Problem with login script stuck in a loop
Posted: Mon Sep 08, 2008 6:11 am
Hi All
I've got a problem with my login script (well, a modified one taken from a tutorial site) - when I open the script in my browser (IE 6), Rather than logging me into the site, it loops back around and displays the login field 'user' within the login form (should only display if the page is being loaded for the first time OR the user gets his user / pass combo wrong, in which case it should display again, with an error message).
Any ideas why this may be? I've read up on redirects and post / get requests and am still, sadly, stumped.
I've attempted to echo a few things to see what the browser is processing, but it seems it isn't picking up the if($_POST['action'] == "login").
Here is my code (there is a bit above it defining the database connection strings, url's and also a session_start(); bit.
Any help solving this would be immensely appreciated - i've already wasted hours on it!
I've got a problem with my login script (well, a modified one taken from a tutorial site) - when I open the script in my browser (IE 6), Rather than logging me into the site, it loops back around and displays the login field 'user' within the login form (should only display if the page is being loaded for the first time OR the user gets his user / pass combo wrong, in which case it should display again, with an error message).
Any ideas why this may be? I've read up on redirects and post / get requests and am still, sadly, stumped.
I've attempted to echo a few things to see what the browser is processing, but it seems it isn't picking up the if($_POST['action'] == "login").
Here is my code (there is a bit above it defining the database connection strings, url's and also a session_start(); bit.
Code: Select all
if($_POST['action'] == "login")
{
Echo "we've tried to login";
// check to see if the user field or pass field is empty. if so set message.
if(empty($_POST['user']) || empty($_POST['pass']))
{
// user or pass was empty. set the message text
$message = "You must enter a valid username and password!";
}
else
{
$_POST['pass'] = md5($_POST['pass']);
$test = $_POST['pass'];
echo $test;
// query the users table
$query = mysql_query("SELECT * FROM ".$cfg['usersTable']." WHERE u_mobile='".$_POST['user']."' AND u_pass='".$_POST['pass']."' LIMIT 1") or die('query failed!');
// did the query return a user
if(mysql_num_rows($query) == 1)
{
// set the session variables with the user data
while($row = mysql_fetch_assoc($query))
{
$_SESSION['auth']['ID'] = $row['u_id'];
$_SESSION['auth']['mobile'] = $row['u_mobile'];
$_SESSION['auth']['forename'] = $row['u_forename'];
$_SESSION['auth']['surname'] = $row['u_surname'];
$_SESSION['auth']['title'] = $row['u_title'];
$_SESSION['auth']['password'] = $row['u_password'];
$_SESSION['auth']['email'] = $row['u_email'];
$_SESSION['auth']['class'] = $row['u_class'];
$_SESSION['auth']['status'] = 1;
}
// login was successfull. redirect to the onSuccess location
header("Location: ".$cfg['onSuccess']);
exit();
}
else
{
// user did not exist. set the message text
$message = "<B>User does not exist.</B><br>Check your username and password.".$query."";
}
}
// do this if the logout command is set (action=logout)
}
elseif($_GET['action'] == "logout")
{
// unset the authentication session variable
unset($_SESSION['auth']);
// redirect to the onCancel location
header("Location: ".$cfg['onCancel']);
exit();
}
if($_SESSION['auth']['status'] != 1)
{
//display login form if the user isn't logged in
Echo"<form method='post' action='login.inc.php'";
Echo"<input type=hidden name='action' value='login'>";
Echo"<table align='center'>";
Echo"<tr>";
Echo"<td style='text-align:center;'>";
Echo"<table width='250'>";
if(isset($message))
{
echo "<tr><td colspan='2'>" . $message . "</td></tr>";
}
Echo"<tr>";
Echo"<td colspan='2' align='center'>Login Here</td>";
Echo"</tr>";
Echo"<tr>";
Echo"<td width='50%'>Mobile:</td>";
Echo"<td width='50%'><input type='text' name='user' value= " . $_POST['user'] . "></td>";
Echo"</tr>";
Echo"<tr>";
Echo"<td width='50%'>Password:</td>";
Echo"<td width='50%'><input type='password' name='pass'><td>";
Echo"</tr>";
Echo"<tr>";
Echo"<td colspan=2 align=center>";
Echo"<input type='submit' value='login'>";
//Echo"<input type='button' value='Cancel' onClick='window.location=" . $cfg['onCancel'] . ">";
Echo"</td>";
Echo"</tr>";
Echo"</table>";
Echo"</form>";
exit;
}
?>