Page 1 of 1

error in my login script

Posted: Tue Aug 23, 2011 6:26 am
by andreea115
hi everyone

i have written a login script that first confirms whether the Users eamil and password match those held in the database and also confirms whether the Users account has been activiated ( i.e if the account has been activate then the data in the 'active' column of the database should be equal to NULL.

Thereafter, it checks what kind of membership the user has (i.e membership 'A' or membership 'F'). It then redirects the member to the appropriate membership page: i.e login page A or login page F.


the problem that i have is that the script does not seem to work. the funny thing is that it worked for several days and then stopped working. i obviosuly have a bug somewhere but cannot find what the bug is. i have tripple checked my code and it seems fine.

i aprricate help from everyone. thank you very much.

Code: Select all






$dbc = @mysqli_connect (DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);



if (!$dbc) {

    trigger_error ('Could not connect to MySQL: ' . mysqli_connect_error() );

}

















    //variable for names     

        $e = '';

        $LN = '';

        







    if(isset($_POST['submit']))

      {

          

            require_once ('db_fns.php'); // Connect to the db.

    

        

            

            

            

            

        

    if(!empty($_POST['email'])){

        $e = mysqli_real_escape_string($dbc,trim($_POST['email']));

     

    echo $e;

    

    }

    else{

        $e = false;

         echo '<p class="error">You forgot to enter your email address!</p>';



    }

                

            

    if(isset($_POST['pass'])){

       $p = mysqli_real_escape_string($dbc,trim($_POST['pass']));

    }

      else

      {

        $p = false;        

       echo '<p class="error">You forgot to enter your password!</p>';

    

            

      }    

              

    

    

    

    

    if ($e && $p) { // If everything's OK.

        

         

        $select =  "  SELECT 

                            first_name , 

                            membership_type , 

                            user_id, 

                            user_level ";

        $from = "    FROM 

                 users    ";

                             

        $where = sprintf("  WHERE

                  email = '%s', 

                  AND pass='%s' ,

                  AND active = 'NULL'

                  

                  ", 

                   mysqli_real_escape_string(trim($e)),

                   mysqli_real_escape_string(trim(SHA1("$p") ))

                  

                                  );

                                     

                                          

        $order = "  ORDER BY  user_id DESC  LIMIT 1";

            

        $query = $select.$from.$where.$order;

        

    

        $result = mysqli_query($query);

        

        confirm_query ($result);



    

            

        

        if (mysqli_num_rows($result) == 1) { // A match was made.

    

                // Register the values & redirect:

                

                

                $_SESSION = mysqli_fetch_array ($result, MYSQL_ASSOC); 

                

                $returns=$_SESSION;

                         

                 

                $membership_type = $returns[ 'membership_type'  ];

                    

                

                

        }

                

    if ( $membership_type ==  'A' )  

        {

                           $A_id =  $_SESSION['user_id']; 

                

                mysqli_free_result($r);

                mysqli_close($dbc);

                $url = BASE_URL . 'index.php?view=loginA';// Define the URL:

    

                ob_end_clean(); // Delete the buffer.

                header("Location: $url");

                exit(); // Quit the script.

            

                

        }

        elseif  ( $membership_type ==  'F' )  

        

        {

             $f_id  =  $_SESSION['user_id']; 

            

            

                mysqli_free_result($r);

                mysqli_close($dbc);

                $url = BASE_URL . 'index.php?view=loginF';// Define the URL:

    

                ob_end_clean(); // Delete the buffer.

                header("Location: $url");

                exit(); // Quit the script.

            

            

        }

        

        else {

            

             $suspended_id  =  $_SESSION['user_id']; 

            

            

                mysqli_free_result($r);

                mysqli_close($dbc);

                $url = BASE_URL . 'index.php?view=login';// Define the URL:

    

                ob_end_clean(); // Delete the buffer.

                header("Location: $url");

                exit(); // Quit the script.

            

            

        }

                

                

                

            }// END of conditional for whether the correct data was submitted to database for login. 

            

            

            else { // No match was made.

                

                

                

                

                echo '<p class="error">Either the email address and password entered do not match those on 

                file or you have not yet activated your account.</p>';

            }

            

        

        

            }//} // End of SUBMIT conditional.

        ?>

        <br /><br />

        

         <h1 class="main_pageheading1">&nbsp;</h1>

         <h1 class="main_pageheading1">     Login Page for Aupair World Agency     </h1>



<p>&nbsp;</p>

<p>&nbsp; </p>

        

        

        

        

        

        <p   class="main_pageheading2" >Your browser must allow cookies in order to log in.</p>

        

        <br /><br /><br />

            

<p>&nbsp;</p>

<p>&nbsp; </p>

        

    





    <form action="index.php?view=login" method="post">

                

        <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse"   align="center" 

        bordercolor="#FCF3E5" width="85%" id="AutoNumber6" height="200">

          

      

      

        <tr>

        <td width="50%" class="forms"  >

        

            

        <strong>Email Address:</strong> 

        

            </td>

            

                      

        <td width="50%" class="forms"   >    

            

      

         <?php echo '<input type="text" name="email" size="20" 

        maxlength="80"  style="font-family: Tahoma; width: 300px;  height: 30pt;     font-size: 16pt"

           value="' . $e . '"  />'; ?>     

       

        

          

          </td>

        </tr>

      

        



    <tr>

        <td width="50%" class="forms"   >

        

            

    <strong>Password:</strong> 

        

    </td>

            

                      

      <td width="50%" class="forms"   >    

            

    

        <input type="text"  name = 'pass'    size="10" 

        maxlength="20"  style="font-family: Tahoma; 

             width: 300px;  height: 30pt; font-size: 16pt"    />

             

       </td>

       </tr>

      

       

       

            

     <tr  style="margin-bottom:120px; height: 80px;"   >

   

        <td   align="center"colspan="2" class="forms"  style="margin-bottom:120px;"    >

                    

              <input type="submit"  name="submit"  size="20"  style="font-family: Tahoma; width: 150px; 

               height: 25pt;    font-size: 14pt"  value="login"  >

              

        <input type="hidden" name="submitted" value="TRUE" />

            

        

    </td>

    </tr>

                    

          </table>



                </form>









Re: error in my login script

Posted: Tue Aug 23, 2011 6:36 am
by phphelpme
Are you getting any error codes when you run the script to start off with?

Best wishes

Re: error in my login script

Posted: Tue Aug 23, 2011 7:21 am
by social_experiment
If it suddenly stopped working it might be recent changes to your webserver. Like phphelpme, i (and i think most others) require a bit more information about which errors you are receiving.