Jump to content


Photo

Login script problems


  • Please log in to reply
No replies to this topic

#1 rudy507

rudy507
  • Members
  • Pip
  • Newbie
  • 8 posts

Posted 18 May 2006 - 02:19 PM

hey all,
I'm having a pretty big problem with a login script that I can't figure out.

The login page is here: [a href=\"http://www.areacodebook.com/login.php\" target=\"_blank\"]www.areacodebook.com/login.php[/a]

Here's the issue: You you try to login to a personal account (first name & last name), the script works perfectly. If it is a valid login, where the names & passwords match up, the person logs in and goes to the control panel just fine. If it is invalid, the person is not able to get in.

Here's where it gets strange. If you try to login to a business account, if it is a valid login, then you are logged in just fine - BUT for some reason, you are directed to the personal control panel. (Actually, the business & personal control panel are on the same php script - I'm just using a lot of if/else statements to figure out what type of account the person is using).

If it is an INvalid login, the first time it fails. But if you try to login again with the same invalid login info, my script thinks that it is a valid login (and takes you to the personal control panel section of the script).

Of course, b/c it's an invalid login AND because it's taking you to the wrong section, when you try to login as a business, one of the tests that I'm running to try to narrow this down - outputting the User ID number - the ID is blank.

If this is confusing, maybe the following code will help you. I have copied the code for login.php as well as control.php.

Any help would be appreciated.

Thanks,
David

login.php:
<?PHP
// ini_set('error_reporting', E_ALL);
// ini_set('display_errors', true);

require('library.php');
if (isset($_SESSION['fname']) && isset($_SESSION['bname'])) {

    unset($_SESSION['fname']);
    unset($_SESSION['bname']);
    $relogin = 'true';
}
else if (isset($_SESSION['fname']) || isset($_SESSION['bname'])) {
       header("Location: control.php");
    exit();
    }
else {
     $verlogin = isset($_POST['login']) ? $_POST['login'] : "";

     if ($verlogin == 'submitted') {


     if ($_POST['fname'] && $_POST['bname']) {
         $duplicate = 'yes';
     }
     else {
        if (!empty($_POST['fname'])) {
             $fname = $_POST['fname'];
             $lname = $_POST['lname'];
             $password = $_POST['password'];
             $qType = 'per';
            }
        else if (!empty($_POST['bname'])) {
            $bname = $_POST['bname'];
            $password = $_POST['password'];
            $qType = 'bus';
            }
        else {
            echo '<br /><b><center>We are sorry, but there seems to have been an error. Please contact us for assistance';
        }
       if ($qType=='per') {
            $password = md5($password);
            $sql = mysql_query("SELECT * FROM user WHERE fname='$fname' AND lname='$lname' AND password='$password'");
              if (!$sql) {
                echo 'Query failed. Error: ', mysql_error();
                exit();
                }
            }
        else if ($qType=='bus') {
            $password = md5($password);
            $sql = mysql_query("SELECT * FROM buser WHERE name='$bname' AND password='$password'");
            if (!$sql) {
                   echo 'Query failed. Error: ', mysql_error();
                   exit();
                }
            $_SESSION['bname'] = $_POST['bname'];
            }
        else {
            echo '<br /><b><center>We are sorry, but there seems to have been an error. Please contact us for assistance';
            exit();
        }
        $login_check = mysql_num_rows($sql);
        if($login_check > 0){
            while($row = mysql_fetch_array($sql)) {
            foreach( $row AS $key => $val ) {
                $$key = stripslashes( $val );
                }
           /* Testing purposes only
            echo "$fname";
            echo "$bname";
            exit();
           End Test */
            $_SESSION['bname'] = $bname;
            $_SESSION['fname'] = $fname;
            $_SESSION['lname'] = $lname;
            $_SESSION['email'] = $email;
            $_SESSION['user_id'] = $user_id;
            header("Location: control/control.php");
            exit();
            }
        }
        else {
            echo '<center><br /><b>You were not able to be logged in. Please verify that all required fields are filled in. If you need assistance, please contact us.</b><br /><br />';
            echo '<hr></center>';
            }
        }
      }
    }
?>

control.php
    <?PHP

        // Testing Purposes Only
        // echo $_SESSION['fname'];
        // echo $_SESSION['bname'];
        //

        if (isset($_SESSION['fname'])) {
            echo '<center><h2><b><u>User Control Panel</u></h2></center>';
            echo 'Hello, '.$_SESSION['fname'].' '.$_SESSION['lname'].'! You are now logged in.<br /><br /><hr>';
            /* echo 'Your ID number is: '.$_SESSION['user_id'].'.<br />'; */
            echo 'Here you can do multiple actions, such as add a phone number. Just click on the links below!<hr><br /><br />';
            echo '<a class="class2" href="addphone.php">Add a phone number</a>&nbsp;•&nbsp;<a class="class2" href="addaddress.php">Add/Modify Mailing Address</a>
                <br /><br />
                <a class="class2" href="../logout.php">Logout of your control panel</a><br><br>';
            }
        else if (isset($_SESSION['bname'])) {
            echo '<center><h2><b><u>Business Control Panel</u></h2></center>';
            echo 'Hello, '.$_SESSION['bname'].'! You are now logged in.<br /><br /><hr>';
            // Testing
                echo 'Your ID number is: '.$_SESSION['user_id'].'.<br /><br /><hr>';
            // End Testing
            echo 'Here you can do multiple actions, such as add a phone number. Just click on the links below!<hr><br /><br />';
            echo '<a class="class2" href="addbizphone.php">Add a phone number</a>&nbsp;•&nbsp;<a class="class2" href="addbizaddress.php">Add/Modify Mailing Address</a>
            <br /><br />
            <a class="class2" href="../logout.php">Logout of your control panel</a><br><br>';
        }
        else {
            echo '<center><b>You currently are not logged in. Please <a class="class2" href="../login.php">login</a> now.<br></b></center>';
            }
    ?>

Thanks,
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users