• Advertisement
Sign in to follow this  

PHP login script - Help needed

This topic is 4668 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I made a simple login script for my PHP website, and there seems to be a problem. If I enter the user and pass straight away, it works, it logins. If I enter it wrong, it doesnt login... But if I enter it wrong, then even if I enter it right after, nothing works.
session_start();

// If no session is started
if ($_SESSION['user'] == "")
{
	// Try to register the session user name and password
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];
}

// If a user name is registered
if ($_SESSION['user'] != "" && string_isvalid($_SESSION['user']))
{
	$cid = db_open();

	// Retrieve the user info
	$query = "SELECT id, password, status, timezone FROM users WHERE username = \"" . $_SESSION['user'] . "\"";
	$result = db_query($cid, $query);
	$row = db_fetch_row($result);
	$userid   = $row[0];
	$password = $row[1];
	$status   = $row[2];
	$timezone = $row[3];

	// If the password does not match
	if ($_SESSION['pass'] != $password)
	{
		// Reset the session user and password
		$_SESSION['user'] = "";
		$_SESSION['pass'] = "";
	}
	else
	{
		// Add the user status and timezone to the session info
		$_SESSION['userid']   = $userid;
		$_SESSION['status']   = $status;
		$_SESSION['timezone'] = $timezone;
	}

	db_close($cid);
}
else
{
	// Reset the session user and password
	$_SESSION['user'] = "";
	$_SESSION['pass'] = "";
}

// If no user is logged in
if ($_SESSION['user'] == "")
{
	// Set default user options
	$_SESSION['status']   = STATUS_GUEST;
	$_SESSION['timezone'] = SERVER_TIME_ZONE;
}


The string_isvalid() function just verifies that the string is alphanumerical. My db functions are just wrappers for the mysql functions, and I know they work correctly.

Share this post


Link to post
Share on other sites
Advertisement
I dont know what the problem is but to help discover the bug I would output the values for $_POST['user'] and $_SESSION['user'] after session_start(). Perhaps they do not have the expected values?

Share this post


Link to post
Share on other sites
Well, I got things to work better by using PHP's isset() and unset() functions... But it still behaves oddly. When I login, I can click a link (to go to another page), and it will stay logged in, and I can click a second link... But when I follow a third link, the damn thing logs me off!

This is quite annoying, and I'm beggining to dislike all the lame quirks of PHP.

My modified login script:

Quote:

// If no session is started and a login was posted
if (!isset($_SESSION['user']) && isset($_POST['user']) && $_POST['user'] != "" && string_isvalid($_POST['user']))
{
// Register the session user name and password
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
}

// If a user name is registered
if (isset($_SESSION['user']))
{
$cid = db_open();

// Retrieve the user info
$query = "SELECT id, password, status, timezone FROM users WHERE username = \"" . $_SESSION['user'] . "\"";
$result = db_query($cid, $query);
$row = db_fetch_row($result);
$userid = $row[0];
$password = $row[1];
$status = $row[2];
$timezone = $row[3];

// If the password does not match
if ($_SESSION['pass'] != $password)
{
// Reset the session user and password
unset($_SESSION['user']);
unset($_SESSION['pass']);
}
else
{
// Add the user status and timezone to the session info
$_SESSION['userid'] = $userid;
$_SESSION['status'] = $status;
$_SESSION['timezone'] = $timezone;
}

db_close($cid);
}

// If no user is logged in
if (!isset($_SESSION['user']))
{
// Set default user options
$_SESSION['userid'] = -1;
$_SESSION['status'] = STATUS_GUEST;
$_SESSION['timezone'] = SERVER_TIME_ZONE;
}

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement