Login Nightmare

[djlfreak]

Hi all, Please help me,

My website project is due tomorrow and my login system has decided to blow up in my face. Everything was going fine until I realised I was logging in using the wrong users table in the DB. I have one table called tbl_user for the main part of site and a different table called cms_users for the movie review part, where people need to login to add a review. The login was working fine on my main login page until I realised I was logging people into the cms_users. When I corrected it, the login is working I think, but its supposed to show you are currently logged in as: ____ or login |sign up. If its admin(access level 3) it should show a link to admin area. It was working fine when I was adding users to the wrong table. I tried everything I can think of to fix it but can't. I have a million other things I should be doing with the site. Please take a look at the files and see if you can see a mistake. I'm freaking out. :'(

 

Files:

cms_transact user.php  - case: LOGIN  (the 2nd login case)

header.php                    - lines 68-87

login.php                      -the login page

cms_http_functions.php - redirects users to various pages after completing transactions

 

The tables are:

tbl_user

user_id

user_name

user_first_name

user_surname

user_password

user_email

user_age

user_access_level

user_regdate

user_last_login

 

cms_users

user_id

email

password

name

username

access_level

 

I would be eternally grateful for any help with this. It's probably something simple but I've tried everything I can think of. If I don't get it working I'm dead.

 

[attachment deleted by admin]

[-Karl-]

In cms_user_transact you have two cases, Login and LOGIN, which one does it actually use?

 

If it's using the Login case, it's clear that user_first_name isn't being selected from the database, hence the output does not exist.

 

You should use different login names for each case. Such as case 'cmsLogin' and case 'tblLogin'

 

[djlfreak]

I know I should use different names. But login(lowercase) and LOGIN (uppercase) was how I was distinguishing them. The LOGIN case is the one I can't get working.

[-Karl-]

Try

if (!empty($_SESSION['user_first_name'])) { 

[djlfreak]

Hi Karl,

Where exactly do I put that in? Is it here?

    case 'LOGIN':
        $email = (isset($_POST['user_email'])) ? $_POST['user_email'] : '';
        $password = (isset($_POST['user_password'])) ? $_POST['user_password'] : '';

if (!empty($_SESSION['user_first_name'])) { 

     

 $sql = 'SELECT
                user_id, user_access_level, user_name
            FROM
                cms_users
            WHERE
                user_email = "' . mysql_real_escape_string($email, $db) . '" AND
                user_password = PASSWORD("' . mysql_real_escape_string($password,
                    $db) . '")';
        $result = mysql_query($sql, $db) or die(mysql_error($db));
        if (mysql_num_rows($result) > 0) {
            $row = mysql_fetch_array($result);
            extract($row);
            session_start();
            $_SESSION['user_id'] = $user_id;
            $_SESSION['user_access_level'] = $access_level;
            $_SESSION['user_name'] = $name;
        }
        mysql_free_result($result);
        redirect('index.php');
        break;

 

I tried it and I got

Parse error: syntax error, unexpected T_CASE in C:\xampp\htdocs\OLDFILMforwardPHP\cms_transact_user.php on line 61

[-Karl-]

No, in header.php replace if (isset($_SESSION['user_first_name'])) {  with the above.

[djlfreak]

No joy Karl! Thanks for trying to help, but I think I'm screwed. I'm going to try and get rid of the second users table but since I have about a million php files connected to tbl_user, it's going to be hard. I think PHP is not for me, I love web design but I find PHP incomprehensible. To be honest in the real world I would use apps built by experts like yourself, or open source. Looks like I'm going to fail, which is a bitch cause I tried so hard.