I was wondering if anyone had a chance to take a quick peek at this code. Thanks again guys !
-Pushpinder
On Tuesday, February 17, 2004, at 10:49 AM, Pushpinder Singh wrote:
Hello Everyone,
I am making use of the following login module. However, it tells the user to login at least twice even if the username and password are correct. The data flow model is explained below :
The first 'correct' attempt will result in the user being redirected to the "logged_in.php" page.
The "logged_in.php" page is a intermediate page, which checks if a session 'validuser' exists and redirects the client to the welcome page. if the session does not exist then the user is redirected to the "Error Page" where he needs to login again.
The glitch in the above code is that in spite of entering the correct login and password, the user is redirected to the error page (via logged_in.php script ) EVERY TIME ON THE FIRST TRY. Each subsequent attempt (again assuming the correct username and password are entered) allows the users to get to the welcome screen.
Register_Globals is ON on the remote host, I would really appreciate any pointers on this one. Thanks in advance.
regards Pushpinder Singh
============================ START OF CODE ============================
<? session_start();
error_reporting(E_ALL);
if ( (isset($_POST['validuser'])) && (isset($_POST['pass'])) ) {
mysql_connect( 'localhost', 'name', 'pwd' ) or die ( 'Unable to connect to server.' );
// Select database on MySQL server mysql_select_db( 'crm' ) or die ( 'Unable to select database' );
// Formulate the query
$sql1 = "SELECT * from `admin` where user = '{$_POST['validuser']}' AND pwd = '{$_POST['pass']}'";
$result1 = mysql_query($sql1) or die ( 'ERROR ::: Database Error has occured'); $num_results = mysql_num_rows($result1); if ($num_results == 1 ) {
if(!isset($_SESSION['validuser'])){ $_SESSION['validuser'] = $_POST['validuser']; } }
else {
echo "<br><br><strong><font color=\"#ff2233\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\">WRONG PASSWORD::</ strong> Please re-enter your login and password.<br><br><br>";
}
}
?>
<html> <head> <title>ADMIN-LOGIN</title> </head>
<?
if (isset($_SESSION['validuser']))
{
//ob_start(); // buffer output
//echo "You are already logged into the system !!!";
//header ("Location: http://psg.local/~psgarcha/logged_in.php");
//ob_end_flush(); // flush output
echo "<meta http-equiv=\"refresh\" content=\"0;url=http://psg.local/~psgarcha/CRM/logged_in.php\">";
exit;
}
else {
if ( (!isset($_POST['validuser'])) || (!isset($_POST['pass'])) ) {
echo "<br><br><strong><font color=\"#ff2233\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\">NOTE::</strong> You need to enter the login and password fields. Both the fields are case-sensitive.<br><br><br>";
}
echo "
<body bgcolor=\"aaaaaa\">
<form name=\"form1\" method=\"post\" action=\"login.php\">
<table width=\"707\" border=\"1\" cellpadding=\"2\" cellspacing=\"3\" bordercolor=\"#FFFFFF\" bgcolor=\"#FFFFFF\">
<tr bgcolor=\"99ccff\">
<td colspan=\"2\"><div align=\"center\"><strong><font color=\"#FFFFFF\" size=\"2\" face=\"Verdana, Arial, Helvetica, sans-serif\"><br>
Please enter your Username and Password <br>
<br>
</font></strong></div></td>
</tr>
<tr bgcolor=\"#E7E7E7\">
<td width=\"214\"><strong><font color=\"#666666\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\">Login</font></strong></td>
<td width=\"549\"><font size=\"1\">
<input name=\"validuser\" type=\"text\" id=\"validuser\" size=\"20\">
</font></td>
</tr>
<tr bgcolor=\"#E7E7E7\">
<td><strong><font color=\"#666666\" size=\"1\" face=\"Verdana, Arial, Helvetica, sans-serif\">Password</font></strong></td>
<td><font size=\"1\">
<input name=\"pass\" type=\"password\" id=\"password\" size=\"15\">
</font></td>
</tr>
<tr bgcolor=\"#E7E7E7\">
<td height=\"24\" colspan=\"2\"><div align=\"center\">
<input type=\"submit\" name=\"Submit\" value=\"Submit\">
<input type=\"reset\" name=\"Submit2\" value=\"Reset\">
</div></td>
</tr>
</table>
</form>
";
} ?>
</body> </html>