Hello, hopefully you can help me with this problem I'm having.
All of my pages use essentially the same login/out code so the user can log in no matter what page they are on. When they insert bad information, the page just reloads with a message that the information that their was a login error. If the user is accepted then a message displays their name and tells them they are logged in.
I wanted to make it so the login wasn't something that took you away from what you were looking at and for the most part this works.
However, when pages that I upload (the php files) are larger then 12KB the login part no longer works. Example:
Working page has 12KB I can login fine
Change the working page to make it 13KB, it no longer works
Non-working page has 13KB, login doesn't work
Take out text on the page to make it less then 12KB nonworking page now works
I'm not exactly sure why this is happening. I called up my hosting company (IIS) and they told me that it had to be a coding error.
Here is the php code I am using on every page. (only changes are redirect urls depending on which section it is)
<?php require_once('Connections/connttc.php'); ?>
<?php
if (isset($_POST['pwd'])) { $_POST['pwd'] = sha1($_POST['pwd']); }
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}
// ** Logout the current user. **
$logoutAction = $_SERVER['PHP_SELF']."?doLogout=true";
if ((isset($_SERVER['QUERY_STRING'])) && ($_SERVER['QUERY_STRING'] != "")){
$logoutAction .="&". htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_GET['doLogout'])) &&($_GET['doLogout']=="true")){
//to fully log out a visitor we need to clear the session variables
$_SESSION['MM_Username'] = NULL;
$_SESSION['MM_UserGroup'] = NULL;
$_SESSION['PrevUrl'] = NULL;
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
unset($_SESSION['PrevUrl']);
$logoutGoTo = "index.php";
if ($logoutGoTo) {
header("Location: $logoutGoTo");
exit;
}
}
$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}
if (isset($_POST['username'])) {
$loginUsername=$_POST['username'];
$password=$_POST['pwd'];
$MM_fldUserAuthorization = "access_level";
$MM_redirectLoginSuccess = "index.php";
$MM_redirectLoginFailed = "loginfail.php";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connttc, $connttc);
$LoginRS__query=sprintf("SELECT username, pwd, access_level FROM ttc_users WHERE username=%s AND pwd=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));
$LoginRS = mysql_query($LoginRS__query, $connttc) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = mysql_result($LoginRS,0,'access_level');
//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;
if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess);
}
else {
$message = "Login error. Please try again.<br />";
/*header("Location: ". $MM_redirectLoginFailed );*/
}
}
$colname_getName = "-1";
if (isset($_SESSION['MM_Username'])) {
$colname_getName = $_SESSION['MM_Username'];
}
mysql_select_db($database_connttc, $connttc);
$query_getName = sprintf("SELECT first_name, family_name FROM ttc_users WHERE username = %s", GetSQLValueString($colname_getName, "text"));
$getName = mysql_query($query_getName, $connttc) or die(mysql_error());
$row_getName = mysql_fetch_assoc($getName);
$totalRows_getName = mysql_num_rows($getName);
$_SESSION['first_name'] = $row_getName['first_name'];
$_SESSION['family_name'] = $row_getName['family_name'];
?>
Just one more note. If the user logs in on any other page (one that's smaller then 12KB php file size) they stay logged in. Also if the login information is incorrect it still displays the error. However when the page is larger it will simply appear to reload like nothing happened.
Let me know if you have any suggestions or advice.
Edit Got some help for this topic at phpfreaks.com. It seems that i needed to add
exit;
after my
header("Location: " . $MM_redirectLoginSuccess);
Thanks for taking the time to read this.
