Excuse the poor title...
I'm trying to write a basic form for a login script. The user enters a username and password and presses "login". The action assigned to the form is just to refresh the same page. The page has code that checks for the username and password in $_POST and if they are there, checks credentials, creates a session ID and sets a cookie. If the login succeeds, the login section of the page should no longer be displayed.
The problem I'm having is that after I hit login, it seems like the cookie doesn't get written fast enough or something, because the subsequent read from that cookie fails. If I manually refresh my page immediately however, it has in fact successfully logged in.
// Login function, MD5 hashing would be replaced with something better
// if this were something mission critical, but as it stands I'm only
// using this as a learning tool
function login($username, $password)
{
$username = addslashes($username);
$password = md5($password);
$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password'");
if(mysql_num_rows($query) == 1)
{
$info = mysql_fetch_array($query);
$userid = $info[uid];
$sessionid = md5($userid . time());
$time = time();
setcookie ("testcookie", $sessionid, $time+3600, '/', '');
mysql_query("DELETE FROM sessions WHERE uid='$userid'");
mysql_query("INSERT INTO sessions (sessionid,uid,timestamp) VALUES('$sessionid','$userid','$time')");
return $userid;
}
else
{
return 0;
}
}
// Check the cookie and return the userid
function status()
{
$sessionid = $_COOKIE[nojunkcontest];
$oldtime = time() - 3600;
$query = mysql_query("SELECT * FROM sessions WHERE sessionid='$sessionid' AND timestamp>$oldtime");
if(mysql_num_rows($query) == 1)
{
$info = mysql_fetch_array($query);
return $info[uid];
}
return 0;
}
// Check whether to attempt login, get userid either way
if($_POST[username] !='' || $_POST[password] != '')
{
$login_status = login($_POST[username], $_POST[password]);
}
else if($_GET[logout])
{
logout();
}
unset($userid);
$userid = status();
// This is in the body of the document...
<?php
if($userid > 0)
{
echo "Logged in (<a href='?logout=1'>Logout</a>)";
}
else
{
if($login_status != '' && $login_status == 0)
{
echo "Invalid username/password combo.<br>";
}
?>
<form action = 'index.php' method ='post'>
<table border = '0' cellspacing = '5'>
<tr>
<td>Username</td>
<td><input type = 'text' name = 'username'></td>
<td>Password</td>
<td><input type = 'password' name = 'password'></td>
<td><input type = 'submit' name = 'submit' value = 'Login'></td>
</tr>
</table>
</form>
As you can see, the form action is "index.php" which is the same page where all this code resides, so it just performs a refresh. The status() function returns 0 on this refresh though, but if I refresh manually afterwards, it succeeds, which leads me to believe it's the $_COOKIE call that is failing. The login() function which I didn't include writes the cookie that status() reads from. So everything is working in that department, it's just this annoying refresh thing I can't figure out.
Any help would be appreciated, thanks.
