grahamgr3 1 Posted April 11, 2014 Report Share Posted April 11, 2014 I built a login page from the model in this book, and for some reason, sometimes when I login it redirects me back to index.php and it doesn't log me in. Other times it logs me in just fine. Any idea what could be causing this? Here is my login page code. <?php $page_title = 'Login to your account'; include ('includes/header.html'); include ('includes/config.inc.php'); if ($_SERVER['REQUEST_METHOD'] == 'POST'){ require (MYSQL); $trimmed = array_map('trim', $_POST); if (!empty($trimmed['Email']) && filter_var($trimmed['Email'], FILTER_VALIDATE_EMAIL)){ $e = mysqli_real_escape_string($dbc, $trimmed['Email']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address, or the email you entered is invalid.</p>'; } if (!empty($trimmed['Pass'])){ $p = mysqli_real_escape_string($dbc, $trimmed['Pass']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password, or the password you entered is invalid.</p>'; } if ($e && $p){ $q = "SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL"; $r = mysqli_query($dbc, $q) or trigger_error("Query: $q\n<br /> Mysql Error:" . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1){ $_SESSION = mysqli_fetch_array($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; ob_end_clean(); header("Location: $url"); exit(); } else { echo '<p class="error">Either the username and password you entered do not match those we have on file, or you have not yet activated your account.</p>'; } } else { echo '<p class="error">Please Try Again</p>'; } mysqli_close($dbc); } ?> <div class="text"> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email: <input type="text" name="Email" /></b></p> <p><b>Password: <input type="password" name="Pass" /></b></p> <input type="submit" name="submit" value="Login!" /> </fieldset> </form> </div> <? include ('includes/footer.html'); ?> Quote Link to post Share on other sites
HartleySan 826 Posted April 11, 2014 Report Share Posted April 11, 2014 I imagine that success versus failure is a result of the DB query. Try running an email/password combo that works directly on the DB, and then run a combo that doesn't work directly on the DB, and see what happens. Quote Link to post Share on other sites
grahamgr3 1 Posted April 12, 2014 Author Report Share Posted April 12, 2014 I am not exactly sure what mean, do I login with a known username and password combination that I know is in the database, and then try and login with a username password combo that doesn't exist in the db. I just tried that and it gave an error. when I login with a good username and password that exists sometimes it logs me in, and when it doesn't it doesn't give an error, it just redirects me back to the index page. Quote Link to post Share on other sites
HartleySan 826 Posted April 12, 2014 Report Share Posted April 12, 2014 I mean, using the command line, phpMyAdmin, or whatever means you have for accessing the DB, do so, and then execute two different queries on the DB directly, checking the difference between the one that works and the one that doesn't. Quote Link to post Share on other sites
grahamgr3 1 Posted April 12, 2014 Author Report Share Posted April 12, 2014 I tried the mysql query I am using in my login.php page and it works fine, it returns the data it should. It is SELECT UserID, Fname FROM users WHERE (Email='$e' AND Pass=SHA1('$p')) AND Active IS NULL So I am guessing the problem isn't there. So where could the problem be. Like I said I don't get an error message, it just redirects me back to index.php. Sometimes it takes 2 or 3 login attempts before it works. Quote Link to post Share on other sites
Larry 433 Posted April 12, 2014 Report Share Posted April 12, 2014 I would go through that process--print out query being executed, run it using phpMyAdmin--a few times just to confirm that it reliably always returns the right value. Next, I'd add echo lines to your code (from the handling login section on) to see what lines do get executed and what ones don't. Quote Link to post Share on other sites
grahamgr3 1 Posted April 12, 2014 Author Report Share Posted April 12, 2014 Hi, exactly where do I put echo lines, on my login.php page? if it is on login.php, where on the page do I put them? And what do I echo out, would it be $_SESSION['UserID'] I just put an echo $_SESSION['UserID'] on my index.php page and tried to login. It gave me an error message saying UserID undefined index. So it looks like my session variable isn't getting set, the first time I try to login, it always takes about 2 or 3 attempts before I login successfully. What can I do to correct this. I checked on all my pages and the session_start() is at the top of every page except for the $page_title variable before it. Quote Link to post Share on other sites
Larry 433 Posted April 14, 2014 Report Share Posted April 14, 2014 Please don't start a new thread for the same problem. That's really annoying. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.