Login script requires two attempts

I think the problem is you've took a longer, more complex route than necessary. It would be easier just to simply strip the script right down to all that is completely necessary.

Login.php

<?
session_start();
$username = $_SESSION['username'];
if ($_GET['msg'] == "incorrect") {
$msg='<p>Login Failed! Please make sure that you enter the correct details and that you have activated your account.</p>';
}
?>
<? if (!isset($_SESSION['authenticated'])) { ?>
<? echo $msg; ?>
<p>Please enter your name and password to login</p>  
        <!-- start sign up form -->  
        <form action="functions.php" method="post">  
            <div>
                <label for="name">Name:</label>  
                <input type="text" name="username" value="" />
            </div>
            <div>
                <label for="password">Password:</label>
                <input type="password" name="password" value="" />
            </div>
   Remember Me: <input type="checkbox" name="rememberme" value="1"><br>


 
            <div><input type="submit" name="submit" class="submit_button" value="Login" /></div>
        </form>  
<a href="http://www.example.com/forgot.php">Forgot Password?</a><br>
<a href="http://www.example.com/register.php">Register here</a>
<? } else { ?>
<div align="center">
You are already logged in as: <? echo $username; ?>, <a href="logout.php">Logout</a>
</div>
<? } <?

Code (markup):

Functions.php

<?
session_start();

if(isset($_POST['submit']) && isset($_POST['username']) && !empty($_POST['username']) && isset($_POST['password']) && !empty($_POST['password']))
{  
    $link = mysql_connect('' '' '') or die('Could not connect: ' . mysql_error()); 
    mysql_select_db('') or die(mysql_error()); 
 
    $username = mysql_real_escape_string($_POST['username']);  
    $password = mysql_real_escape_string($_POST['password']);  


$realp = md5($password);
 
    $sql="SELECT * FROM `users` WHERE `username`='".$username."' AND `password`='".$realp."' AND `active` IS NULL";
    $search = mysql_query($sql) or die(mysql_error());  
    $match  = mysql_num_rows($search); 

if($match==1)
{
$_SESSION['authenticated'] = 1 ;
$_SESSION['username']=$_POST['username']; 
$_SESSION['password']=$_POST['password'];
    


if (isset($_POST['rememberme'])) {
            /* Set cookie to last 1 year */
setcookie('username', $_POST['username'], time()+60*60*24*365, 'www.example.com');
setcookie('password', $_POST['password'], time()+60*60*24*365, 'www.example.com');
        } else {
            setcookie('username', $_POST['username'], false, 'www.example.com');
            setcookie('password', $_POST['password'], false, 'www.example.com');
        }




    header("Location: http://example.com/index.php");
} else {
header("Location: http://example.com/login.php?msg=incorrect");
}
?>

Code (markup):

Logout.php

<?php
session_start();  

session_destroy();

$past = time() - 100;
setcookie('username', $_POST['username'], $past, 'www.example.com');
setcookie('password', $_POST['password'], $past, 'www.example.com');


if(isset($_SESSION['authenticated']))
{ 
echo 'logout unsuccessful';
 }
elseif (isset($_COOKIE['username']))
{
echo 'cookie not removed';
}
else
{
echo 'logout successful';
}


echo $_COOKIE["username"];




echo $_SESSION['authenticated'];
echo $_SESSION['username'];
echo $_SESSION['password'];
?> 
<html>
<body>
Return to <a href="index.php">home page</a>
</body>
</html>

Code (markup):

Untested, but hopefully it should work...

 

Hi thanks Poppers, I have done that but I still have the same issue, do you think there could be a problem with the way the php is set up on the server? Is there anything I should look for?

Thanks

 

I also just noticed that when logging out it echoes logout unsuccessful, so it looks as though session_destroy() is not working, does anyone know why that might be?

 

Possibly try,

session_start();
session_unset();
session_destroy();

Code (markup):

 

Fixed logout using $_SESSION = array ();

Sorry to keep posting but I think I have found the problem, but have no idea of the solution. On index.php when usermenu.php is included (below is usermenu code) it echoes old session variables however when included on myaccount.php it echoes the correct new variables but nothing changes between those pages so I do not know what is causing the issue.

<?php
session_start();  
echo $_SESSION;
echo $_SESSION['authenticated'];
echo $_SESSION['username'];
echo $_SESSION['password'];
if(isset($_SESSION['authenticated']))
{ 
?>
You are logged in as:
<? echo $username; ?>
<?
echo '<a href="http://myaccount.php">My Account</a>';
echo '<a href="http://logout.php">Log Out</a>'; }
else
{echo 'You are not currently logged in, you must <br> <a href="http://login.php">Log In</a> to see this page.'; }
 
?>

Code (markup):

Any help is very appreciated

 

I wish I could be of further assistance, but to be honest I'm stumped too.

 

Thanks Poppers, even if it hasn't solved the original issue my login script is now much tidier and more efficient than at the start!

After hours of tearing my hair out I have narrowed the problem down now: when you log in it checks with MySQL etc. and that works fine, on successful login you are directed to a page (index.php here but I have changed to see if it is a problem with index.php only but it isn't) once on that page it says you aren't logged in, however if you then click on a link on that page, whatever page you get to next the log in works, so it just takes the user one click of a link for it to work.Any ideas why this is and how to solve it?
Thanks

 

Solved it, but for future reference it works on http://www.example.com but not on http://example.com
Can't believe I didn't spot it before!

 

Oh my god, can't believe I overlooked that too! It's happened loads to me in the past, d'oh!