tqla Posted June 1, 2007 Share Posted June 1, 2007 Hi. I have a registration script that allows someon to register to my site. After the register they are taken to a login script which consists of a username and password field. Simple enough. Here's the weird thing. They can login just fine. But only once!?! The next time they try and login in it fails to execute the query. Does this sound familiar to anyone? Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/ Share on other sites More sharing options...
MadTechie Posted June 1, 2007 Share Posted June 1, 2007 need to see some code, could be a tagged field (set during login) in the sql, cookies/session etc.. need more info Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/#findComment-266519 Share on other sites More sharing options...
tqla Posted June 1, 2007 Author Share Posted June 1, 2007 hi MadTechie. Here's the code. <?php ob_start(); session_start(); ?> <link href="styles.css" rel="stylesheet" type="text/css"> <html> <body> <div id="containerDiv"> <div id="header"> <h1>Become a member!</h1><p>Lorem ipsum dolor sit amet, consectetuer adipiscing elit. Praesent quis quam nec metus accumsan imperdiet. Nulla nisl velit, feugiat sed, pellentesque nec, laoreet vitae, massa. Suspendisse potenti. Donec sit amet libero et nisl facilisis varius. Aliquam faucibus rhoncus velit. Nullam ligula urna, auctor vitae, bibendum tincidunt, egestas sit amet, neque. Nulla nunc lectus, luctus ut, adipiscing vitae, egestas in, quam. Fusce non diam. Quisque diam. Fusce urna magna, aliquam cursus, suscipit sit amet, porta in, arcu. Cras eleifend, turpis id dictum fringilla, sapien enim placerat nisl, mollis congue nisl pede nec purus. Nam ante. Integer ipsum. Quisque vitae lorem. In non turpis. In tincidunt. Morbi at mauris. Praesent dignissim rutrum ligula.</p> <div id="form"> <?php include("db.inc.php"); switch (@$_GET['do']) { case "login": $sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]'"; $result = mysql_query($sql) or die("Couldn't execute query."); $num = mysql_num_rows($result); if ($num == 1) // login name was found { $sql = "SELECT loginName FROM Member WHERE loginName='$_POST[fusername]' AND password='$_POST[fpassword]'"; $result2 = mysql_query($sql) or die("Couldn't execute query 2."); $num2 = mysql_num_rows($result2); if ($num2 > 0) // password is correct { $_SESSION['auth']="yes"; $logname=$_POST['fusername']; $_SESSION['logname'] = $logname; $today = date("Y-m-d h:i:s"); $sql = "INSERT INTO Login (loginName,loginTime) VALUES ('$logname','$today')"; mysql_query($sql) or die("Can't execute query."); header("Location: Member_page.php"); } else // password is not correct { unset($_GET['do']); $message="<p><font color=#ff0000>The Login Name, '$_POST[fusername]' exists, but you have not entered the correct password! Please try again.</font></p>"; include("form.inc"); } } elseif ($num == 0) // login name not found { unset($_GET['do']); $message = "<p><font color=#ff0000>The Login Name you entered does not exist! Please try again.</font></p>"; include("form.inc"); } break; case "new": foreach($_POST as $field => $value) { if ($field != "fax") { if ($value == "") { unset($_GET['do']); $message_new = "<p><font color=#ff0000>Required information is missing. Please try again.</font></p>"; include("form.inc"); exit(); } } if (ereg("(Name)",$field)) { /*if (!ereg("^[A-Za-z' -]{1,50}$",$value)) { unset($_GET['do']); $message_new = "$field is not a valid name. Please try again."; include("form.inc"); exit(); }*/ } $$field = strip_tags(trim($value)); } // end foreach if (!ereg("^[0-9]{5,5}(\-[0-9]{4,4})?$",$zip)) { unset($_GET['do']); $message_new = "<p><font color=#ff0000>$zip is not a valid zip code. Please try again.</font></p>"; include("form.inc"); exit(); } if (!ereg("^[0-9)(xX -]{7,20}$",$phone)) { unset($_GET['do']); $message_new = "<p><font color=#ff0000>$phone is not a valid phone number. Please try again.</font></p>"; include("form.inc"); exit(); } if ($fax != "") { if (!ereg("^[0-9)(xX -]{7,20}$",$fax)) { unset($_GET['do']); $message_new = "<p><font color=#ff0000>$fax is not a valid phone number. Please try again.</font></p>"; include("form.inc"); exit(); } } if (!ereg("^.+@.+\\..+$",$email)) { unset($_GET['do']); $message_new = "<p><font color=#ff0000>$email is not a valid email address. Please try again.</font></p>"; include("form.inc"); exit(); } /* check to see if login name already exists */ $sql = "SELECT loginName FROM Member WHERE loginName='$newname'"; $result = mysql_query($sql) or die("Couldn't execute query."); $num = mysql_numrows($result); if ($num > 0) { unset($_GET['do']); $message_new = "<p><font color=#ff0000>$newname already used. Select another Member ID.</font></p>"; include("form.inc"); exit(); } else { $today = date("Y-m-d"); $sql = "INSERT INTO Member (loginName,createDate, password,firstName,lastName,street,city, state,zip,phone,fax,email) VALUES ('$newname','$today','$newpass', '$firstName', '$lastName','$street','$city', '$state','$zip','$phone','$fax','$email')"; mysql_query($sql); $_SESSION['auth']="yes"; $_SESSION['logname'] = $newname; /* send email to new member */ $emess = "A new Member Account has been setup. "; $emess.= "Your new username and password are: "; $emess.= "\n\n\tUsername: $newname\n\t Password: $password\n\n"; $emess.= "If you have any questions or problems,"; $emess.= " email xxx@xxx.com"; $ehead="From: xxx@xxx.com\r\n"; $subj = "Your new Member Account"; $mailsend=mail("$email","$subj","$emess","$ehead"); header("Location: New_member.php"); } break; default: include("form.inc"); } ob_end_flush(); ?> </div> </div> </div> </body> </html> Here's the Form code if needed <?php include("states.inc"); ?> <style type="text/css"> <!-- .style1 {color: #FF0000} --> </style> <table width="100%" border="0" align="center" cellpadding="0" cellspacing="0"> <tr> <td width="35%" valign="top"> <p><h1>Member Login</h1></p> <form action="Login.php?do=login" method="POST"> <table border="0"> <?php if (isset($message)) echo "<tr><td colspan='2'>$message </td></tr>"; ?> <tr><td align=left> <p align="right"><b>Username</b> </p> </td> <td width="162"><input type="text" name="fusername" size="20" maxsize="20"> </td></tr> <tr><td width="78" align="left"> <p align="right"><b>Password</b></p> </td> <td><input type="password" name="fpassword" size="20" maxsize="20"></td></tr> <tr><td align="left"> </td> <td align="left"><p><a href="ForgotPassword.php">Forgot Password</a></p> </td> </tr> <tr> <td align="left" colspan="2"><input type="submit" name="log" value="Enter"></td> </tr> </table> </form> </td> <td width="65%"> <p><h1>Register</h1> </b> <!-- form for new member to fill in --> <form action="Login.php?do=new" method="POST"> <table border="0"> <?php if (isset($message_new)) echo "<tr><td colspan='2'>$message_new </td></tr>"; ?> <tr> <td align="right"><p><b><span class="style1">*</span>Username</b></p></td> <td><input type="text" name="newname" value="<?php echo @$newname ?>" size="20" maxlength="20"></td></tr> <tr><td align="right"><p><b><span class="style1">*</span>Password</b></p></td> <td><input type="password" name="newpass" value="<?php echo @$newpass ?>" size="10" maxlength="8"></td></tr> <tr><td align="right"><p><b><span class="style1">*</span>First Name</b></p></td> <td><input type="text" name="firstName" value="<?php echo @$firstName ?>" size="40" maxlength="40"></td></tr> <tr> <td align="right"><p><b><span class="style1">*</span>Last Name</b></p></td> <td><input type="text" name="lastName" value="<?php echo @$lastName ?>" size="40" maxlength="40"></td></tr> <tr> <td align="right"><p><b><span class="style1">*</span>Street</b></p></td> <td><input type="text" name="street" value="<?php echo @$street ?>" size="55" maxlength="50"></td></tr> <tr> <td align="right"><p><b><span class="style1">*</span>City</b></p></td> <td><input type="text" name="city" value="<?php echo @$city ?>" size="40" maxlength="40"></td></tr> <tr> <td align="right"><p><b><span class="style1">*</span>State</b></p></td> <td> <p> <select name="state"> <?php $stateName=getStateName(); $stateCode=getStateCode(); for ($n=1;$n<=50;$n++) { $state=$stateName[$n]; $scode=$stateCode[$n]; echo "<option value='$scode'"; if ($scode== "AL") echo " selected"; echo ">$state\n"; } ?> </select> <span class="style1">*</span><b>Zip</b> <input type="text" name="zip" value="<?php echo @$zip ?>" size="10" maxsize="10"> </p></td> </tr> <tr> <td align=right><p><b><span class="style1">*</span>Phone</b></p></td> <td><input type="test" name="phone" value="<?php echo @$phone ?>" size="15" maxlength="20"> <!-- <b>Fax</b> <input type="text" name="fax" value="<?php echo @$fax ?>" size="15" maxlength="20"></td></tr> --> <tr> <td align=right><p><b><span class="style1">*</span>Email</b></p></td> <td><input type="test" name="email" value="<?php echo @$email ?>" size="55" maxlength="67"></td></tr> <tr> <td colspan="2"> <p><b><span class="style1">*</span></b><span class="style1"> required</span> </p> <p> <input type="submit" value="Become a Member"> </p></td></tr> </table> </form> </td> </tr> </table> Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/#findComment-266524 Share on other sites More sharing options...
MadTechie Posted June 1, 2007 Share Posted June 1, 2007 OK i think the problem is here if ($num2 > 0) // password is correct { $_SESSION['auth']="yes"; $logname=$_POST['fusername']; $_SESSION['logname'] = $logname; $today = date("Y-m-d h:i:s"); $sql = "INSERT INTO Login (loginName,loginTime) VALUES ('$logname','$today')"; mysql_query($sql) or die("Can't execute query."); //<---HERE header("Location: Member_page.php"); } Try commenting it out and see if the 2nd login works (were resolve the problem if this is it but we need to check to see if this is the problem first) also add some error checking change mysql_query($sql) or die("Can't execute query."); //<---HERE to #mysql_query($sql) or die(mysql_error()); //<---HERE if it works remove the # and try again.. and post the error Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/#findComment-266526 Share on other sites More sharing options...
tqla Posted June 1, 2007 Author Share Posted June 1, 2007 Thank you! thank you! thank you MadTechie! It wasn't the if ($num2 > 0) part but I took your advice and added the Error Checking and it turned out that my table was called Login not login (caps thing). Thanks again. Whew. Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/#findComment-266538 Share on other sites More sharing options...
MadTechie Posted June 1, 2007 Share Posted June 1, 2007 I was refering to the mysql_query part, i just included the whole block to make it easier to find, great job and remember mysql_error() is you friend, Well done and Happy PHPing Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/#findComment-266545 Share on other sites More sharing options...
tqla Posted June 1, 2007 Author Share Posted June 1, 2007 Oh. I see. Well you absolutely right. Thanks again. Quote Link to comment https://forums.phpfreaks.com/topic/53904-solved-wierd-login-behavior/#findComment-266554 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.