I have a log in script that doesn't seem to log people in. When someone fills in their user name and password into the form I call the log in function which calls the check_login function. I also have a function called showlogin. This function displays a message to the page that tells the user whether they are logged in or not. One of the problems I am having is that when the message is displayed telling a user that they are logged in it seems to always say
I have a function that automatically logs a user in when they create a user account. After a user logs in with this function it displays the message above. If the user is not logged in it just says you are not logged in.
I use an index.php script to call my functions which are in an include file. I start a session in index.php.
When a user logs in the page that comes up is the log in page. I would like to have them go back to the referring page. Also, if a current user who is logged in goes to the log in page it shlould go to the customer form where they can edit their information. instead of going to the customer form a blank page is displayed in the browser.
This is the login function.
function login(&$xtpl, $connection, $pagesRow)
{
if (isset($_POST['loginUsername']))
$loginUsername = clean($_POST['loginUsername'], 30);
if (isset($_POST['loginPassword']))
$loginPassword = clean($_POST['loginPassword'], 8);
// Check if the user is already logged in
if (isset($_SESSION['loginUsername']))
{
// If they are, then just take them to the edit customer form
if (isset($_SESSION['referer']))
{
unset($_SESSION['referer']);
header("Location: referer");
//exit;
}
else
{
header("Location: index.php");
exit;
}
}
// Have they provided only one of a username and password?
if ((empty($loginUsername) && !empty($loginPassword)) || (!empty($loginUsername) && empty($loginPassword)))
// Register an error message
$_SESSION['message'] = "Both a username and password must be supplied.";
// Have they not provided a username/password, or was there an error?
if (!isset($loginUsername) || !isset($loginPassword) || isset($_SESSION["message"]))
createForms(&$xtpl, $connection, NULL, "index.php?form=loginForm", "Login Form", $pagesRow);
else
// They have provided a login. Is it valid?
check_login(&$xtpl, $connection, $loginUsername, $loginPassword);
}
This is the check login function.
function check_login(&$xtpl, $connection, $loginUsername, $loginPassword)
{
// Get the two character salt from the
// user-name collected from the challenge
$salt = substr($loginUsername, 0, 2);
// Encrypt the loginPassword collected from
// the challenge
$crypted_password = crypt($loginPassword, $salt);
// Formulate the SQL find the user
$query = "SELECT password FROM tbl_users
WHERE user_name = '$loginUsername'
AND password = '$crypted_password'";
// Execute the query
if (!($result = @ mysql_query($query, $connection)))
showerror();
// exactly one row? then we have found the user
if (mysql_num_rows($result) == 1)
{
// Register the loginUsername to show the user is logged in
$_SESSION['loginUsername'];
$_SESSION['loginUsername'] = $loginUsername;
// Clear any other session variables
if (isset($_SESSION['errors']))
// Delete the form errors session variable
unset($_SESSION['errors']);
if (isset($_SESSION['formVars']))
// Delete the formVars session variable
unset($_SESSION['formVars']);
// Do we need to redirect to a calling page?
if (isset($_SESSION['referer']))
{
// Then, use it to redirect
header("Location: {$_SESSION['referer']}");
// Delete the referer session variable
unset($_SESSION['referer']);
exit;
}
else
{
header("Location: index.php");
exit;
}
}
else
{
// Ensure loginUsername is not registered, so the user
// is not logged in
if (isset($_SESSION['loginUsername']))
unset($_SESSION['loginUsername']);
// Register an error message
$_SESSION['message'] = "Username or password incorrect. Login failed.";
// Show the login page
// so the user can have another go!
createForms(&$xtpl, $connection, NULL, "index.php?form=loginForm", "Login Form", $pagesRow);
exit;
}
}
