I am totally new to php/mysql and need help!!!
I created a login and registration form (code below). Everything is working fine. However, I would like to store each user's individual login session (once it is validated) with the date and time of the session in a separate login table. I've created the table and even included a customer id field that is the same primary customer id field that is in the registration table. However, I am at a complete loss as to the code I need to use or where it goes to store the individual login session. (The code below doesn't include any code for this right now because everything I tried produced error messages.) I would appreciate it if someone could guide me with the code and where to place it!
<?php
/* Program: Loginformtesta.php
* Desc: Script for the User Login
* application. This is a double form- one form is for already registered logins, while the other form is for new registrants.
*/
ini_set("display_errors","on");
error_reporting(E_ALL | E_STRICT);
ini_set("include_path","../../includes");
include("dbinfo.inc");
$table_name = "CustomerInfo";
date_default_timezone_set('America/New_York');
$today=date("Y-m-d h:i:s");
switch (@$_POST['Button'])
{
case "Login":
$cxn = mysqli_connect($host,$user,$passwd,$dbname) or die("Can't connect");
$sql = "SELECT user_name FROM $table_name
WHERE user_name='$_POST[fuser_name]'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query 1");
$num = mysqli_num_rows($result);
if($num == 1)
{
$sql = "SELECT user_name FROM $table_name
WHERE user_name='$_POST[fuser_name]'
AND password='$_POST[fpassword]'";
$result2 = mysqli_query($cxn,$sql)
or die("Couldn't execute query 2.");
$row = mysqli_fetch_assoc($result2);
if($row)
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = $_POST['fuser_name'];
include("storedloga.inc");
}
else
{
$message_1="The Login Name, '$_POST[fuser_name]'
exists, but you have not entered the
correct password! Please try again.<br>";
extract($_POST);
include("arrays.inc");
include("logintest_form.inc");
}
}
elseif ($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
match. Please try again.<br>";
include("arrays.inc");
include("logintest_form.inc");
}
break;
case "Register":
/* Check for blanks */
foreach($_POST as $field => $value)
{
if ($field != "fax")
{
if ($value == "")
{
$blanks[] = $field;
}
}
}
if(isset($blanks))
{
$message_2 = "The following fields are blank.
Please enter the required information: ";
foreach($blanks as $value)
{
$message_2 .="$value, ";
}
extract($_POST);
include("arrays.inc");
include("logintest_form.inc");
exit();
}
/* validate data */
foreach($_POST as $field => $value)
if(!empty($value))
{
if(eregi("name",$field) and
!eregi("user",$field) and !eregi("log",$field))
{
if (!ereg("^[A-Za-z' -]{1,50}$",$value))
{
$errors[] = "$value is not a valid name.";
}
}
if(eregi("street",$field)or eregi("addr",$field) or
eregi("city",$field))
{
if(!ereg("^[A-Za-z0-9.,' -]{1,50}$",$value))
{
$errors[] = "$value is not a valid address
or city.";
}
}
if(eregi("state",$field))
{
if(!ereg("[A-Za-z]",$value))
{
$errors[] = "$value is not a valid state.";
}
}
if(eregi("zip_code",$field))
{
if(!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",$value))
{
$errors[] = "$value is not a valid zipcode.";
}
}
if(eregi("phone",$field) or eregi("fax",$field))
{
if(!ereg("^[0-9)(xX -]{7,20}$",$value))
{
$errors[] = "$value is not a valid phone
number. ";
}
}
if(eregi("email",$field))
{
if(!ereg("^.+@.+\\..+$",$value))
{
$errors[] = "$value is not a valid email
address.";
}
}
}
foreach($_POST as $field => $value)
{
if($field != "Button")
{
if($field == "password")
{
$password = strip_tags(trim($value));
}
else
{
$fields[]=$field;
$value = strip_tags(trim($value));
$values[] = addslashes($value);
$$field = $value;
}
}
}
if(@is_array($errors))
{
$message_2 = "";
foreach($errors as $value)
{
$message_2 .= $value." Please try again<br />";
}
include("arrays.inc");
include("logintest_form.inc");
exit();
}
$user_name = $_POST['user_name'];
/* check to see if user name already exists */
$cxn = mysqli_connect($host,$user,$passwd,$dbname) or die("Can't connect");
$sql = "SELECT user_name FROM $table_name
WHERE user_name='$user_name'";
$result = mysqli_query($cxn,$sql)
or die("Couldn't execute query.");
$num = mysqli_num_rows($result);
if ($num > 0)
{
$message_2 = "$user_name belongs to someone else. Please choose another
User Name.";
include("arrays.inc");
include("logintest_form.inc");
exit();
}
else
{
date_default_timezone_set('America/New_York');
$today=date("Y-m-d, hh:ii:ss");
$sql = "INSERT INTO $table_name (create_date,user_name,password,last_name,first_name,street,city,state,zip_code,phone,email,fax) VALUES('$today','$user_name','$password','$last_name','$first_name','$street','$city','$state','$zip_code','$phone','$email','$fax')";
mysqli_query($cxn,$sql) or die(mysqli_error($cxn));
$_SESSION['auth']="yes";
$_SESSION['logname'] = $user_name;
include("storedreg.inc");
}
break;
default:
include("arrays.inc");
include("logintest_form.inc");
}
?>