Jump to content

[SOLVED] MySQL Authentication


bschultz

Recommended Posts

I need to write an authentication script.  Here are the details:

 

I run a site that streams audio broadcasts of college sports games.  The listener needs to purchase the subscription.  I have  shopping cart setup to handle the sales.  The cart writes everything to a database.  The listener (customer) can purchase a single days "ticket" or the "season ticket" so that they can listen to EVERY game. 

 

The authentication will allow the listener in to the "listen" page (that has an embedded player) only if they've purchased the subscription.  The cart doesn't have a "products" field so I can't check against the product ID to see if they have purchased the single day "ticket" or the "season" ticket.  Here's where I need some help.

 

I need to check the database (for a single day ticket) so that if the email_address field of the DB exists and the date_purchased field equals the current date, it will authenticate the user.  If not, it ships them off to the shopping cart.  ONE NOTE...THE DATE PURCHASED FIELD IN THE DB IS CURDATE + TIME (2007-06-06 23:45:15).  I'd need to check against the date...not the time.

 

Also, I need to check the DB (for a season ticket) so that if the email_address field of the DB exists and the order_total equals 75.00, it will authenticate the user.  If not, it ships them off to the shopping cart. 

 

Can anyone point me in the right direction?  Thanks.

 

Brian

Link to comment
Share on other sites

Here's what I've come up with...and it doesn't work.  Parse error on line 33...expecting a "(" on this line

 

if order_total = "75.00" {

 

Can someone tell me if I'm even in the close to getting this right?  Thanks!

 

<?php

$conn1 = mysql_connect(localhost,xxx,xxx);

if (!$conn1) {
   echo "Unable to connect to DB: " . mysql_error();
   exit;
}

if (!mysql_select_db("cart")) {
   echo "Unable to select mydbname: " . mysql_error();
   exit;
}
$sql1 = "SELECT customers_email_address, date_purchased, order_total FROM orders WHERE customers_email_address = '$_POST[myemail]'";

$result1 = mysql_query($sql1);

if (!$result1) {
   echo "Could not successfully run query ($sql1) from DB: " . mysql_error();
   exit;
}

if (mysql_num_rows($result1) == 0) {
   
echo '<meta http-equiv=Refresh content=1;url="error.php">';

   
}


while ($row1 = mysql_fetch_assoc($result1)) {

   if order_total = "75.00" {
session_start();
echo "<meta http-equiv=Refresh content=1;url='listen2.php'>";   
}

if order_total = "5.00" {
if date_purchased = CURDATE {
session_start();
echo "<meta http-equiv=Refresh content=1;url='listen2.php'>";   
} 
}}
mysql_free_result($result1);

?>

Link to comment
Share on other sites

CURDATE is a MySQL function...like I said in my original post, I didn't know how to change the date in the cart DB to strip the time...I was trying to see what CURDATE would return.

 

As for the rest of your suggestion, that seemed to work...but I must not be writing this correctly, because it didn't return the results I wanted.

 

<?php

$conn1 = mysql_connect(localhost,xxx,xxx);

if (!$conn1) {
   echo "Unable to connect to DB: " . mysql_error();
   exit;
}

if (!mysql_select_db("cart")) {
   echo "Unable to select mydbname: " . mysql_error();
   exit;
}
$sql1 = "SELECT customers_email_address, date_purchased, order_total FROM orders WHERE customers_email_address = '$_POST[myemail]'";

$result1 = mysql_query($sql1);

if (!$result1) {
   echo "Could not successfully run query ($sql1) from DB: " . mysql_error();
   exit;
}

if (mysql_num_rows($result1) == 0) {
   
echo '<meta http-equiv=Refresh content=1;url="error.php">';

   
}


while ($row1 = mysql_fetch_assoc($result1)) {

   if ($order_total = "75.00") {
session_start();
echo "<meta http-equiv=Refresh content=1;url='listen2.php'>";   
}

if ($order_total = "5.00") {
if ($date_purchased = (CURDATE)) {
session_start();
echo "<meta http-equiv=Refresh content=1;url='listen2.php'>";   
} 
}}
mysql_free_result($result1);

?>

 

If I enter the correct email address, it logs me in...no matter what is in $date_purchased. 

Link to comment
Share on other sites

OK...I split this into 2 queries...and it still turns up false...I've even tried removing the CURDATE reference in the 2nd query for testing purposes, and it still turns up false.

 

<?php
session_start();

$conn1 = mysql_connect(localhost,xxx,xxx);

if (!$conn1) {
   echo "Unable to connect to DB: " . mysql_error();
   exit;
}

if (!mysql_select_db("cart")) {
   echo "Unable to select mydbname: " . mysql_error();
   exit;
}
$sql1 = "SELECT customers_email_address, date_purchased, order_total FROM orders WHERE customers_email_address = '$_POST[myemail]' AND order_total = '75.00'";

$result1 = mysql_query($sql1);

if (!$result1) {
   echo "Could not successfully run query ($sql1) from DB: " . mysql_error();
   exit;
}

if (mysql_num_rows($result1) == 0) {
   
//echo '<meta http-equiv=Refresh content=1;url="error.php">';
echo "You are not subscribed to the Season Ticket...but I'll check to see if your ticket is for today's game<br><br>";
   
}


while ($row1 = mysql_fetch_assoc($result1)) {


echo "Your season ticket is valid...enjoy the game...<meta http-equiv=Refresh content=1;url='listen2.php'>";   
}


mysql_free_result($result1);


$sql2 = "SELECT customers_email_address, date_purchased, order_total FROM orders WHERE customers_email_address = '$_POST[myemail]' AND order_total = '5.00' AND date_purchased = CURDATE";

$result2 = mysql_query($sql1);

if (!$result2) {
   echo "Could not successfully run query ($sql2) from DB: " . mysql_error();
   exit;
}

if (mysql_num_rows($result2) == 0) {
   
//echo '<meta http-equiv=Refresh content=1;url="error.php">';
echo "You are not subscribed to the daily ticket for today...please purchase one to listen.  I'll redirect you soon... <meta http-equiv=Refresh content=10;url='/shop/'>";
   
}


while ($row2 = mysql_fetch_assoc($result2)) {


echo "Your single day ticket is valid...enjoy the game...<meta http-equiv=Refresh content=1;url='listen2.php'>";   
}


mysql_free_result($result2);

?>

Link to comment
Share on other sites

I tried to just test the query for the "single day ticket".  I changed the CURDATE to CURRENT_DATE:  Still turns up false:

 

<?php
session_start();

$conn1 = mysql_connect(localhost,xxx,xxx);

if (!$conn1) {
   echo "Unable to connect to DB: " . mysql_error();
   exit;
}

if (!mysql_select_db("cart")) {
   echo "Unable to select mydbname: " . mysql_error();
   exit;
}
$sql1 = "SELECT customers_email_address, date_purchased, order_total FROM orders WHERE customers_email_address = '$_POST[myemail]' AND order_total = '5.00' AND date_purchased >= 'CURRENT_DATE():00:00:00' and date_purchased <= 'CURRENT_DATE():23:59:59;'";

$result1 = mysql_query($sql1);

if (!$result1) {
   echo "Could not successfully run query ($sql1) from DB: " . mysql_error();
   exit;
}

if (mysql_num_rows($result1) == 0) {
   
//echo '<meta http-equiv=Refresh content=1;url="error.php">';
echo "You are not subscribed to the Season Ticket...but I'll check to see if your ticket is for today's game<br><br>";
   
}


while ($row1 = mysql_fetch_assoc($result1)) {


echo "Your season ticket is valid...enjoy the game...<meta http-equiv=Refresh content=1;url='listen2.php'>";   
}


mysql_free_result($result1);


?>

Link to comment
Share on other sites

The format of the cart DB is 2007-06-07 06:12:33

 

So, with that code

date_purchased >= 'CURRENT_DATE():00:00:00' and date_purchased <= 'CURRENT_DATE():23:59:59;'";

I'm trying to check that if the person has purchased the "single game ticket" today, they would be authenticated

 

Thanks for the help!

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.