Page 1 of 2

Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 10:54 am
by simonmlewis
Hello.

This user's email and password are correct.
The "datejoined" entry is 2009-07-24, and the system date (changed laptop date for testing) is 2009-09-11.

In theory, they should be passed to the subscribe.php page, but they pass through this page successfully. Oddly, they are refused on the following page, for which I have no idea. But thing is, they should NOT be passed beyond this page. They should hit subscribe.php.

Any ideas??

Code: Select all

<?php
include "dbconn.php";
$email=mysql_real_escape_string($_POST["email"]);
$password=mysql_real_escape_string($_POST["password"]);
$result = mysql_query ("SELECT * FROM dxusers WHERE email = '$email' AND password = '$password'");
 
$num_row = mysql_num_rows($result);
if (mysql_num_rows($result)==0) 
 
{ echo "<meta http-equiv='Refresh' content='0 ;URL=index.html'>";}
 
elseif (mysql_num_rows($result)!=0)
{
while ($row = mysql_fetch_object($result)) 
    {
  $today = (date('Y-m-d'));
  $regdate = strtotime("$row->datejoined");
  $regdatecomplete = date( "Y-m-d", ($regdate) );
 
  $subDateMicrotime = strtotime($regdatecomplete);
  $fortnight = date( "Y-m-d", ($subDateMicrotime + (86400*14)) );
    
  $year = substr("$row->subscribed",-10,4);
  $month = substr("$row->subscribed",-5,2);
  $day = substr("$row->subscribed",-2,2);
  
  $sysyear = substr("$today",-10,4);
  $sysmonth = substr("$today",-5,2);
  $sysday = substr("$today",-2,2);
    
  $endyear = $year;
  $endmonth = ($month + 1);
  $endday = $day;
  
  if 
  (
  ($month == "08" && $sysmonth == "08") || 
  ($today <= $fortnight) || 
  ($sysyear >= $endyear && $sysmonth <= $endmonth && $sysday >= $endday)
  )
{
$user = "$row->firstname&nbsp;" . "$row->lastname";
setcookie("user", $user, time()+13600);
setcookie("firstname", $row->firstname, time()+13600);
setcookie("lastname", $row->lastname, time()+13600);
setcookie("email", $email, time()+13600);
setcookie("userid", $row->id, time()+13600);
setcookie("type", $row->type, time()+13600);
 
if ($row->type == "admin") 
{
echo "<meta http-equiv='Refresh' content='0 ;URL=index.php?page=home&menu=home&title=welcome'>";
}
 
elseif ($row->type == "user") 
{
echo "<meta http-equiv='Refresh' content='0 ;URL=index.php?page=home&menu=home&title=welcome'>";
}
}
else
{ echo "<meta http-equiv='Refresh' content='0 ;URL=subscribe.php?id=$row->id'>"; }
}
}
 
    mysql_free_result($result);
    mysql_close($sqlconn);
?>

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 12:13 pm
by Eric!
Do a var_dump($results) after your query, from what I see it must be returning something to be passed on to subscribe.php.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 12:21 pm
by simonmlewis
I had to take a fast screenshot as it still whizzed thru, but this was what it said:
resource(4) of type (mysqlresult)
"4" has no relevance in the database.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 12:33 pm
by jackpf
Try var_dump(mysql_fetch_array($result));

I think that may have been what Eric! meant? If not my apologies :D

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 12:39 pm
by simonmlewis
bool(false
This is the error with that vardump code.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 12:50 pm
by jackpf
In that case this: if (mysql_num_rows($result)==0) should return true, so <meta http-equiv='Refresh' content='0 ;URL=index.html'> should be displayed.

What's the value of var_dump(mysql_num_rows($result))? :D

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:01 pm
by simonmlewis
The value shows:
int(1)
Incidentially, the value of $endyear-$endmonth-$endday is
-1-
Which bearing in mind, $row->subscribed is empty, should be ok.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:12 pm
by jackpf
Wait - you're running mysql_num_rows() on $result twice.

Try only using it once. You don't need to use it twice anyway.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:17 pm
by Eric!
@jackpf thanks...I forgot to include the call to break up the resource.

I'm confused by the $result being empty and $row==1, but that is basically the source of your problem. Perhaps it is because you call the mysql_num_rows twice in a row...?

If you put these two var_dumps in at the same time to you really see bool(false) and int(1)?
Try changing your code to this

Code: Select all

$result = mysql_query ("SELECT * FROM dxusers WHERE email = '$email' AND password = '$password'");
var_dump(mysql_fetch_array($result)); 
var_dump(mysql_num_rows($result)); 
// $num_row = mysql_num_rows($result);  remove this line not needed
return; // put this here for debugging to stop your code so you don't need a screen shot
if (mysql_num_rows($result)==0)
@jackpf .. looks like we posted at the same time and saw the same thing....

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:26 pm
by simonmlewis
array(40) { [0]=> string(1) "9" ["id"]=> string(1) "9" [1]=> string(5) "Simon" ["firstname"]=> string(5) "Simon" [2]=> string(5) "Lewis" ["lastname"]=> string(5) "Lewis" [3]=> string(15) "simon@smith.com" ["email"]=> string(15) "simon@smith.com" [4]=> string(3) "yes" ["paypal"]=> string(3) "yes" [5]=> string(5) "YKvQT" ["password"]=> string(5) "YKvQT" [6]=> string(6) "123124" ["telephone"]=> string(6) "123124" [7]=> string(9) "Blue Cars" ["company"]=> string(9) "Blue Cars" [8]=> string(8) "asdfsaf1" ["address1"]=> string(8) "asdfsaf1" [9]=> string(0) "" ["address2"]=> string(0) "" [10]=> string(0) "" ["address3"]=> string(0) "" [11]=> string(8) "townhere" ["town"]=> string(8) "townhere" [12]=> NULL ["county"]=> NULL [13]=> string(8) "ab12 3cd" ["postcode"]=> string(8) "ab12 3cd" [14]=> string(10) "2009-07-24" ["datejoined"]=> string(10) "2009-07-24" [15]=> NULL ["subscribed"]=> NULL [16]=> string(4) "user" ["type"]=> string(4) "user" [17]=> NULL ["photo"]=> NULL [18]=> NULL ["about"]=> NULL [19]=> string(1) "0" ["salesamount"]=> string(1) "0" } int(1)
Here you go. A ton of stuff!

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:45 pm
by Eric!
This is a passing condition right? You put in simon@smith.com for email and YKvQT as the password...correct?

What happens during the failed case where there is no match? Isn't that what you are trying to debug?

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:49 pm
by simonmlewis
Your assumptions are correct.

If the email/password are not in the db, it just goes back to index.html.

If it DOES find the email/pass, but all those conditions are false, then you should be taken to subscribe.php.

The site is free to use for August (hence the "08"). If you subcribed AFTER August, then you get two weeks free.... then next time you login you will be asked to register.

When you register, you can access it for one month.

So the scenario here is that the person has join, but not subscribed. The date joined is TODAY (24/7) and the date on the system is 25/9, so it should accept you as a user, but reject you and pass you to subscribe.php.

IT DOESN'T. It just let's you straight through.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 1:56 pm
by Eric!
ok, wait a minute. We are all debugging different things. I understand your problem now. This is a valid user but you want them to subscribe based on some date condition.

Your problem is then with your if statement
35. if
36. (
37. ($month == "08" && $sysmonth == "08") ||
38. ($today <= $fortnight) ||
39. ($sysyear >= $endyear && $sysmonth <= $endmonth && $sysday >= $endday)
40. )

What exactly are you trying to get this to do? Unless you are running this locally on your laptop (server, database, etc) then just changing your laptop's date for testing isn't going to work because date() is using the server's time.

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 2:04 pm
by simonmlewis
Well again, your assumption is correct, but I didn't realised it was server side - I thought that it loads it into the browser, queries the date, and then queries the database results to get the answer.

But I suppose, if it were the way I suspected, anyone could get thru the system easily!

And you are of course dead right, I just changed the datejoined in the db and it worked as it should. Then altered the subscribed date, and again, it worked perfectly.

Sorry for being a bit of a time waster. Looks like my code was/is correct, just my understanding of how the server side scripting works.

Simon

Re: Why is the login failing? They should be refused entry...

Posted: Fri Jul 24, 2009 2:12 pm
by Eric!
No problem, that's one of the difficulties with debugging things in a forum.... :D