Some pages requires re-login

Question

When I perform a action that requires a logged-in user, I sometimes have to re-login. Most of the time it happens when I login for the first time that day. After a logoff, I cannot re-created the issue.

Who as a clue what goes wrong?

At the top of my index page I have the session_start(); In the index page, I have included all other pages.

Login page:

function login_form()
{
if($_SERVER['REQUEST_METHOD'] == 'POST') {

    $qLogin = mysql_query("SELECT G_id FROM users WHERE
                G_name  = '".mysql_real_escape_string($_POST['G_name'])."' AND
                password     = '".sha1($_POST['password'])."'");

    $qActivatie = mysql_query("SELECT COUNT(G_id) FROM users, user_activaties WHERE
        users.G_name    = '".mysql_real_escape_string($_POST['G_name'])."' AND
        users.G_id             = users_activaties.users_id");

    if(mysql_result($qActivatie,0) != 0) {
        echo 'account not activated.';
    } elseif(mysql_num_rows($qLogin) == 0) {
        echo 'user name/password is not correct.';
    } else {
        $_SESSION['user']         = mysql_result($qLogin, 0);
        $_SESSION['G_name'] = $_POST['G_name'];
         header("Location: index.php?func=panel ");
        ?>
        Succesfull logged in.<a href="controlpanel.php">Click</a> 
        <?php
    }
}
?>
         <div id="login">

    <form action="<?=htmlentities($_SERVER['REQUEST_URI'])?>" method="post">
        <input type="text" name="G_name" placeholder="User"/>
        <input type="password" name="Password" placeholder="Password"/>
    <button type="submit">Login</button>
        </form>
</div>
        <?php
    }

A action which sometime requires re-login

session_start();
include("db.php");

$O_id=$_GET['O_id'];
$G_id=$_GET['G_id'];
$G_name=$_GET['G_name'];
$aanwezig=$_GET['aanwezig'];

$query = mysql_query
("INSERT INTO koppeltabel(O_id, G_id, aanwezig)
VALUES ('$O_id','$G_id', '$aanwezig')
ON DUPLICATE KEY
UPDATE aanwezig='$aanwezig' ");
mysql_query($query);
header('Location: http://www.abc.nl/new/index.php?func=option');

FYI, [you shouldn't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://php.net/manual/en/function.mysql-connect.php)? Learn about [*prepared statements*](https://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which one is best for you. — John Conde, Jul 19 '17 at 18:09
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). — John Conde, Jul 19 '17 at 18:10
Please dont __roll your own__ password hashing. PHP provides [`password_hash()`](http://php.net/manual/en/function.password-hash.php) and [`password_verify()`](http://php.net/manual/en/function.password-verify.php) please use them. And here are some [good ideas about passwords](https://www.owasp.org/index.php/Password_Storage_Cheat_Sheet) If you are using a PHP version prior to 5.5 [there is a compatibility pack available here](https://github.com/ircmaxell/password_compat) — RiggsFolly, Jul 19 '17 at 18:11
Use cookies rather than session variables to allow continuous login, session will reset if your browser is closed — pokeybit, Jul 19 '17 at 18:13
Do you have a `session_start()` in the `login.php` and if so where — RiggsFolly, Jul 19 '17 at 18:14

Some pages requires re-login

0 Answers0