Jump to content

Login problem

PBD817

By PBD817
in PHP Coding Help

 Share

Recommended Posts

PBD817 Newbie

PBD817

Posted
Posted

Can someone please look at this code and see what is hosed up? 

 

The login worked previously and only one change was made.  I think I know somewhat where the issue is but am not for sure.

 

We made one change to this page on line 49.  There was an 'ID' field pointing in the Supplier table and it was changed to the 'Supplier ID'

 

Now the Supplier Login does not work.  I think it may be the lines pointing to the login or sessions table and recording the user ID and not Supplier ID? 

 

Thank you in advance for your help with this.

 

-----

 

Here is the login.php page:

 

<?php include("Web/htdocs/include/include.php"); ?>

<?php require_guest(); ?>

<?php

  if (isset($_POST["email"])) {

    // Verify the visitor has not attempted login too many times

    $visitors = query_mysql("SELECT `Login Attempts`, `Cookie Attempts`, `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");

    if ($visitor = mysql_fetch_array($visitors)) {

      if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) {

        query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");

      } elseif ($visitor["Cookie Attempts"] >= $__options["max_session_attempts"] || $visitor["Login Attempts"] >= $options__["max_login_attempts"]) {

        $abort_session = 1;

      }

    }

    if (!isset($abort_session) || $abort_session != 1) {

      $users = query_mysql("SELECT `Supplier ID`, `Password`, `Force Password Change`, `Password Changed`, `Status` FROM `Suppliers` WHERE `Email` = '" . escape($_POST["email"]) . "'");

      if ($user = mysql_fetch_array($users)) {

        if (check_password($_POST["password"], $user["Password"]) == 1) {

          if ($user["Status"] = "Active") {

            if ($user["Force Password Change"] == "Yes" || time() > ($user["Password Changed"] + $__options["admin_password_change_time"])) {

                if ($_POST["password1"] != "") {

                  $temp = good_password($_POST["password1"]);

                  if ($_POST["password1"] != $_POST["password2"]) {

                    $temp = "Enter the same password twice.";

                  }

                  if ($_POST["password"] == $_POST["password1"]) {

                    $temp = "Your new password can not be the same as the old one.";

                  }

                  if ($temp !== 1) {

                    $password_change = 1;

                    $message = $temp;

                  } else {

                    if ($result = query_mysql("UPDATE `Suppliers` SET `Force Password Change` = 'No', `Password` = '" . escape(salt_hash_password($_POST["password1"])) . "', `Password Changed` = '" . time() . "' WHERE `Email` = '" . escape($_POST["email"]) . "'") && mysql_affected_rows() > 0) {

                      header("Location: /portal/supplier/login.php?action=passwordchange");

                      die(1);

                    } else {

                      $password_change = 1;

                      $message = "There was a problem.";

                    }

                  }

                } else {

                  $password_change = 1;

                  $message = "You are required to change your password.";

                }

            } else {

              $temp = random_string(40);

              if ($result = query_mysql("SELECT `ID` FROM `Sessions` WHERE `Cookie` = '" . escape($temp) . "'")) {

                if (mysql_num_rows($result) == 0) {

                  setcookie("session_id", $temp, time() + 600000, "/");

                query_mysql("INSERT INTO `Sessions` (`Cookie`, `User ID`, `User Type`, `Activity`, `Login`) VALUES ('" . escape($temp) . "', '" . escape($user["Supplier ID"]) . "', 'Supplier', '" . time() . "', '" . time() . "')");

                  query_mysql("INSERT INTO `Login Tracking` (`ID`, `User Type`, `Login`, `Session ID`, `IP`, `Logout Type`, `Logout`, `User ID`) VALUES (NULL , 'Supplier', '" . time() . "', '" . mysql_insert_id() . "', INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '0', '0', '" . escape($user["ID"]) . "')");

                  query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");

                  header("Location: /portal/supplier/");

                  die(1);

                } else {

                  $message = "There was a problem on our end.";

                }

              } else {

                $message = "There was a problem on our end.";

              }

            }

          } elseif ($user["Status"] = "New") {

            $message = "After we approve your account, you will be able to login.";

          } else {

            $message = "Either your email or password is incorrect.";

          }

        } else {

          $message = "Either your email or password is incorrect.";

        }

      } else {

        $message = "Either your email or password is incorrect.";

      }

    } else {

      $message = "You, or someone on your internet connection, has attempted to login to the system too many times. Either wait a while or contact us for help.";

    }

  }

 

  if ($message == "Either your email or password is incorrect.") {

    $visitors = query_mysql("SELECT `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");

    if ($visitor = mysql_fetch_array($visitors)) {

      if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) {

        query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");

        query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')");

      } else {

        query_mysql("UPDATE `Visitors` SET `Login Attempts` = `Login Attempts` + 1 WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");

      }

    } else {

      query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')");

    }

  }

 

  if (isset($_GET["action"])) {

    switch ($_GET["action"]) {

      case "timeout":

        $message = "You have been logged out due to inactivity or longevity. You will need to login again.";

        break;

      case "loggedout":

        $message = "You have been logged out.";

        break;

      case "passwordchange":

        $message = "Your password has been changed.";

        break;

      default:

        break;

    }

  }

?>

<?php include("Web/htdocs/include/open.php"); ?>

  <meta name="keywords" content="global trade base" />

  <title>Global Trade Base</title>

<?php include("Web/htdocs/include/navigation.php"); ?>

<?php if ($password_change == 1) { ?>

    <form method="post" action="Web/htdocs/portal/supplier/login.php">

    <h1>Change Password</h1>

    <p style="color: red; font-weight: bold;"><?php echo $message; ?></p>

      <table>

        <tr>

          <th style="text-align: right;">Email:</th>

          <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td>

        </tr>

        <tr>

          <th style="text-align: right;">Password:</th>

          <td><input type="password" name="password" /></td>

        </tr>

        <tr>

          <th style="text-align: right;">New Password:</th>

          <td><input type="password" name="password1" /></td>

        </tr>

        <tr>

          <th style="text-align: right;">New Password Again:</th>

          <td><input type="password" name="password2" /></td>

        </tr>

        <tr>

          <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td>

        </tr>

      </table>

    </form>

<?php } else { ?>

    <form method="post" action="Web/htdocs/portal/supplier/login.php">

    <h1>Supplier Login</h1>

    <p style="color: red; font-weight: bold;"><?php echo $message; ?></p>

      <table>

        <tr>

          <th style="text-align: right;">Email:</th>

          <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td>

        </tr>

        <tr>

          <th style="text-align: right;">Password:</th>

          <td><input type="password" name="password" /></td>

        </tr>

        <tr>

          <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td>

        </tr>

      </table>

    </form>

    <a href="Web/htdocs/portal/supplier/forgot_password.php">I forgot my password.</a>

<?php } ?>

    <script type="text/javascript">

      <!--

      $('#email').focus();

      $('#email').select();

      //-->

    </script>

<?php include("Web/htdocs/include/close.php"); ?>

Link to comment
Share on other sites
PBD817 Newbie

PBD817

Posted
  • Author
Posted

There is a space in between Supplier and ID 'Supplier ID'

 

It worked previously with this space.  wondering if changing the 'ID' to 'Supplier ID' on line 49 changed how it is logging in or storing the session. 

 

The error message is that the email or password is incorrect.

Link to comment
Share on other sites
thomashw Member

thomashw

Posted
Posted

Please wrap CODE tags around your code when you post it.

 

<?php include("Web/htdocs/include/include.php"); ?>
<?php require_guest(); ?>
<?php
  if (isset($_POST["email"])) {
    // Verify the visitor has not attempted login too many times
    $visitors = query_mysql("SELECT `Login Attempts`, `Cookie Attempts`, `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");
    if ($visitor = mysql_fetch_array($visitors)) {
      if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) {
        query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");
      } elseif ($visitor["Cookie Attempts"] >= $__options["max_session_attempts"] || $visitor["Login Attempts"] >= $options__["max_login_attempts"]) {
        $abort_session = 1;
      }
    }
    if (!isset($abort_session) || $abort_session != 1) {
      $users = query_mysql("SELECT `Supplier ID`, `Password`, `Force Password Change`, `Password Changed`, `Status` FROM `Suppliers` WHERE `Email` = '" . escape($_POST["email"]) . "'");
      if ($user = mysql_fetch_array($users)) {
        if (check_password($_POST["password"], $user["Password"]) == 1) {
          if ($user["Status"] = "Active") {
            if ($user["Force Password Change"] == "Yes" || time() > ($user["Password Changed"] + $__options["admin_password_change_time"])) {
                if ($_POST["password1"] != "") {
                  $temp = good_password($_POST["password1"]);
                  if ($_POST["password1"] != $_POST["password2"]) {
                    $temp = "Enter the same password twice.";
                  }
                  if ($_POST["password"] == $_POST["password1"]) {
                    $temp = "Your new password can not be the same as the old one.";
                  }
                  if ($temp !== 1) {
                    $password_change = 1;
                    $message = $temp;
                  } else {
                    if ($result = query_mysql("UPDATE `Suppliers` SET `Force Password Change` = 'No', `Password` = '" . escape(salt_hash_password($_POST["password1"])) . "', `Password Changed` = '" . time() . "' WHERE `Email` = '" . escape($_POST["email"]) . "'") && mysql_affected_rows() > 0) {
                      header("Location: /portal/supplier/login.php?action=passwordchange");
                      die(1);
                    } else {
                      $password_change = 1;
                      $message = "There was a problem.";
                    }
                  }
                } else {
                  $password_change = 1;
                  $message = "You are required to change your password.";
                }
            } else {
              $temp = random_string(40);
              if ($result = query_mysql("SELECT `ID` FROM `Sessions` WHERE `Cookie` = '" . escape($temp) . "'")) {
                if (mysql_num_rows($result) == 0) {
                  setcookie("session_id", $temp, time() + 600000, "/");
                 query_mysql("INSERT INTO `Sessions` (`Cookie`, `User ID`, `User Type`, `Activity`, `Login`) VALUES ('" . escape($temp) . "', '" . escape($user["Supplier ID"]) . "', 'Supplier', '" . time() . "', '" . time() . "')");
                  query_mysql("INSERT INTO `Login Tracking` (`ID`, `User Type`, `Login`, `Session ID`, `IP`, `Logout Type`, `Logout`, `User ID`) VALUES (NULL , 'Supplier', '" . time() . "', '" . mysql_insert_id() . "', INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '0', '0', '" . escape($user["ID"]) . "')");
                  query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");
                  header("Location: /portal/supplier/");
                  die(1);
                } else {
                  $message = "There was a problem on our end.";
                }
              } else {
                $message = "There was a problem on our end.";
              }
            }
          } elseif ($user["Status"] = "New") {
            $message = "After we approve your account, you will be able to login.";
          } else {
            $message = "Either your email or password is incorrect.";
          }
        } else {
          $message = "Either your email or password is incorrect.";
        }
      } else {
        $message = "Either your email or password is incorrect.";
      }
    } else {
      $message = "You, or someone on your internet connection, has attempted to login to the system too many times. Either wait a while or contact us for help.";
    }
  }

  if ($message == "Either your email or password is incorrect.") {
    $visitors = query_mysql("SELECT `First Attempt` FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");
    if ($visitor = mysql_fetch_array($visitors)) {
      if (time() - $visitor["First Attempt"] >= $__options["attempts_timeout"]) {
        query_mysql("DELETE FROM `Visitors` WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");
        query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')");
      } else {
        query_mysql("UPDATE `Visitors` SET `Login Attempts` = `Login Attempts` + 1 WHERE `IP` = INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "')");
      }
    } else {
      query_mysql("INSERT INTO `Visitors` (`IP`, `Login Attempts`, `Cookie Attempts`, `First Attempt`) VALUES (INET_ATON('" . escape($_SERVER["REMOTE_ADDR"]) . "'), '1', '0', '" . time() . "')");
    }
  }
  
  if (isset($_GET["action"])) {
    switch ($_GET["action"]) {
      case "timeout":
        $message = "You have been logged out due to inactivity or longevity. You will need to login again.";
        break;
      case "loggedout":
        $message = "You have been logged out.";
        break;
      case "passwordchange":
        $message = "Your password has been changed.";
        break;
      default:
        break;
    }
  }
?>
<?php include("Web/htdocs/include/open.php"); ?>
  <meta name="keywords" content="global trade base" />
  <title>Global Trade Base</title>
<?php include("Web/htdocs/include/navigation.php"); ?>
<?php if ($password_change == 1) { ?>
    <form method="post" action="Web/htdocs/portal/supplier/login.php">
    <h1>Change Password</h1>
    <p style="color: red; font-weight: bold;"><?php echo $message; ?></p>
      <table>
        <tr>
          <th style="text-align: right;">Email:</th>
          <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td>
        </tr>
        <tr>
          <th style="text-align: right;">Password:</th>
          <td><input type="password" name="password" /></td>
        </tr>
        <tr>
          <th style="text-align: right;">New Password:</th>
          <td><input type="password" name="password1" /></td>
        </tr>
        <tr>
          <th style="text-align: right;">New Password Again:</th>
          <td><input type="password" name="password2" /></td>
        </tr>
        <tr>
          <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td>
        </tr>
      </table>
    </form>
<?php } else { ?>
    <form method="post" action="Web/htdocs/portal/supplier/login.php">
    <h1>Supplier Login</h1>
    <p style="color: red; font-weight: bold;"><?php echo $message; ?></p>
      <table>
        <tr>
          <th style="text-align: right;">Email:</th>
          <td><input id="email" name="email" value="<?php ehtml($_POST["email"]); ?>" /></td>
        </tr>
        <tr>
          <th style="text-align: right;">Password:</th>
          <td><input type="password" name="password" /></td>
        </tr>
        <tr>
          <td colspan="2" style="text-align: right;"><input type="submit" value="Login" /></td>
        </tr>
      </table>
    </form>
    <a href="Web/htdocs/portal/supplier/forgot_password.php">I forgot my password.</a>
<?php } ?>
    <script type="text/javascript">
      <!--
      $('#email').focus();
      $('#email').select();
      //-->
    </script>
<?php include("Web/htdocs/include/close.php"); ?>

Link to comment
Share on other sites
PBD817 Newbie

PBD817

Posted
  • Author
Posted

Sorry about that, I will do the code tag next time I post something.

 

I do apologize for my inexperience.  There is something about this code that is difficult to interpret from another person who programmed it.  I feel like I am trying to learn Russian quickly and well enough to proof read someone else's writing.

Link to comment
Share on other sites
PBD817 Newbie

PBD817

Posted
  • Author
Posted

I tried changing that.  It was uploaded (and refreshed.)

 

Still the same error.

 

Is the usage of the Supplier ID during the login and the saving of User ID or ID (for login tracking or sessions) possibly be the problem? 

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.