Jump to content

Archived

This topic is now archived and is closed to further replies.

rudy507

Login script problems

Recommended Posts

hey all,
I'm having a pretty big problem with a login script that I can't figure out.

The login page is here: [a href=\"http://www.areacodebook.com/login.php\" target=\"_blank\"]www.areacodebook.com/login.php[/a]

Here's the issue: You you try to login to a personal account (first name & last name), the script works perfectly. If it is a valid login, where the names & passwords match up, the person logs in and goes to the control panel just fine. If it is invalid, the person is not able to get in.

Here's where it gets strange. If you try to login to a business account, if it is a valid login, then you are logged in just fine - BUT for some reason, you are directed to the personal control panel. (Actually, the business & personal control panel are on the same php script - I'm just using a lot of if/else statements to figure out what type of account the person is using).

If it is an INvalid login, the first time it fails. But if you try to login again with the same invalid login info, my script thinks that it is a valid login (and takes you to the personal control panel section of the script).

Of course, b/c it's an invalid login AND because it's taking you to the wrong section, when you try to login as a business, one of the tests that I'm running to try to narrow this down - outputting the User ID number - the ID is blank.

If this is confusing, maybe the following code will help you. I have copied the code for login.php as well as control.php.

Any help would be appreciated.

Thanks,
David

[b]login.php:[/b]
[code]<?PHP
// ini_set('error_reporting', E_ALL);
// ini_set('display_errors', true);

require('library.php');
if (isset($_SESSION['fname']) && isset($_SESSION['bname'])) {

    unset($_SESSION['fname']);
    unset($_SESSION['bname']);
    $relogin = 'true';
}
else if (isset($_SESSION['fname']) || isset($_SESSION['bname'])) {
       header("Location: control.php");
    exit();
    }
else {
     $verlogin = isset($_POST['login']) ? $_POST['login'] : "";

     if ($verlogin == 'submitted') {


     if ($_POST['fname'] && $_POST['bname']) {
         $duplicate = 'yes';
     }
     else {
        if (!empty($_POST['fname'])) {
             $fname = $_POST['fname'];
             $lname = $_POST['lname'];
             $password = $_POST['password'];
             $qType = 'per';
            }
        else if (!empty($_POST['bname'])) {
            $bname = $_POST['bname'];
            $password = $_POST['password'];
            $qType = 'bus';
            }
        else {
            echo '<br /><b><center>We are sorry, but there seems to have been an error. Please contact us for assistance';
        }
       if ($qType=='per') {
            $password = md5($password);
            $sql = mysql_query("SELECT * FROM user WHERE fname='$fname' AND lname='$lname' AND password='$password'");
              if (!$sql) {
                echo 'Query failed. Error: ', mysql_error();
                exit();
                }
            }
        else if ($qType=='bus') {
            $password = md5($password);
            $sql = mysql_query("SELECT * FROM buser WHERE name='$bname' AND password='$password'");
            if (!$sql) {
                   echo 'Query failed. Error: ', mysql_error();
                   exit();
                }
            $_SESSION['bname'] = $_POST['bname'];
            }
        else {
            echo '<br /><b><center>We are sorry, but there seems to have been an error. Please contact us for assistance';
            exit();
        }
        $login_check = mysql_num_rows($sql);
        if($login_check > 0){
            while($row = mysql_fetch_array($sql)) {
            foreach( $row AS $key => $val ) {
                $$key = stripslashes( $val );
                }
           /* Testing purposes only
            echo "$fname";
            echo "$bname";
            exit();
           End Test */
            $_SESSION['bname'] = $bname;
            $_SESSION['fname'] = $fname;
            $_SESSION['lname'] = $lname;
            $_SESSION['email'] = $email;
            $_SESSION['user_id'] = $user_id;
            header("Location: control/control.php");
            exit();
            }
        }
        else {
            echo '<center><br /><b>You were not able to be logged in. Please verify that all required fields are filled in. If you need assistance, please contact us.</b><br /><br />';
            echo '<hr></center>';
            }
        }
      }
    }
?>
[/code]

[b]control.php[/b]
[code]
    <?PHP

        // Testing Purposes Only
        // echo $_SESSION['fname'];
        // echo $_SESSION['bname'];
        //

        if (isset($_SESSION['fname'])) {
            echo '<center><h2><b><u>User Control Panel</u></h2></center>';
            echo 'Hello, '.$_SESSION['fname'].' '.$_SESSION['lname'].'! You are now logged in.<br /><br /><hr>';
            /* echo 'Your ID number is: '.$_SESSION['user_id'].'.<br />'; */
            echo 'Here you can do multiple actions, such as add a phone number. Just click on the links below!<hr><br /><br />';
            echo '<a class="class2" href="addphone.php">Add a phone number</a>&nbsp;•&nbsp;<a class="class2" href="addaddress.php">Add/Modify Mailing Address</a>
                <br /><br />
                <a class="class2" href="../logout.php">Logout of your control panel</a><br><br>';
            }
        else if (isset($_SESSION['bname'])) {
            echo '<center><h2><b><u>Business Control Panel</u></h2></center>';
            echo 'Hello, '.$_SESSION['bname'].'! You are now logged in.<br /><br /><hr>';
            // Testing
                echo 'Your ID number is: '.$_SESSION['user_id'].'.<br /><br /><hr>';
            // End Testing
            echo 'Here you can do multiple actions, such as add a phone number. Just click on the links below!<hr><br /><br />';
            echo '<a class="class2" href="addbizphone.php">Add a phone number</a>&nbsp;•&nbsp;<a class="class2" href="addbizaddress.php">Add/Modify Mailing Address</a>
            <br /><br />
            <a class="class2" href="../logout.php">Logout of your control panel</a><br><br>';
        }
        else {
            echo '<center><b>You currently are not logged in. Please <a class="class2" href="../login.php">login</a> now.<br></b></center>';
            }
    ?>
[/code]

Thanks,
David

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.