Re: authentication issue...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On May 28, 2010, at 9:43 PM, Jason Pruim wrote:

Hey Everyone,

So I'm sitting here on a friday night trying to figure out how in the world I'm going to fix an issue that should probably be simple to me but is escaping me at the moment....

Take this authentication function:

<?PHP

function authentication($authUser, $authPass, $cfgtableAuth){

	// Keep in mind, PASSWORD has meaning in MySQL
	// Do your string sanitizing here
	// (e.g. - $user = mysql_real_escape_string($_POST['user']);)
	$authUser = mysql_real_escape_string($_POST['txtUser']);
	$authPass = mysql_real_escape_string($_POST['txtPass']);
	$md5pass = md5($authPass);

$loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;";

$loginResult = mysql_query($loginQuery) or die("Wrong data supplied or database error" .mysql_error());
	    $row1 = mysql_fetch_assoc($loginResult);
		if($row1['access'] == "5000000"){
                   foreach (array_keys($_SESSION) as $key)
                       unset($_SESSION[$key]);

			die('account disabled');
		}

		if(is_array($row1)){

$_SESSION['userInfo'] = array( "userLogin" => $row1['userName'], "loggedin" => TRUE, "userName" => $row1['userName'], "userPermission" => $row1['userPermission']);

error_log("User has logged in: ". $row1['userLogin']);

               }else{
			//$_SESSION['userInfo'] =array("loggedin" => FALSE);
			die('authentication failed');

		}
		return TRUE;

	}

?>

Here is how I am displaying the login form:

<?PHP
session_start();

$link = dbconnect($server, $username, $password, $database);

$page = $_GET['page'];

echo <<<CSS
   <body>
   <div class="contentwrapper">

CSS;
include("nav.php");

if ($_SESSION['userInfo']['loggedin'] == TRUE) {

MAIN PAGE DISPLAY HERE

}else{

	//Display login info
echo <<<FORM
   <div class="dark">
	<form method="post">
		<p>
                       You must login to proceed!<BR />
			User Name: <input type="text" size="20" name="txtUser"><BR />
			Password: <input type="password" size="20" name="txtPass"><BR />
			<input type="submit" value="Login"><BR />
		</p>
	</form>
</div>
FORM;

if(isset($_POST['txtUser'])) {
$authUser = $_POST['txtUser'];
$authPass = $_POST['txtPass'];
$auth = authentication($authUser, $authPass, $cfgtableAuth);

}

}

?>

Now... the authentication actually works, and it logs me in properly, but I have to click the login button twice.... Ideally I should just do it once, so I'm wondering if anyone can spot my grievous misstep here?

Thanks in advance for the help and pointers I am bound to receive from this list! :)


Your problem kind of made me laugh. Not because you're having this problem but because the problem you're having that you want to correct is something a co-worker of mine did by design. She writes in FoxPro and on her login page you actually have to click the login button twice in order to log in! She did it that way because she has a profile button on the login page. Still, clicking on a login button twice is annoying! :)

Take care,
Floyd


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux