I am currently having problems with my login – the first attempt to login is always rejected but the second attempt succeeds. Any idea how I can resolve this?
login.php
if(isset($_POST['pmsubmit']))
{
LoginSubmit('pm', 'pmname', 'pmpass');
}
if (isset($_POST['tssubmit'])) {
LoginSubmit('ts', 'dept', 'tspass');
}
function LoginSubmit($pm_or_ts, $the_name_input, $the_pass_input)
{
global $pdo;
$salt = "$2a$12ehTk6%^jswam)*usnyruhst";
$posted_name = $_POST[$the_name_input];
$posted_pass = crypt($_POST[$the_pass_input], $salt);
// check if password matches the one in the table
$query = $pdo->prepare("SELECT * FROM db_pass WHERE pass = :pass");
$query->execute(array(":pass" => $posted_pass));
// if there is a match then we log in the user
if ($query->rowCount() > 0)
{
// session stuff
$_SESSION[$the_name] = $posted_name;
$_SESSION['id'] = $row['id'];
// refresh page
header( 'Location: ' . $pm_or_ts . '/index.php' ) ;
exit;
}
// if there is no match then we present the user with an error
else
{
echo '
<script>
$(function() {
$( "#dialog-message" ).dialog({
modal: true,
buttons: {
Ok: function() {
$( this ).dialog( "close" );
}
}
});
});
</script>
<div id="dialog-message" title="Incorrect password">
The password you have provided is incorrect.<br>Please try again.
</div>
';
}
}
?>
pm/index.php
<?php
session_start();
setcookie("pmw", $_SESSION[$thename], time()+7200, '/');
require_once("../resources/php/connection.php");
if (empty($_SESSION[$thename]) || empty($_COOKIE['pmw']) ) {
header("Location: ../login.php");
exit;
}
?>
ts/index.php
<?php
session_start();
setcookie("ts", $_SESSION[$thename], time()+7200, '/');
require_once("../resources/php/connection.php");
if (empty($_SESSION[$thename]) || empty($_COOKIE['ts']) ) {
header("Location: ../login.php");
exit;
}
?>
I think in you login.php you are not starting session and you are directly initializing the value to $_SESSION[$the_name] . So write session_start() at the beginning of the login.php file.