simple PHP login redirect problem

odysseusming

I'm trying to create a simple PHP login, where the user logs in on the first page (login.php), and if the login is correct, is directed to the second page (page.php). The problem with my code is that the user is required to login twice in order to be successfully taken to the second page (page.php). Here's my code:

<?php
session_start();

// Define your username and password
$username = "a";
$password = "b";

# define a redirect url
$redirect_url = "http://www.mydomain.com/page.php";

if (($_POST['txtUsername'] == $username) && ($_POST['txtPassword'] == $password)) 
     {
          $_SESSION['logged_in'] = "yes";
          header("Location: $redirect_url");
          die;
     }
?>

<h2>Please Login</h2>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
<br/>
<label for="txtUsername">Username*</label>
<br/>
  <input name="txtUsername" type="text"  id="txtUsername" size="30" />
  <br/>
<label for="txtPassword">Password*</label>
<br/>
  <input name="txtPassword" type="password"  id="txtPassword" size="30" />
<br/>
<br/>
<input name="Submit" type="submit" value="Login" />
</p>
</form>

page.php page code:

<?php
session_start();
if ($_SESSION['logged_in'] !== "yes")
     {
          header("Location: http://www.mydomain.com/login.php");
          die;
     }
?>

login successful

djjjozsi

before you check the username and password, test if the session variable has set then its value is 'Yes':

if(isset($_SESSION['logged_in'])
{          

if($_SESSION['logged_in']=='yes')
header("Location: $redirect_url"); 
}

hello, jjozsi.

odysseusming

I've tried that but it still requires me to login twice. Here's how the code reads now:

<?php
session_start();

// Define your username and password
$username = "a";
$password = "b";

# define a redirect url
$redirect_url = "http://www.mydomain.com/page.php";

if (isset($_SESSION['logged_in']) && $_SESSION['logged_in'] == "yes") {
          header("Location: $redirect_url");
}

if (($_POST['txtUsername'] == $username) && ($_POST['txtPassword'] == $password)) {
          $_SESSION['logged_in'] = "yes";
          header("Location: $redirect_url");
          die;
     }
?>
<h2>Please Login</h2>

<form name="form" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<p>
<br/>
<label for="txtUsername">Username*</label>
<br/>
  <input name="txtUsername" type="text"  id="txtUsername" size="30" />
  <br/>
<label for="txtPassword">Password*</label>
<br/>
  <input name="txtPassword" type="password"  id="txtPassword" size="30" />
<br/>
<br/>
<input name="Submit" type="submit" value="Login" />
</p>
</form>

odysseusming

I've tried that but still can't get it to work...

foyer

After loggin in, don't just modify the header. Send the user to a "login accepted page" that uses the html META tag to redirect to your page.php file.

odysseusming

I figured it out - needed to drop the "www" from my URLs.

Thanks.

bradgrafelman

Alternatively, you could use [man]session_set_cookie_param/man to set the domain of the session cookie to ".mydomain.com" to include all subdomains.

If you simply remove the "www." from your redirect header then you will cause problems for anyone using http://www.yourdomain.com to access your site, and vice versa if you don't remove it. Setting the cookie properly ensures that it will work for both types of addresses.

Either way, don't forget to mark the thread resolved (if it is).