On Sat, 2010-05-29 at 07:40 -0400, Floyd Resler wrote:
> On May 28, 2010, at 9:43 PM, Jason Pruim wrote:
>
> > Hey Everyone,
> >
> > So I'm sitting here on a friday night trying to figure out how in
> > the world I'm going to fix an issue that should probably be simple
> > to me but is escaping me at the moment....
> >
> > Take this authentication function:
> >
> > <?PHP
> >
> > function authentication($authUser, $authPass, $cfgtableAuth){
> >
> > // Keep in mind, PASSWORD has meaning in MySQL
> > // Do your string sanitizing here
> > // (e.g. - $user = mysql_real_escape_string($_POST['user']);)
> > $authUser = mysql_real_escape_string($_POST['txtUser']);
> > $authPass = mysql_real_escape_string($_POST['txtPass']);
> > $md5pass = md5($authPass);
> >
> > $loginQuery = "SELECT * FROM {$cfgtableAuth} WHERE
> > userLogin='".$authUser."' AND userPass='".$md5pass."' LIMIT 0,1;";
> >
> > $loginResult = mysql_query($loginQuery) or die("Wrong
> > data supplied or database error" .mysql_error());
> > $row1 = mysql_fetch_assoc($loginResult);
> > if($row1['access'] == "5000000"){
> > foreach (array_keys($_SESSION) as $key)
> > unset($_SESSION[$key]);
> >
> > die('account disabled');
> > }
> >
> > if(is_array($row1)){
> >
> > $_SESSION['userInfo'] = array( "userLogin" =>
> > $row1['userName'], "loggedin" => TRUE, "userName" =>
> > $row1['userName'], "userPermission" => $row1['userPermission']);
> >
> > error_log("User has logged in: ".
> > $row1['userLogin']);
> >
> > }else{
> > //$_SESSION['userInfo'] =array("loggedin" => FALSE);
> > die('authentication failed');
> >
> > }
> > return TRUE;
> >
> > }
> >
> > ?>
> >
> > Here is how I am displaying the login form:
> >
> > <?PHP
> > session_start();
> >
> > $link = dbconnect($server, $username, $password, $database);
> >
> > $page = $_GET['page'];
> >
> > echo <<<CSS
> > <body>
> > <div class="contentwrapper">
> >
> > CSS;
> > include("nav.php");
> >
> > if ($_SESSION['userInfo']['loggedin'] == TRUE) {
> >
> > MAIN PAGE DISPLAY HERE
> >
> > }else{
> >
> > //Display login info
> > echo <<<FORM
> > <div class="dark">
> > <form method="post">
> > <p>
> > You must login to proceed!<BR />
> > User Name: <input type="text" size="20" name="txtUser"><BR />
> > Password: <input type="password" size="20" name="txtPass"><BR />
> > <input type="submit" value="Login"><BR />
> > </p>
> > </form>
> > </div>
> > FORM;
> >
> > if(isset($_POST['txtUser'])) {
> > $authUser = $_POST['txtUser'];
> > $authPass = $_POST['txtPass'];
> > $auth = authentication($authUser, $authPass, $cfgtableAuth);
> >
> > }
> >
> > }
> >
> > ?>
> >
> > Now... the authentication actually works, and it logs me in
> > properly, but I have to click the login button twice.... Ideally I
> > should just do it once, so I'm wondering if anyone can spot my
> > grievous misstep here?
> >
> > Thanks in advance for the help and pointers I am bound to receive
> > from this list! :)
> >
>
> Your problem kind of made me laugh. Not because you're having this
> problem but because the problem you're having that you want to correct
> is something a co-worker of mine did by design. She writes in FoxPro
> and on her login page you actually have to click the login button
> twice in order to log in! She did it that way because she has a
> profile button on the login page. Still, clicking on a login button
> twice is annoying! :)
>
> Take care,
> Floyd
>
>
The problem I often see in this area is where the login check is
performed in an include file, and then included in every page, including
the login page itself. Takes a little while sometimes to figure out why
it is stuck in an eternal loop!
Thanks,
Ash
http://www.ashleysheridan.co.uk
