Login problem, need fresh set of eyes.

•

What is DaniWeb IT Discussion Community?

You're currently browsing the PHP section within the Web Development category of DaniWeb, a massive community of 403,300 software developers, web developers, Internet marketers, and tech gurus who are all enthusiastic about making contacts, networking, and learning from each other. In fact, there are 3,793 IT professionals currently interacting right now! Registration is free, only takes a minute and lets you enjoy all of the interactive features of the site.

Join our community!

Please support our PHP advertiser: Lunarpages PHP Web Hosting

Thread Tools Display Modes

Views: 343 | Replies: 9 | Solved

Previous Post in Thread

Next Post in Thread

•

Join Date: Oct 2007

Location: England

Posts: 30

Reputation: mortalex is an unknown quantity at this point

Rep Power: 1

Solved Threads: 0

mortalex

Offline

Light Poster

Login problem, need fresh set of eyes.

May 5th, 2008

Hey guys, i've got a right headache from this piece of code at the moment, it's a simle login script and it just sin't working, the MySQL query looks correct to me and all the other stuff looks ok, but then again i'm no PHP expert.

Could someone look at it for me please?

 Help with Code Tags 
 PHP Syntax (Toggle Plain Text) 
<?
include ('./includes/header.php');
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once('../sqlconnect/connect.php');
 
$errors = array(); // Initialize error array.
// Check for an email address.
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email address.';
} else {
$em = trim($_POST['email']);
}
// Check for a password.
if (empty($_POST['pass'])) {
$errors[] = 'You forgot to enter your password.';
} else {
$pw = trim($_POST['pass']);
}
if (empty($errors)) { // If everything's OK.
 
$query = "SELECT * FROM members WHERE email = '$em' AND password = SHA('$pw')";
 
$result = @mysql_query($query);
// Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM);
 
// Return a record, if applicable.
if ($row){ // A record was pulled from the database.
 
//set session
session_name('visit');
session_start();
$_SESSION ['id'] = $row[0];
$_SESSION ['name'] = $row[1];
$_SESSION ['email'] = $row[3];
$_SESSION ['agent'] = md5($_SERVER['HTTP_USER_AGENT']);
 
// Redirect the user to the loggedin.php page.
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/loggedin.php?' . $_SESSION['agent'];
 
header("Location: $url");
exit();
// Quit the script.
} else { // No record matched the query.
$errors[] = 'The email address and password entered do not match those on file.'; // Public message.
$errors[] = mysql_error() . '<br />Query: ' . $query; // Debugging message.
}
 
} // End of if (empty($errors)) IF.
 
mysql_close(); // Close the database connection.
 
} else { // Form has not been submitted.
 
$errors = NULL;
 
} // End of the main Submit conditional.
 
//print errors
if (!empty($errors)){
 
echo '<h1 id = mainhead>Error!</h1>
<p class = error >Following occured:<br/>';
 
foreach ($errors as $msg){
echo " - $msg<br/>\n";
}
echo '<p>Please try again <a href = login.php>Reset</a>';
}
?>
<?
include ('./includes/header.php');
// Check if the form has been submitted.
if (isset($_POST['submitted'])) {
require_once('../sqlconnect/connect.php');

$errors = array(); // Initialize error array.
// Check for an email address.
if (empty($_POST['email'])) {
$errors[] = 'You forgot to enter your email address.';
} else {
$em = trim($_POST['email']);
}
// Check for a password.
if (empty($_POST['pass'])) {
$errors[] = 'You forgot to enter your password.';
} else {
$pw = trim($_POST['pass']);
}
if (empty($errors)) { // If everything's OK.

$query = "SELECT * FROM members WHERE email = '$em' AND password = SHA('$pw')";

$result = @mysql_query($query);
// Run the query.
$row = mysql_fetch_array ($result, MYSQL_NUM);

// Return a record, if applicable.
if ($row){ // A record was pulled from the database.

//set session
session_name('visit');
session_start();
$_SESSION ['id'] = $row[0];
$_SESSION ['name'] = $row[1];
$_SESSION ['email'] = $row[3];
$_SESSION ['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

// Redirect the user to the loggedin.php page.
// Start defining the URL.
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
// Check for a trailing slash.
if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\') ) {
$url = substr ($url, 0, -1); // Chop off the slash.
}
// Add the page.
$url .= '/loggedin.php?' . $_SESSION['agent'];

header("Location: $url");
exit();
// Quit the script.
} else { // No record matched the query.
$errors[] = 'The email address and password entered do not match those on file.'; // Public message.
$errors[] = mysql_error() . '<br />Query: ' . $query; // Debugging message.
}

} // End of if (empty($errors)) IF.

mysql_close(); // Close the database connection.

} else { // Form has not been submitted.

$errors = NULL;

} // End of the main Submit conditional.

//print errors
if (!empty($errors)){

echo '<h1 id = mainhead>Error!</h1>
<p class = error >Following occured:<br/>';

foreach ($errors as $msg){
echo " - $msg<br/>\n";
}
echo '<p>Please try again <a href = login.php>Reset</a>';
}
?>