magnumdirectory
asked on
PHP login page takes several attempts in order to login?
For some reason it takes many tries in order to login while using the right password and username so it has to be a mistake in code. Any ideas on how to fix that from happening?
<?php
session_start();
// connection to database excluded
$problem = FALSE;
if (isset ($_POST['submit'])) { // Check if submitted
$problem = FALSE;
// Username
if (empty ($_POST['username'])) {
$problem = TRUE;
echo 'Please enter a username!<br/>';
}
elseif (empty ($_POST['password'])) {// Password
$problem = TRUE;
echo 'Please enter a password!<br/>';
}
else
{
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die( mysql_error() );
// Validate Username and Password
if (mysql_num_rows($query) == 1) {
$_SESSION["username"] = $_POST["username"];
$_SESSION["password"] = $_POST["password"];
$_SESSION["valid_time"] = time();
header ('Location: http://www.magnumdirectory.com/cPanel');
exit();
}
else
{
$problem = TRUE;
echo 'Please enter a valid username and password.<br/>';
}
mysql_close(); // Close the database connection.
}
} // end all
?>
There's nothing wrong with the login script. Most likely your session is being garbage collected too soon. What is the path to your sessions directory? What is session.gc_maxlifetime?
ASKER
session.save_path = /var/php_sessions
session.gc_maxlifetime = 1440
session.gc_maxlifetime = 1440
The only thing that seems "odd" on the code you posted is that you are NOT checking if the user is already authenticated. If the user's session has not expired, then you should not be reauthenticating them. Simply redirect them and quit.
As of the info you provided, those are reasonable values. Out of curiousity, what do you get when you execute:
echo $_SERVER['DOCUMENT_ROOT'];
As of the info you provided, those are reasonable values. Out of curiousity, what do you get when you execute:
echo $_SERVER['DOCUMENT_ROOT'];
<?php
session_start();
$problem = FALSE;
//first check if the user is already authenticated
if( isset($_SESSION['username']) )
{
//if so, redirect him/her immediately
header("Location: http://www.magnumdirectory.com/cPanel/");
//and quit login.php right away
exit;
}
// otherwise check if submitted data - attempting authentication
elseif ( isset ($_POST['submit']) )
{
// Username
if ( empty ($_POST['username']) )
{
$problem = TRUE;
echo 'Please enter a username!<br/>';
}
// Password
elseif (empty ($_POST['password']) )
{
$problem = TRUE;
echo 'Please enter a password!<br/>';
}
else
{
// connection to database goes here
$username = mysql_real_escape_string($_POST['username']);
$password = mysql_real_escape_string($_POST['password']);
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'") or die( mysql_error() );
// Validate Username and Password
if (mysql_num_rows($query) == 1)
{
$_SESSION["username"] = $_POST["username"];
$_SESSION["password"] = $_POST["password"];
$_SESSION["valid_time"] = time();
header ('Location: http://www.magnumdirectory.com/cPanel/');
exit();
}
else
{
$problem = TRUE;
echo 'Please enter a valid username and password.<br/>';
}
mysql_close(); // Close the database connection.
}
} // end all
?>
ASKER
When I use:
echo $_SERVER['DOCUMENT_ROOT'];
I get this: /home/users/web/b422/moo.m
I tested out the code and it does seem to work a lot smoother but I think there is still a problem. I'm guessing it is the session_start(); because this is a seperate file from my login page but it is the post action of the form and the login page has session_start(); at top so would that be starting 2 sessions?
echo $_SERVER['DOCUMENT_ROOT'];
I get this: /home/users/web/b422/moo.m
I tested out the code and it does seem to work a lot smoother but I think there is still a problem. I'm guessing it is the session_start(); because this is a seperate file from my login page but it is the post action of the form and the login page has session_start(); at top so would that be starting 2 sessions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Tried that and the pages I put it on just show nothing but white space:(
look at your sessions directory. Is it empty? most likely the permissions are not right and the server is not able to write to it. If you do not have access to set the permissions on that folder contact the IT support from your host company.
ASKER
Awesome I think I got it to work by backtracking a bit with what you provided. Seems to work pretty good now. Had to add a bit more control to the login page to see if they are logged in or not and that seems to have done the trick along with the checkAuthentication file! Thanks for all the help I really appreciate it:)
ASKER
This really did the trick for the most part! I had the sessions unconstrained which seemed to cause the problem but this is the cure to the problem:) Thank you!!!
glad to help.
Once you create a session, the session file is created and stored on the webserver for later recall.
So, you should only need to create a new session in the event that one is not detected as already existing for this instance.
Open in new window