Login script needs logging in twice..?

Gh0sT

Hey everyone,

I'm using this login script:

<?php
// grab current time
$time=time();

// handle the logout event
if ($logout == true) {
setcookie ("user", md5($_POST[user]), $time-3200);
setcookie ("pass", md5($_POST[pass]), $time-3200);
header("Location: login.php");
}

// handle validation event
if ($_POST[user] && $_POST[pass]) {
$userprefs = "../users/crew/".$_POST[user].".txt";
if (file_exists($userprefs)) {
$prefs = fopen($userprefs, "r");
$contents = fread($prefs, 1000);
$theprefs = explode("|", $contents);
list($username, $email, $password, $occupation) = $theprefs;
fclose($prefs);
if ($_POST[user]==$username && $_POST[pass]==$password) {
  setcookie ("user", md5($_POST[user]), $time+3200);
  setcookie ("pass", md5($_POST[pass]), $time+3200);
  header("Location: login.php");
} else { $login_error= true; }
} else { $login_error= true; }
}

// handle login event, both successful and erroneous, or show login screen
if ($login_error == true) { ?>
<br>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
  <tr>
    <td width="33%">&nbsp;</td>
    <td width="33%" bordercolor="#FF9900" style="border: 1px solid #FF9900">
    <p align="center"><b><br>
    Login Fout</b></p>
    <hr>
    <p align="center">Username or password <b>incorrect</b><br>
    <br>
    <a href=login.php style="text-decoration: none">Back</a>
    <br>
    &nbsp;</td>
        <td width="34%">&nbsp;</td>
  </tr>
</table>
<?
} elseif ($_COOKIE[user] == md5($username) && $_COOKIE[pass] == md5($password)) { header("Location: admin.php");
} else {
?>
<form action="login.php" method=post>
<br>
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
  <tr>
    <td width="33%">&nbsp;</td>
    <td width="33%" bordercolor="#FF9900" style="border: 1px solid #FF9900">
    <p align="center"><b><br>
    Crew Login</b></p>
    <hr>
    <p align="center">Username<br>
    <input type="text" id="username" name="user" size="20"><br>
    <br>
    Password<br>
    <input type="password" id="password" name="pass" size="20"><br>
    <br>
    <input type="submit" value="Login" name="B3" style="color: #666666; font-weight: bold; border: 1px solid #FF9900; background-color: #FFFFFF"><br>
    &nbsp;</td>
        <td width="34%">&nbsp;</td>
  </tr>
</table>
</form>
<?
}
?>

It works pretty well, actually, but there is one minor problem that just irritates me:
When I log in with the correct username and password, stored in "../users/crew/".$_POST[user].".txt"; the login script reloads and asks me for the username and password again. If I then enter the correct data, the login succeeds and I get redirected to the admin.php page.

I'm guessing this has something to do with the cookie handling, but I just can't seem to figure it out. Refreshing the page doesn't help either..

Thanks in advance,
Gh0sT

Kudose

You may want to make sure that you are loading the cookie and writing the cookie from the same spot.

In example, if you login via website.com and the cookie is written for www.website.com, then you should be able to login, but when you visit www.website.com, you will need to login again.

Much like how you can't carry sessions across protocols. HTTP to HTTPS and all.

Gh0sT

Hi,

thanks for replying. I'm not quite sure what you mean. As the cookies are written and read in the same script, I presume they are read and written from the same location, or am I mistaking?

Could you give me a small example of your explanation, please?

Thanks,
Gh0sT