0

I am using a session variable to check if the user is logged in. But the first time you submit the login form the session variable is somehow unset, but ONLY the first time.

If I submit the login form twice it works.

Or let's say I have submitted the form twice in order to log in. Then log out. Now I only need to submit the form once to log in.

Here is the code im using to log in the user:

<?php
session_start();
define('DB_NAME', 'madsanker_dk_db');
define('DB_USER', 'madsanker_dk');
define('DB_PASSWORD', '');
define('DB_HOST', 'mysql43.unoeuro.com');

$link = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD);

if (!$link) {
 die('Could not connect: ' .mysqli_error());
}

$db_selected = mysqli_select_db( $link, DB_NAME);

if (!$db_selected) {
 die('Could not connect: ' .mysqli_connect_error());
}

$username = $_POST['username'];
$password = $_POST['password'];
$username = mysqli_real_escape_string($link,$username);
$password = mysqli_real_escape_string($link,$password);
$password = md5($password);
$sql = "SELECT * FROM mainLogin WHERE username = '$username'";

$result = mysqli_query($link, $sql);

$count=mysqli_num_rows($result);
  if($count==1){
    $row = mysqli_fetch_assoc($result);
    if ($password == $row['password']){
SETTING THE VARIABLE HERE --> $_SESSION['login'] = $username;
        echo "<script> window.location.assign('http://www.madsanker.dk'); </script>";
        return true;
    }
    else {
        echo "<script> window.location.assign('http://www.madsanker.dk/loginpage'); </script>";
        return false;
    }
}else{
    echo "<script> window.location.assign('http://www.madsanker.dk/loginpage'); </script>";
    return false;
}
mysqli_close($link);
?>

I am sure that the variable is being set the first time, because if I echo the variable and do exit(); right after it has been set it show up correctly.

The page I am redirecting to looks like this:

<?php
session_start();
$_SESSION['activePage'] = "home";
?>
<!DOCTYPE html>
<html>
    <head>
        <title>Madsanker</title>
        <link rel="stylesheet" href="main.css" name="pageStyle" type="text/css">
        <?php include "nav-bar.php"; ?>
    </head>
    <body>
        <h2>Welcome to Madsanker.dk</h2>
        <?php include "chatIframe.php" ?>
    </body>
</html>

Even if I put var_dump($_SESSION['login']); exit(); at the top of the document it says NULL the first, and the second time it displays the username correctly.

I have been trying to fix this for about an hour now and I really can see why this is not working.

benomatis
  • 5,536
  • 7
  • 36
  • 59
Mads Nielsen
  • 106
  • 1
  • 5
  • 14
  • `md5` is not a secure way to hash your passwords. Consider switching to [password_hash](http://stackoverflow.com/questions/14992367/using-php-5-5s-password-hash-and-verify-function-am-i-doing-it-right) – Machavity Apr 06 '16 at 19:41
  • 3
    try to use php `header` function to redirect instead of js `window.location.assign` when user is logged in and see the result – Sazzadur Rahman Apr 06 '16 at 19:42

1 Answers1

0

Please check if you are accessing the first time to your site without www. because the second time your are redirecting to www.madsanker.dk so the are two different domains.

Hope that helps :D

Fabricio
  • 3,248
  • 2
  • 16
  • 22