Sign in to follow this  

PHP login script - Help needed

This topic is 4594 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

I made a simple login script for my PHP website, and there seems to be a problem. If I enter the user and pass straight away, it works, it logins. If I enter it wrong, it doesnt login... But if I enter it wrong, then even if I enter it right after, nothing works.
session_start();

// If no session is started
if ($_SESSION['user'] == "")
{
	// Try to register the session user name and password
	$_SESSION['user'] = $_POST['user'];
	$_SESSION['pass'] = $_POST['pass'];
}

// If a user name is registered
if ($_SESSION['user'] != "" && string_isvalid($_SESSION['user']))
{
	$cid = db_open();

	// Retrieve the user info
	$query = "SELECT id, password, status, timezone FROM users WHERE username = \"" . $_SESSION['user'] . "\"";
	$result = db_query($cid, $query);
	$row = db_fetch_row($result);
	$userid   = $row[0];
	$password = $row[1];
	$status   = $row[2];
	$timezone = $row[3];

	// If the password does not match
	if ($_SESSION['pass'] != $password)
	{
		// Reset the session user and password
		$_SESSION['user'] = "";
		$_SESSION['pass'] = "";
	}
	else
	{
		// Add the user status and timezone to the session info
		$_SESSION['userid']   = $userid;
		$_SESSION['status']   = $status;
		$_SESSION['timezone'] = $timezone;
	}

	db_close($cid);
}
else
{
	// Reset the session user and password
	$_SESSION['user'] = "";
	$_SESSION['pass'] = "";
}

// If no user is logged in
if ($_SESSION['user'] == "")
{
	// Set default user options
	$_SESSION['status']   = STATUS_GUEST;
	$_SESSION['timezone'] = SERVER_TIME_ZONE;
}


The string_isvalid() function just verifies that the string is alphanumerical. My db functions are just wrappers for the mysql functions, and I know they work correctly.

Share this post


Link to post
Share on other sites
I dont know what the problem is but to help discover the bug I would output the values for $_POST['user'] and $_SESSION['user'] after session_start(). Perhaps they do not have the expected values?

Share this post


Link to post
Share on other sites
Well, I got things to work better by using PHP's isset() and unset() functions... But it still behaves oddly. When I login, I can click a link (to go to another page), and it will stay logged in, and I can click a second link... But when I follow a third link, the damn thing logs me off!

This is quite annoying, and I'm beggining to dislike all the lame quirks of PHP.

My modified login script:

Quote:

// If no session is started and a login was posted
if (!isset($_SESSION['user']) && isset($_POST['user']) && $_POST['user'] != "" && string_isvalid($_POST['user']))
{
// Register the session user name and password
$_SESSION['user'] = $_POST['user'];
$_SESSION['pass'] = $_POST['pass'];
}

// If a user name is registered
if (isset($_SESSION['user']))
{
$cid = db_open();

// Retrieve the user info
$query = "SELECT id, password, status, timezone FROM users WHERE username = \"" . $_SESSION['user'] . "\"";
$result = db_query($cid, $query);
$row = db_fetch_row($result);
$userid = $row[0];
$password = $row[1];
$status = $row[2];
$timezone = $row[3];

// If the password does not match
if ($_SESSION['pass'] != $password)
{
// Reset the session user and password
unset($_SESSION['user']);
unset($_SESSION['pass']);
}
else
{
// Add the user status and timezone to the session info
$_SESSION['userid'] = $userid;
$_SESSION['status'] = $status;
$_SESSION['timezone'] = $timezone;
}

db_close($cid);
}

// If no user is logged in
if (!isset($_SESSION['user']))
{
// Set default user options
$_SESSION['userid'] = -1;
$_SESSION['status'] = STATUS_GUEST;
$_SESSION['timezone'] = SERVER_TIME_ZONE;
}

Share this post


Link to post
Share on other sites

This topic is 4594 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this