djfox

I`ll keep at it and see what happens. Thanks for the input, guys, and for trying to help me. I do appreciate the time you both put into this.

It still wants to say this: Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/secrett1/public_html/auth.php on line 100 But going to another page still keeps me logged in (and keeps the suspended account from logging in). The error goes away after moving to another page (and some pages it looks like I gotta re-code because I`m getting new error messages, I`m assuming is due to the change in how the log in works).

I get this: Warning: mysql_free_result(): supplied argument is not a valid MySQL result resource in /home/secrett1/public_html/auth.php on line 100 Line 100: mysql_free_result($res);

haha i pretty have this feeling too. Well, if one of ya`s willing to re-code the log in entirely that could still function with what I`ve got with my site...

phpSensei I copied and pasted what you had (inside the php marks) and am getting the same result.

It`s not really logging in successfully. Log in with an account, the message "Login Failed" will appear along with what looks like a successful log (sorry this confusion comes up, the other programmer guy who originally made all this made things weird and for years afterwards I`ve been trying to fix his errors [lost contact with him long ago so I can`t ask him to fix it] but log in stuff is a world I know nothing off despite I was able to fix the other stuff he did). Then try navigating to another page. Your log in stuff is gone and back to having the log in form there instead.

Now it tells everyone that the login failed.

Line 74 $rows=mysql_fetch_row($res)) I changed it to $rows=(mysql_fetch_row($res)) Then got this: Parse error: syntax error, unexpected T_VARIABLE in /home/secrett1/public_html/auth.php on line 75 Line 75 is this: $numRows = mysql_num_rows($res);

This comes up: Parse error: syntax error, unexpected ')' in /home/secrett1/public_html/auth.php on line 74

Yah, it`s not the best setup in the world (fixing that comes later). But if you go to another page after that log in, you`re not logged in. The form to log in re-appears. If the log in was successful the login failed message would not be there and you`d be logged in for real.

If you want to test the two sides directly on my server: The suspended account: username: skyeflare password: stuff The not suspended account: username: testuser password: pansey Edit: It would help if I provided the url, wouldn`t it? http://www.secrettrance.net

I made some progress. I added and s to the $rows[5] (before it was just $row[5] ). If the person`s isHold is 1 they get the suspension notice. Good, that wasn`t happening before. But it still wants to not let the other people logged in. I`m going to look more into the code and see if there is something I`m missing.

It`s keeping the people with isHold=0 from logging in, too. Or at least on my server it is.

Ah, it always seems like every problem I have, no one knows the answer to. Then if the log in thing doesn`t want to cooperate, my only other option at this point then is to put in on every page something like isHold > 0 (hide stuff with a message about the suspension) else isHold < 1 (show stuff) I do a similar thing with membership levels. It`s just such a pain to have to go through each and every page with that method. I was hoping maybe I could just end it before they even log in. Well, thanks for trying.

Yes, $row[5] is for the field isHold. Er, my post right before yours has a bit more info of the results of what is happening (I tested with a user who`s account is suspended [or their ishold = 1]).

Yeah but the problem is, if someone who has the isHold value of 0 should be able to log in. But the code stops them and says the log in failed when I put in what you gave me (or I`m assuming i put it in correctly). But if I remove your code, the person can log in normally with no problem. Edit: I tested with a user who`s isHold = 1 and the same thing occurs, the messages says log in failed, it doesn`t permit the person to log on but it doesn`t say anything about being suspended.

$row[6] is nothing but $row[5] echos as 0, which is good because that is the correct number for the account I tested with.

phpSensei Just because I edited my post after your post: I tried $rows[5] and $rows[6] in which neither had any sort of effect. I left 6 in there because that was in there last. Putting in 5 (which is what I`m sure it should be) didn`t make any difference in the code`s performance.

Yep, here ya go: <? // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()-42000, '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($username,$password) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'")) { if ($rows=mysql_fetch_row($res)) { if($row[6] == '1'){ die('Your account is suspended'); } else{ if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $username; $_SESSION['pass'] = $password; $_SESSION['gal'] = $rows[0]; $_SESSION['mail'] = $rows[2]; $_SESSION['level2'] = $rows[1]; $_SESSION['echos'] = $rows[3]; $_SESSION['status'] = $rows[4]; $_SESSION['magic'] = SESSION_MAGIC; $_SESSION['rows'] = $rows; /* stupid stupid hack */ $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } return($ok); } } } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?> I tried $rows[5] and $rows[6] in which neither had any sort of effect. I left 6 in there because that was in there last. Putting in 5 (which is what I`m sure it should be) didn`t make any difference in the code`s performance.

Got the same result. This is a head scratcher...I did put the codes in properly, right? I didn`t miss any { }or put in any extras?

I`m not sure which way is the correct way to post these in this forum (every forum has different rules and I can`t keep track of it) but here we go: http://i174.photobucket.com/albums/w120/beloveddoll/data.jpg http://i174.photobucket.com/albums/w120/beloveddoll/data2.jpg

phpSensei That still gives me the same result. Even though the person`s account is not suspended, the code doesn`t let the person log in. (Love the name, btw. )

pocobueno1388 Here is the updated code: <? // Defines DEFINE('SESSION_MAGIC','sadhjasklsad2342'); // Initialization @session_start(); @ob_start(); /* Redirects to another page */ function Redirect($to) { @session_write_close(); @ob_end_clean(); @header("Location: $to"); } /* Deletes existing session */ function RemoveSession() { $_SESSION = array(); if (isset($_COOKIE[session_name()])) { @setcookie(session_name(), '', time()-42000, '/'); } } /* Checks if user is logged in */ function isLoggedIn() { return(isset($_SESSION['magic']) && ($_SESSION['magic']==SESSION_MAGIC)); } /* Terminates an existing session */ function Logout() { @RemoveSession(); @session_destroy(); } /* read message count */ function CountMessages($id) { if ($res=mysql_query("SELECT * FROM messagedata WHERE recBoxID=$id AND isNew=1")) { $count=mysql_num_rows($res); mysql_free_result($res); return($count); } return 0; } /* Go login go! */ function Login($username,$password) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status, isHold FROM userdata WHERE login='$username' AND password='$password'")) { if ($rows=mysql_fetch_row($res)) { if($rows[5] == '1'){ die('Your account is suspended'); } else{ if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $username; $_SESSION['pass'] = $password; $_SESSION['gal'] = $rows[0]; $_SESSION['mail'] = $rows[2]; $_SESSION['level2'] = $rows[1]; $_SESSION['echos'] = $rows[3]; $_SESSION['status'] = $rows[4]; $_SESSION['magic'] = SESSION_MAGIC; $_SESSION['rows'] = $rows; /* stupid stupid hack */ $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } return($ok); } } } /* Escape array using mysql */ function Escape(&$arr) { if (Count($arr)>0) { foreach($arr as $k => $v) { if (is_array($v)) { Escape($arr[$k]); } else { if (function_exists('get_magic_quotes')) { if(!get_magic_quotes_gpc()) { $arr[$k] = stripslashes($v); } } $arr[$k] = mysql_real_escape_string($v); } } } } // ----------------------------------------------- // Main // ----------------------------------------------- Escape($_POST); Escape($_GET); Escape($_COOKIE); Escape($_REQUEST); Escape($_GLOBALS); Escape($_SERVER); ?>

Ok, I did that and am still having problems with it allowing people to log in. Is there something else I missed?

I must have done something wrong somewhere while implementing the second code you displayed: function Login($username,$password) { global $nmsg, $rows; $ok=false; if ($res=mysql_query("SELECT id,level,mailNum, echo_count, status FROM userdata WHERE login='$username' AND password='$password'")) { if ($rows=mysql_fetch_row($res)) { if($rows[isHold_column] == '1'){ die('Your account is suspended'); } else{ if ($rows=mysql_fetch_row($res)) { $_SESSION['sess_name'] = $username; $_SESSION['pass'] = $password; $_SESSION['gal'] = $rows[0]; $_SESSION['mail'] = $rows[2]; $_SESSION['level2'] = $rows[1]; $_SESSION['echos'] = $rows[3]; $_SESSION['status'] = $rows[4]; $_SESSION['magic'] = SESSION_MAGIC; $_SESSION['rows'] = $rows; /* stupid stupid hack */ $nmsg = CountMessages($rows[0]); $ok=true; } else { include('login_failed.php'); } mysql_free_result($res); } return($ok); } } } It disallows everyone from logging in. Where did I mess up?