[PHP] authentication issue...

Fri, 28 May 2010 18:45:22 -0700 

Hey Everyone,
So I'm sitting here on a friday night trying to figure out how in the world I'm going to fix an issue that should probably be simple to me but is escaping me at the moment.... 

Take this authentication function:

<?PHP

 function authentication($authUser, $authPass, $cfgtableAuth){

        // Keep in mind, PASSWORD has meaning in MySQL
        // Do your string sanitizing here
        // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
        $authUser = mysql_real_escape_string($_POST['txtUser']);
        $authPass = mysql_real_escape_string($_POST['txtPass']);
        $md5pass = md5($authPass);


            $loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE  
userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;";



            $loginResult = mysql_query($loginQuery) or die("Wrong  
data supplied or database error"  .mysql_error());

            $row1 = mysql_fetch_assoc($loginResult);
                if($row1['access'] == "5000000"){
                    foreach (array_keys($_SESSION) as $key)
                        unset($_SESSION[$key]);

                        die('account disabled');
                }

                if(is_array($row1)){


                    $_SESSION['userInfo'] = array( "userLogin" =>  
$row1['userName'], "loggedin" => TRUE, "userName" =>  
$row1['userName'], "userPermission" => $row1['userPermission']);



                    error_log("User has logged in: ".  
$row1['userLogin']);


                }else{
                        //$_SESSION['userInfo'] =array("loggedin" => FALSE);
                        die('authentication failed');

                }
                return TRUE;

        }

?>

Here is how I am displaying the login form:

<?PHP
session_start();

$link = dbconnect($server, $username, $password, $database);

$page = $_GET['page'];

echo <<<CSS
    <body>
    <div class="contentwrapper">

CSS;
include("nav.php");

if ($_SESSION['userInfo']['loggedin'] == TRUE) {

MAIN PAGE DISPLAY HERE

}else{

        //Display login info
echo <<<FORM
    <div class="dark">
        <form method="post">
                <p>
                        You must login to proceed!<BR />
                        User Name: <input type="text" size="20" name="txtUser"><BR 
/>
                        Password: <input type="password" size="20" 
name="txtPass"><BR />
                        <input type="submit" value="Login"><BR />
                </p>
        </form>
</div>
FORM;

if(isset($_POST['txtUser'])) {
$authUser = $_POST['txtUser'];
$authPass = $_POST['txtPass'];
$auth = authentication($authUser, $authPass, $cfgtableAuth);

}

}

?>


Now... the authentication actually works, and it logs me in properly,  
but I have to click the login button twice.... Ideally I should just  
do it once, so I'm wondering if anyone can spot my grievous misstep  
here?



Thanks in advance for the help and pointers I am bound to receive from  
this list! :)






--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php























					Reply via email to