2 Replies - 575 Views - Last Post: 11 February 2013 - 07:08 AM Rate Topic: -----

#1 jeansymolanza  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 77
  • Joined: 20-February 08

First attempt to login is rejected but second attempt succeeds

Posted 11 February 2013 - 06:46 AM

I am currently having problems with my login - the first attempt to login is always rejected but the second attempt succeeds. Any idea how I can resolve this?

login.php

if(isset($_POST['pmsubmit']))
    {
    LoginSubmit('pm', 'pmname', 'pmpass');
    }

    if (isset($_POST['tssubmit'])) {
    LoginSubmit('ts', 'dept', 'tspass');
    }

function LoginSubmit($pm_or_ts, $the_name_input, $the_pass_input)
{
  global $pdo;
    $salt = "$2a$12ehTk6%^jswam)*usnyruhst";
  $posted_name = $_POST[$the_name_input];
    $posted_pass = crypt($_POST[$the_pass_input], $salt);   
  // check if password matches the one in the table
  $query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass");
  $query->execute(array(":pass" => $posted_pass));
  // if there is a match then we log in the user
  if ($query->rowCount() > 0)
  {
    // session stuff
    $_SESSION[$the_name] = $posted_name;
      $_SESSION['id'] = $row['id'];
    // refresh page
    header( 'Location: ' . $pm_or_ts . '/index.php' ) ;
    exit;
  } 
  // if there is no match then we present the user with an error
  else
  { 
    echo '
    <script>
    $(function() {
        $( "#dialog-message" ).dialog({
      modal: true,
      buttons: {
        Ok: function() {
          $( this ).dialog( "close" );
            }
        }
        });
    });
    </script>
        <div id="dialog-message" title="Incorrect password">
        The password you have provided is incorrect.<br>Please try again.
    </div>
    ';
  }
}
?>


pm/index.php

<?php 
session_start();
setcookie("pmw", $_SESSION[$thename], time()+7200, '/');
require_once("../resources/php/connection.php");

if (empty($_SESSION[$thename]) || empty($_COOKIE['pmw']) ) {
    header("Location: ../login.php");
    exit;
}
?>


ts/index.php

<?php 
session_start();
setcookie("ts", $_SESSION[$thename], time()+7200, '/');
require_once("../resources/php/connection.php");

if (empty($_SESSION[$thename]) || empty($_COOKIE['ts']) ) {
    header("Location: ../login.php");
    exit;
}
?>


Is This A Good Question/Topic? 0
  • +

Replies To: First attempt to login is rejected but second attempt succeeds

#2 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6107
  • View blog
  • Posts: 23,657
  • Joined: 23-August 08

Re: First attempt to login is rejected but second attempt succeeds

Posted 11 February 2013 - 06:56 AM

Cross-posted
Was This Post Helpful? 0
  • +
  • -

#3 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: First attempt to login is rejected but second attempt succeeds

Posted 11 February 2013 - 07:08 AM

Hey.

Where is the actual login form?

I've got one slightly off-topic question here. When you are doing the login, your SQL query looks only for the password. This seems a little odd to me. I would have though you would want to match the password and the username. Is there a reason you do it like this?

Also, you may want to make your login function a little more "modular". I mean, instead of passing the function the names of the input fields, pass them the values of the input fields. And instead of printing Javascript inside the function to show the error, return a success value from the function and print the Javascript in the calling code. - If you do it like that, then you can reuse the login function elsewhere, even in other projects, without having to rewrite it for each one. - Ideally, you want to use functions like this:
if (!empty($_POST["login_name"]) && !empty($_POST["login_pass"])) {
    if (DoLogin($_POST["login_name"], $_POST["login_pass"])) {
        header("Location: /members_area/");
    }
    else {
        header("HTTP/1.0 403 Restricted");
        echo "<script>alert('Login failed!');</script>";
    }
}


The DoLogin() function does only one job: attempting to log the user in, and then returning whether or not that was successful. It should not have to be printing stuff based on the success as well.

This post has been edited by Atli: 11 February 2013 - 07:09 AM
Reason for edit:: Improved code example.

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1