Login Form Not Working Properly

[grahamgr3 1]

I built a login page from the model in this book, and for some reason, sometimes when I login it redirects me back to index.php and it doesn't log me in. Other times it logs me in just fine. Any idea what could be causing this? Here is my login page code.

 

<?php

$page_title = 'Login to your account';

include ('includes/header.html');

include ('includes/config.inc.php');

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

require (MYSQL);

$trimmed = array_map('trim', $_POST);

if (!empty($trimmed['Email']) && filter_var($trimmed['Email'], FILTER_VALIDATE_EMAIL)){

$e = mysqli_real_escape_string($dbc, $trimmed['Email']);

} else {

$e = FALSE;

echo '<p class="error">You forgot to enter your email address, or the email you entered is invalid.</p>';

}

if (!empty($trimmed['Pass'])){

$p = mysqli_real_escape_string($dbc, $trimmed['Pass']);

} else {

$p = FALSE;

echo '<p class="error">You forgot to enter your password, or the password you entered is invalid.</p>';

}

if ($e && $p){

$q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL";

$r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br /> Mysql Error:" . mysqli_error($dbc));

if (@mysqli_num_rows($r) == 1){

$_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC);

mysqli_free_result($r);

mysqli_close($dbc);

$url = BASE_URL . 'index.php';

ob_end_clean();

header("Location: $url");

exit();

} else {

echo '<p class="error">Either the username and password you entered do not match those we have on file, or you have not yet activated your account.</p>';

}

} else {

echo '<p class="error">Please Try Again</p>';

}

mysqli_close($dbc);

}

 

?>

<div class="text">

<h1>Login</h1>

<p>Your browser must allow cookies in order to log in.</p>

<form action="login.php" method="post">

<fieldset>

<p><b>Email: <input type="text" name="Email" /></b></p>

<p><b>Password: <input type="password" name="Pass" /></b></p>

<input type="submit" name="submit" value="Login!" />

</fieldset>

</form>

</div>

<? include ('includes/footer.html'); ?>

[HartleySan 826]

I imagine that success versus failure is a result of the DB query.

Try running an email/password combo that works directly on the DB, and then run a combo that doesn't work directly on the DB, and see what happens.

[grahamgr3 1]

I am not exactly sure what mean, do I login with a known username and password combination that I know is in the database, and then try and login with a username password combo that doesn't exist in the db. I just tried that and it gave an error. when I login with a good username and password that exists sometimes it logs me in, and when it doesn't it doesn't give an error, it just redirects me back to the index page. 

[HartleySan 826]

I mean, using the command line, phpMyAdmin, or whatever means you have for accessing the DB, do so, and then execute two different queries on the DB directly, checking the difference between the one that works and the one that doesn't.

[grahamgr3 1]

I tried the mysql query I am using in my login.php page and it works fine, it returns the data it should. It is SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL

So I am guessing the problem isn't there. So where could the problem be.

Like I said I don't get an error message, it just redirects me back to index.php. Sometimes it takes 2 or 3 login attempts before it works.

[Larry 422]

I would go through that process--print out query being executed, run it using phpMyAdmin--a few times just to confirm that it reliably always returns the right value. 

 

Next, I'd add echo lines to your code (from the handling login section on) to see what lines do get executed and what ones don't.

[grahamgr3 1]

Hi, exactly where do I put echo lines, on my login.php page? if it is on login.php, where on the page do I put them? And what do I echo out, would it be $_SESSION['UserID']

 

I just put an echo $_SESSION['UserID'] on my index.php page and tried to login. It gave me an error message saying UserID undefined index. So it looks like my session variable isn't getting set, the first time I try to login, it always takes about 2 or 3 attempts before I login successfully. What can I do to correct this. 

 

I checked on all my pages and the session_start() is at the top of every page except for the $page_title variable before it.

[Larry 422]

Please don't start a new thread for the same problem. That's really annoying.