开发者

Making a Login Work After Cache, Cookies, etc. Have Been Cleared

问答 作者:

I am using the code below fo开发者_C百科r a user login. The first I try to login after cache / cookies, etc. have been cleared, the browser refreshes and the user name is not logged in. After that, logging in works fine.

Any idea how I can make it work the first time?

Thanks in advance,

John

index.php: 

   <?php 


        if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../index.php?username='.$username.'&password='.$password.'');} 



         require_once "header.php"; 
         include "login.php";
         require_once "footer.php";

        ?>

login.php:

<?php
if (!isLoggedIn())
{
    if (isset($_POST['cmdlogin']))
    {
        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();


        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {

        show_loginform();
    }

} else
{

    show_userbox();


}



?>

show_loginform function:

function show_loginform($disabled = false)
{

    echo '<form name="login-form" id="login-form" method="post" action="./index.php?'.$_SERVER['QUERY_STRING'].'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/.../register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/.../lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></form>';


}

EDIT: header.php includes this:

session_start();

So does that mean I'm using Sessions?

EDIT: per webbiedave's request, here are the login credential check functions I'm using:

<?php

#### Login Functions #####


function isLoggedIn()
{

    if (session_is_registered('loginid') && session_is_registered('username'))
    {
        return true; // the user is loged in
    } else
    {
        return false; // not logged in
    }

    return false;

}

function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file

    if (!valid_username($u) || !valid_password($p) || !user_exists($u))
    {
        return false; // the name was not valid, or the password, or the username did not exist
    }

    //Now let us look for the user in the database.
    $query = sprintf("
        SELECT loginid 
        FROM login 
        WHERE 
        username = '%s' AND password = '%s' 
        AND disabled = 0 AND activated = 1 
        LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
    $result = mysql_query($query);
    // If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same username and password, so the login will fail.
    if (mysql_num_rows($result) != 1)
    {
        return false;
    } else
    {
        // Login was successfull
        $row = mysql_fetch_array($result);
        // Save the user ID for use later
        $_SESSION['loginid'] = $row['loginid'];
        // Save the username for use later
        $_SESSION['username'] = $u;
        // Now we show the userbox
        return true;
    }
    return false;
}

?>

The line that is causing your page to refresh is 

if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../index.php?username='.$username.'&password='.$password.'');}

What that is doing, is when you post to the page, it redirects you back to the index page with the username and password in the url.

So does that mean I'm using Sessions?

Yes, you are using sessions. That is how you are saving your login state from page to page.

However, to answer the question, remove the line I mentioned at the beginning of the article. I cannot see where it does you any good. It simply moves the values from the $_POST array to the $_GET array, and then you still look in the $_POST array.

Edit:

Change index.php to the following:

<?php 
if($_SERVER['REQUEST_METHOD'] == "POST"){
    if (checkLogin($_POST['username'], $_POST['password'])) {
        header('Location: http://www...com/.../index.php');
    }
} 
require_once "header.php"; 
include "login.php";
require_once "footer.php";
?>

继续阅读:php

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9