Echo"</table>";
    Echo"</form>";
    exit;
}
?>
Any help solving this would be immensely appreciated - i've already wasted hours on it!

Re: Problem with login script stuck in a loop

Posted: Mon Sep 08, 2008 6:19 am
by onion2k
First thing to check, is the array $cfg defined, and is there a value for the key ['onSuccess'] in it? If there isn't then a successful login will just refresh to the page it came from. There should be a line like:

Code: Select all

$cfg['onSuccess'] = "somepage.html";
Second thing to check - are sessions actually working? Stick this somewhere in the code:

Code: Select all

echo "Session Test: ".++$_SESSION['session_test'];
If you get an incrementing number each time you refresh the page then they are. If you don't then sessions aren't working and we'll need to work out why.

If both of those are ok then try commenting out the header("Location: blah"); lines and replacing them with an echo to see if the script is getting that far.

Re: Problem with login script stuck in a loop

Posted: Mon Sep 08, 2008 6:28 am
by mrgooding
Hi onion2k

Yes, there is a definition for the ['onSuccess'] key, and sessions are working (I checked using your method below, thanks).

It doesn't get as far as trying to process the login action, so for some reason the $_POST['action'] bit isn't being picked up.

I'm not sure if it's relevant to the problem, but intitially the login form is invoked as an included file on my homepage, then should (but doesn't) send the data from the login form to itself for processing, then redirect to the logged in user area.

Thanks for your assistance so far.

Re: Problem with login script stuck in a loop

Posted: Mon Sep 08, 2008 9:31 am
by mrgooding
Oh, it might be worth mentioning firefox doesn't have the same issue, so it's something to do with the way IE handles includes / header redirects perhaps? Any ideas anyone?