Jump to content

Archived

This topic is now archived and is closed to further replies.

kee2ka4

Please help me with this login script.. I CAN'T proceeed without this working

Recommended Posts

Hi! I have a login script that I want to use for my website. Bascially the Login Script requires the UserID and the Password for the user to Login, and this script works fine when I enter the userid and password..

However I need a login script to take the users Email address and Password to login therefore I have edited all the variables and stuff so that the form takes the email address instead of the User id however I keep getting the following sql error message:

[b]Invalid query: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@hotmail.com' at line 1[/b]

The code for this login script is:

[code]<?php
header("Expires: Thu, 17 May 2001 10:17:17 GMT");    // Date in the past
  header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
header ("Pragma: no-cache");                          // HTTP/1.0
session_start();

if (!isset($_SESSION['SESSION'])) require ( "../../include/session_init.php");

// reset session variables...
$_SESSION['USERID'] = "";
$_SESSION['LOGGEDIN'] = false;
$_SESSION['EMAIL'] = "";
$_SESSION['FNAME'] = "";
$_SESSION['LNAME'] = "";

// initialize variables...
$userid = "";
$passwd = "";
$email = "";

// make sure post parameters were sent...
if (isset($HTTP_POST_VARS["email"])) $email = addslashes($HTTP_POST_VARS["email"]);
if (isset($HTTP_POST_VARS["passwd"])) $passwd = addslashes($HTTP_POST_VARS["passwd"]);

$_SESSION['EMAIL'] = $email;

// form variables must have something in them...
if ($email == "" || $passwd == "") { header("Location: ../login_system.php?flg=red&email=".$email); exit; }

// check in database...
  $query = "SELECT * FROM tbl_users WHERE cEmail = ".$email;

//echo $query;
  mysql_pconnect($_SESSION['MYSQL_SERVER1'],$_SESSION['MYSQL_LOGIN1'],$_SESSION['MYSQL_PASS1'])
                  or die("Unable to connect to SQL server");
    mysql_select_db($_SESSION['MYSQL_DB1']) or die("Unable to select database");
 

$result = mysql_query($query) or die("Invalid query: " . mysql_error());

// if userid is not present in DB go back to login page...
if (mysql_affected_rows() != 1) { header("Location: ../login_system.php?flg=red&email=".$email);; exit; }

// check for password, active state, user type, and then send to appropriate section...
if ($row = mysql_fetch_assoc($result)) {
// echo $row['sPassword'] . "<br>" . md5($passwd);
if (strcmp($row['sPassword'], md5($passwd)) != 0) { header("Location: ../login_system.php?flg=red&email=".$email); exit; }

// set standard session variables...
$_SESSION['LOGIN_TYPE'] = $user_type;
$_SESSION['USERID'] = $userid;
$_SESSION['EMAIL'] = $email;
$_SESSION['LOGGEDIN'] = true;
$_SESSION['FNAME'] = $row['sFName'];
$_SESSION['LNAME'] = $row['sLName'];

header("Location: ../account.php");
exit;

} else {
header("Location: ../login_system.php?flg=red&email=".$email); exit;
}

?>
[/code]

Could someone Please help me... or Point me in the right direction... Regards kee2ka4

Share this post


Link to post
Share on other sites
Try changing this line....

[code]
  // check in database...
  $query = "SELECT * FROM tbl_users WHERE cEmail = ".$email;
[/code]
to
[code]
  // check in database...
  $query = "SELECT * FROM tbl_users WHERE cEmail = '$email'";
[/code]

Regards
Huggie

Share this post


Link to post
Share on other sites
Mate you were spot on... Thanks very much man... Really Appreciate your Help... ;D

Kind Regards, Kee2ka4

Share this post


Link to post
Share on other sites
You're more than welcome.  If your value is a string it should have single quotes around it.  They aren't required for integers.

Huggie

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.