I had a bit of a fiddle with the index2.php code, as it seemed to me there must be some logic breakdown for the login not to be working. The code from index.php and validate.inc.php wasn't obviously problematic.
In index2.php, lines 42-46, there is a routine that recalls the validate function
// validate the user's username and password, and formard to login page if invalid
I was a bit puzzled why you would re-do this when index.php seems to be validating the username and password and then forwarding to index2.php.
Also, the statement
didn't seems right to me.
So, I commented out all the code and can logon with the correct username and password. Logon is also blocked if the wrong username/password combination is used. So, at the level of brief testing, this bit of code seems to be the problem and deleting it fixes the problem. I don't know if there is some permissions consequence yet, but I can't see why there should be from the code.
I also rewrote the code as follows:
and this worked just as well as removing the code block entirely.
So, I hope that is helpful for people who might have this problem. I will run my system with the code commented out for now and see how it functions.
I would appreciate it if any code gurus could let me know if this will cause some fatal flow-on error in the OCS system, though I can't see it.
Cheers for now. And merry Xmas