Making a Login Work After Cache, Cookies, etc. Have Been Cleared_问答_开发者

I am using the code below fo开发者_C百科r a user login. The first I try to login after cache / cookies, etc. have been cleared, the browser refreshes and the user name is not logged in. After that, logging in works fine.

Any idea how I can make it work the first time?

Thanks in advance,

John

index.php:

   <?php 


        if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../index.php?username='.$username.'&password='.$password.'');} 



         require_once "header.php"; 
         include "login.php";
         require_once "footer.php";

        ?>

<?php
if (!isLoggedIn())
{
    if (isset($_POST['cmdlogin']))
    {
        if (checkLogin($_POST['username'], $_POST['password']))
        {
            show_userbox();


        } else
        {
            echo "Incorrect Login information !";
            show_loginform();
        }
    } else
    {

        show_loginform();
    }

} else
{

    show_userbox();


}



?>

show_loginform function:

function show_loginform($disabled = false)
{

    echo '<form name="login-form" id="login-form" method="post" action="./index.php?'.$_SERVER['QUERY_STRING'].'"> 

    <div class="usernameformtext"><label title="Username">Username: </label></div> 
    <div class="usernameformfield"><input tabindex="1" accesskey="u" name="username" type="text" maxlength="30" id="username" /></div> 


    <div class="passwordformtext"><label title="Password">Password: </label></div> 
    <div class="passwordformfield"><input tabindex="2" accesskey="p" name="password" type="password" maxlength="15" id="password" /></div> 


    <div class="registertext"><a href="http://www...com/.../register.php" title="Register">Register</a></div> 
    <div class="lostpasswordtext"><a href="http://www...com/.../lostpassword.php" title="Lost Password">Lost password?</a></div> 

  <p class="loginbutton"><input tabindex="3" accesskey="l" type="submit" name="cmdlogin" value="Login" ';
    if ($disabled == true)
    {
        echo 'disabled="disabled"';
    }
    echo ' /></p></form>';


}

EDIT: header.php includes this:

session_start();

So does that mean I'm using Sessions?

EDIT: per webbiedave's request, here are the login credential check functions I'm using:

<?php

#### Login Functions #####


function isLoggedIn()
{

    if (session_is_registered('loginid') && session_is_registered('username'))
    {
        return true; // the user is loged in
    } else
    {
        return false; // not logged in
    }

    return false;

}

function checkLogin($u, $p)
{
global $seed; // global because $seed is declared in the header.php file

    if (!valid_username($u) || !valid_password($p) || !user_exists($u))
    {
        return false; // the name was not valid, or the password, or the username did not exist
    }

    //Now let us look for the user in the database.
    $query = sprintf("
        SELECT loginid 
        FROM login 
        WHERE 
        username = '%s' AND password = '%s' 
        AND disabled = 0 AND activated = 1 
        LIMIT 1;", mysql_real_escape_string($u), mysql_real_escape_string(sha1($p . $seed)));
    $result = mysql_query($query);
    // If the database returns a 0 as result we know the login information is incorrect.
    // If the database returns a 1 as result we know  the login was correct and we proceed.
    // If the database returns a result > 1 there are multple users
    // with the same username and password, so the login will fail.
    if (mysql_num_rows($result) != 1)
    {
        return false;
    } else
    {
        // Login was successfull
        $row = mysql_fetch_array($result);
        // Save the user ID for use later
        $_SESSION['loginid'] = $row['loginid'];
        // Save the username for use later
        $_SESSION['username'] = $u;
        // Now we show the userbox
        return true;
    }
    return false;
}

?>

The line that is causing your page to refresh is

if($_SERVER['REQUEST_METHOD'] == "POST"){header('Location: http://www...com/.../index.php?username='.$username.'&password='.$password.'');}

What that is doing, is when you post to the page, it redirects you back to the index page with the username and password in the url.

So does that mean I'm using Sessions?

Yes, you are using sessions. That is how you are saving your login state from page to page.

However, to answer the question, remove the line I mentioned at the beginning of the article. I cannot see where it does you any good. It simply moves the values from the $_POST array to the $_GET array, and then you still look in the $_POST array.

Edit:

Change index.php to the following:

<?php 
if($_SERVER['REQUEST_METHOD'] == "POST"){
    if (checkLogin($_POST['username'], $_POST['password'])) {
        header('Location: http://www...com/.../index.php');
    }
} 
require_once "header.php"; 
include "login.php";
require_once "footer.php";
?>