We have a website with a members section. There is, therefore, a login page which should get the person's details from our PHP database.
I recently paid a 'programmer' to make some changes and to update the site.
It works most the time. BUT when I add a new member directly to the database I often find they can't login.
The only solution I have found it to keep re-adding them until by some magic it works. I then delete the ones that did not work.
Naturally, this is not how it should be done.
The 'programmer' who we paid has now vanished.
The website is for a charity (non-profit) and we do not have any more money to pay someone else so can some kind expert please look at the code on the login page and hopefully tell me what is wrong so I can fix it.
that would such a blessing
Here is what we have at the moment
Code: Select all
session_start();
// include MySQL functions
include('../includes/dbinfo.php');
include('../includes/functions.php');
function preventinjection2( $value )
{
if ($value == "") {
$value = "";
}
else {
if( get_magic_quotes_gpc() )
{
$value = stripslashes( $value );
}
if (function_exists("mysql_real_string_escape")) {
$value = mysql_real_escape_string( $value );
}
else {
$value = addslashes($value);
}
}
return $value;
}
$txtusername = preventinjection2($_POST['txtusername']);
$txtpassword = preventinjection2($_POST['txtpassword']);
// If both username & password input check against database for match
if (!empty($txtusername) and !empty($txtpassword))
{
$query = "SELECT Name, Password, Email, Paid FROM users WHERE Email = '$txtusername' AND Password = '$txtpassword'";
$users = mysql_query($query) or die("your Select satement failed!");
$useracct = mysql_fetch_array($users);
if($useracct)
// If match then set uername & password to session variables
// and then redirect user...
{
// Get user information
$sql = "SELECT * FROM users WHERE Email = '$txtusername' AND Password = '$txtpassword'";
$sql_result = mysql_query($sql , $conn) or die ("Couldn't execute query.");
while ($row = mysql_fetch_array($sql_result))
{
$paid = $row['Paid'];
}
if ($paid == "Yes") {
$_SESSION['username2'] =$txtusername;
$_SESSION['password2'] =$txtpassword;
header("Location: index.php");
}
else {
echo "Your account has not yet been activated, please contact us for details";
}
}
}
// If the above redirect fails the HTML and PHP below is output
// displaying the HTML form and any input values.
include ("../styles/$style");
include ("../includes/visual.php");
?>
<html>
<head>
<title><?php title(); ?> </title>
<!-- Meta tags, description, keywords -->
<!-- CSS Stylesheet -->
<?php stylesheet(); ?>
<!-- Link styles, colours, text decoration etc. -->
<?php styles(); ?>
</head>
<!-- Whole page background colour as set in site settings -->
<body bgcolor="<?php echo $Page; ?>">
<div id="container">
<div id="maincontent">
<!-- Company name banner, with colours from site settings -->
<div id="navbanner" style="background-color:<?php echo $Header;?>; color:<?php echo $Headertext;?>">
<h3><?php echo $Name2; ?></h1>
</h3></div>
<!-- Logo banner -->
<div id="navbanner1" style="background-color:<?php echo $Logo2; ?>"><img src="/<?php logo(); ?>" alt="<?php echo $Name2; ?>"></div>
<!-- Code to display top menu -->
<?php topmenu(); ?>
<!-- Menu box with colour from site settings -->
<div id="navside1" style="background-color:<?php echo $Menu;?>; border:Solid <?php echo $Menuborderpx; echo $Menubc; ?>">
<!-- Code to display actual menu -->
<?php menu(); ?>
</div>
<!-- Main content box with colours from site settings -->
<div class="content" style="background-color:<?php echo $Body; ?>; color:<?php echo $Bodytext; ?>; border:Solid <?php echo $Bodyborderpx; echo $Bodybc; ?>">
<form name="loginform" method="post" action="login.php">
<table id="main">
<tr class="evenrow">
<td colspan="2">
<h4>Login for <strong>Sitters </strong> only.</h4><br />
<strong>Home Owners </strong>you need to email us your new dates and we will add it for you.<br /><br />
</td>
</tr>
<tr class="oddrow">
<td colspan="2">
<h2>
<? if (empty($txtusername) and empty($txtpassword))
{ print "Please input your email and password below:"; }
if (empty($txtusername) and !empty($txtpassword))
{ print "Login error - Please input your email address below:"; }
if (!empty($txtusername) and empty($txtpassword))
{ print "Login error - Please input your password below:"; }
if (!empty($txtusername) and !empty($txtpassword))
{ print "Login error - Your email and/or password have not been recognised!<br>Please try again."; }
?>
</h2>
</td>
</tr>
<tr class="evenrow">
<td>Email Address:</td>
<td>
<input type="text" width="150" name="txtusername" class="textfield"
<?php if (!empty($txtusername)) { echo "VALUE=$txtusername";} ?> >
</td>
</tr>
<tr class="oddrow">
<td>Password:</td>
<td>
<input type="password" width="150" name="txtpassword" class="textfield" <? if (!empty($txtpassword)) { echo "VALUE=$txtpassword";} ?>>
</td>
</tr>
<tr>
<td colspan="2"><center><input name="cmdSubmit" id="cmdSubmit" type="submit" class="btn" value="Submit"> </center> </td>
</tr>
</table>
</form>
<p> <strong>If you have lost your password please use the Contact form to let us know and we will send you a reminder</strong></p><br /><br />
<a href="https://www.christian-housesitters.com"><img src="return.jpg" alt="Return to Home Page" /></a>
<br/><br /><br />
</div>
</div>
</div>
<div id="copy">
<!-- Code to display footer, required -->
<?php footer(); ?>
</div>
</body>
</html>