PBD817 Posted June 11, 2010 Share Posted June 11, 2010 Can someone please look at this code and see what is hosed up? The login worked previously and only one change was made. I think I know somewhat where the issue is but am not for sure. We made one change to this page on line 49. There was an 'ID' field pointing in the Supplier table and it was changed to the 'Supplier ID' Now the Supplier Login does not work. I think it may be the lines pointing to the login or sessions table and recording the user ID and not Supplier ID? Thank you in advance for your help with this. ----- Here is the login.php page: <?php include("Web/htdocs/include/include.php"); ?> <?php require_guest(); ?> <?php if (isset($_POST["email"])) { // Verify the visitor has not attempted login too many times $visitors = query_mysql("SELECT `Login Attempts`, `Cookie Attempts`, `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); if ($visitor = mysql_fetch_array($visitors)) { if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) { query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); } elseif ($visitor["Cookie Attempts"] >= $__options["max_session_attempts"] || $visitor["Login Attempts"] >= $options__["max_login_attempts"]) { $abort_session = 1; } } if (!isset($abort_session) || $abort_session != 1) { $users = query_mysql("SELECT `Supplier ID`, `Password`, `Force Password Change`, `Password Changed`, `Status` FROM `Suppliers` WHERE `Email` = '" . escape($_POST["email"]) . "'"); if ($user = mysql_fetch_array($users)) { if (check_password($_POST["password"], $user["Password"]) == 1) { if ($user["Status"] = "Active") { if ($user["Force Password Change"] == "Yes" || time() > ($user["Password Changed"] + $__options["admin_password_change_time"])) { if ($_POST["password1"] != "") { $temp = good_password($_POST["password1"]); if ($_POST["password1"] != $_POST["password2"]) { $temp = "Enter the same password twice."; } if ($_POST["password"] == $_POST["password1"]) { $temp = "Your new password can not be the same as the old one."; } if ($temp !== 1) { $password_change = 1; $message = $temp; } else { if ($result = query_mysql("UPDATE `Suppliers` SET `Force Password Change` = 'No', `Password` = '" . escape(salt_hash_password($_POST["password1"])) . "', `Password Changed` = '" . time() . "' WHERE `Email` = '" . escape($_POST["email"]) . "'") && mysql_affected_rows() > 0) { header("Location: /portal/supplier/login.php?action=passwordchange"); die(1); } else { $password_change = 1; $message = "There was a problem."; } } } else { $password_change = 1; $message = "You are required to change your password."; } } else { $temp = random_string(40); if ($result = query_mysql("SELECT `ID` FROM `Sessions` WHERE `Cookie` = '" . escape($temp) . "'")) { if (mysql_num_rows($result) == 0) { setcookie("session_id", $temp, time() + 600000, "/"); query_mysql("INSERT INTO `Sessions` (`Cookie`, `User ID`, `User Type`, `Activity`, `Login`) VALUES ('" . escape($temp) . "', '" . escape($user["Supplier ID"]) . "', 'Supplier', '" . time() . "', '" . time() . "')"); query_mysql("INSERT INTO `Login Tracking` (`ID`, `User Type`, `Login`, `Session ID`, `IP`, `Logout Type`, `Logout`, `User ID`) VALUES (NULL , 'Supplier', '" . time() . "', '" . mysql_insert_id() . "', INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '0', '0', '" . escape($user["ID"]) . "')"); query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); header("Location: /portal/supplier/"); die(1); } else { $message = "There was a problem on our end."; } } else { $message = "There was a problem on our end."; } } } elseif ($user["Status"] = "New") { $message = "After we approve your account, you will be able to login."; } else { $message = "Either your email or password is incorrect."; } } else { $message = "Either your email or password is incorrect."; } } else { $message = "Either your email or password is incorrect."; } } else { $message = "You, or someone on your internet connection, has attempted to login to the system too many times. Either wait a while or contact us for help."; } } if ($message == "Either your email or password is incorrect.") { $visitors = query_mysql("SELECT `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); if ($visitor = mysql_fetch_array($visitors)) { if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) { query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')"); } else { query_mysql("UPDATE `Visitors` SET `Login Attempts` = `Login Attempts` + 1 WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); } } else { query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')"); } } if (isset($_GET["action"])) { switch ($_GET["action"]) { case "timeout": $message = "You have been logged out due to inactivity or longevity. You will need to login again."; break; case "loggedout": $message = "You have been logged out."; break; case "passwordchange": $message = "Your password has been changed."; break; default: break; } } ?> <?php include("Web/htdocs/include/open.php"); ?> <meta name="keywords" content="global trade base" /> <title>Global Trade Base</title> <?php include("Web/htdocs/include/navigation.php"); ?> <?php if ($password_change == 1) { ?> <form method="post" action="Web/htdocs/portal/supplier/login.php"> <h1>Change Password</h1> <p style="color: red; font-weight: bold;"><?php echo $message; ?></p> <table> <tr> <th style="text-align: right;">Email:</th> <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td> </tr> <tr> <th style="text-align: right;">Password:</th> <td><input type="password" name="password" /></td> </tr> <tr> <th style="text-align: right;">New Password:</th> <td><input type="password" name="password1" /></td> </tr> <tr> <th style="text-align: right;">New Password Again:</th> <td><input type="password" name="password2" /></td> </tr> <tr> <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td> </tr> </table> </form> <?php } else { ?> <form method="post" action="Web/htdocs/portal/supplier/login.php"> <h1>Supplier Login</h1> <p style="color: red; font-weight: bold;"><?php echo $message; ?></p> <table> <tr> <th style="text-align: right;">Email:</th> <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td> </tr> <tr> <th style="text-align: right;">Password:</th> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td> </tr> </table> </form> <a href="Web/htdocs/portal/supplier/forgot_password.php">I forgot my password.</a> <?php } ?> <script type="text/javascript"> <!-- $('#email').focus(); $('#email').select(); //--> </script> <?php include("Web/htdocs/include/close.php"); ?> Quote Link to comment Share on other sites More sharing options...
syed Posted June 11, 2010 Share Posted June 11, 2010 how is the supplier id saved in the table, it appears you have it saved as Supplier ID with a white space, is this correct? Quote Link to comment Share on other sites More sharing options...
PBD817 Posted June 11, 2010 Author Share Posted June 11, 2010 There is a space in between Supplier and ID 'Supplier ID' It worked previously with this space. wondering if changing the 'ID' to 'Supplier ID' on line 49 changed how it is logging in or storing the session. The error message is that the email or password is incorrect. Quote Link to comment Share on other sites More sharing options...
PBD817 Posted June 11, 2010 Author Share Posted June 11, 2010 Any suggestions as to where the issue would be? The fact that it worked before but stopped after we changed one field reference really is frustrating. My compliments to all of you who have mastered PHP. Quote Link to comment Share on other sites More sharing options...
thomashw Posted June 11, 2010 Share Posted June 11, 2010 Please wrap CODE tags around your code when you post it. <?php include("Web/htdocs/include/include.php"); ?> <?php require_guest(); ?> <?php if (isset($_POST["email"])) { // Verify the visitor has not attempted login too many times $visitors = query_mysql("SELECT `Login Attempts`, `Cookie Attempts`, `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); if ($visitor = mysql_fetch_array($visitors)) { if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) { query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); } elseif ($visitor["Cookie Attempts"] >= $__options["max_session_attempts"] || $visitor["Login Attempts"] >= $options__["max_login_attempts"]) { $abort_session = 1; } } if (!isset($abort_session) || $abort_session != 1) { $users = query_mysql("SELECT `Supplier ID`, `Password`, `Force Password Change`, `Password Changed`, `Status` FROM `Suppliers` WHERE `Email` = '" . escape($_POST["email"]) . "'"); if ($user = mysql_fetch_array($users)) { if (check_password($_POST["password"], $user["Password"]) == 1) { if ($user["Status"] = "Active") { if ($user["Force Password Change"] == "Yes" || time() > ($user["Password Changed"] + $__options["admin_password_change_time"])) { if ($_POST["password1"] != "") { $temp = good_password($_POST["password1"]); if ($_POST["password1"] != $_POST["password2"]) { $temp = "Enter the same password twice."; } if ($_POST["password"] == $_POST["password1"]) { $temp = "Your new password can not be the same as the old one."; } if ($temp !== 1) { $password_change = 1; $message = $temp; } else { if ($result = query_mysql("UPDATE `Suppliers` SET `Force Password Change` = 'No', `Password` = '" . escape(salt_hash_password($_POST["password1"])) . "', `Password Changed` = '" . time() . "' WHERE `Email` = '" . escape($_POST["email"]) . "'") && mysql_affected_rows() > 0) { header("Location: /portal/supplier/login.php?action=passwordchange"); die(1); } else { $password_change = 1; $message = "There was a problem."; } } } else { $password_change = 1; $message = "You are required to change your password."; } } else { $temp = random_string(40); if ($result = query_mysql("SELECT `ID` FROM `Sessions` WHERE `Cookie` = '" . escape($temp) . "'")) { if (mysql_num_rows($result) == 0) { setcookie("session_id", $temp, time() + 600000, "/"); query_mysql("INSERT INTO `Sessions` (`Cookie`, `User ID`, `User Type`, `Activity`, `Login`) VALUES ('" . escape($temp) . "', '" . escape($user["Supplier ID"]) . "', 'Supplier', '" . time() . "', '" . time() . "')"); query_mysql("INSERT INTO `Login Tracking` (`ID`, `User Type`, `Login`, `Session ID`, `IP`, `Logout Type`, `Logout`, `User ID`) VALUES (NULL , 'Supplier', '" . time() . "', '" . mysql_insert_id() . "', INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '0', '0', '" . escape($user["ID"]) . "')"); query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); header("Location: /portal/supplier/"); die(1); } else { $message = "There was a problem on our end."; } } else { $message = "There was a problem on our end."; } } } elseif ($user["Status"] = "New") { $message = "After we approve your account, you will be able to login."; } else { $message = "Either your email or password is incorrect."; } } else { $message = "Either your email or password is incorrect."; } } else { $message = "Either your email or password is incorrect."; } } else { $message = "You, or someone on your internet connection, has attempted to login to the system too many times. Either wait a while or contact us for help."; } } if ($message == "Either your email or password is incorrect.") { $visitors = query_mysql("SELECT `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); if ($visitor = mysql_fetch_array($visitors)) { if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) { query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')"); } else { query_mysql("UPDATE `Visitors` SET `Login Attempts` = `Login Attempts` + 1 WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')"); } } else { query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')"); } } if (isset($_GET["action"])) { switch ($_GET["action"]) { case "timeout": $message = "You have been logged out due to inactivity or longevity. You will need to login again."; break; case "loggedout": $message = "You have been logged out."; break; case "passwordchange": $message = "Your password has been changed."; break; default: break; } } ?> <?php include("Web/htdocs/include/open.php"); ?> <meta name="keywords" content="global trade base" /> <title>Global Trade Base</title> <?php include("Web/htdocs/include/navigation.php"); ?> <?php if ($password_change == 1) { ?> <form method="post" action="Web/htdocs/portal/supplier/login.php"> <h1>Change Password</h1> <p style="color: red; font-weight: bold;"><?php echo $message; ?></p> <table> <tr> <th style="text-align: right;">Email:</th> <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td> </tr> <tr> <th style="text-align: right;">Password:</th> <td><input type="password" name="password" /></td> </tr> <tr> <th style="text-align: right;">New Password:</th> <td><input type="password" name="password1" /></td> </tr> <tr> <th style="text-align: right;">New Password Again:</th> <td><input type="password" name="password2" /></td> </tr> <tr> <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td> </tr> </table> </form> <?php } else { ?> <form method="post" action="Web/htdocs/portal/supplier/login.php"> <h1>Supplier Login</h1> <p style="color: red; font-weight: bold;"><?php echo $message; ?></p> <table> <tr> <th style="text-align: right;">Email:</th> <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td> </tr> <tr> <th style="text-align: right;">Password:</th> <td><input type="password" name="password" /></td> </tr> <tr> <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td> </tr> </table> </form> <a href="Web/htdocs/portal/supplier/forgot_password.php">I forgot my password.</a> <?php } ?> <script type="text/javascript"> <!-- $('#email').focus(); $('#email').select(); //--> </script> <?php include("Web/htdocs/include/close.php"); ?> Quote Link to comment Share on other sites More sharing options...
thomashw Posted June 11, 2010 Share Posted June 11, 2010 Where you have: ($user = mysql_fetch_array($users)) Try changing it to: ($user = mysql_fetch_assoc($users)) Quote Link to comment Share on other sites More sharing options...
PBD817 Posted June 11, 2010 Author Share Posted June 11, 2010 Sorry about that, I will do the code tag next time I post something. I do apologize for my inexperience. There is something about this code that is difficult to interpret from another person who programmed it. I feel like I am trying to learn Russian quickly and well enough to proof read someone else's writing. Quote Link to comment Share on other sites More sharing options...
PBD817 Posted June 11, 2010 Author Share Posted June 11, 2010 I tried changing that. It was uploaded (and refreshed.) Still the same error. Is the usage of the Supplier ID during the login and the saving of User ID or ID (for login tracking or sessions) possibly be the problem? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.