hey all,
I'm having a pretty big problem with a login script that I can't figure out.
The login page is here: www.areacodebook.com/login.php
Here's the issue: You you try to login to a personal account (first name & last name), the script works perfectly. If it is a valid login, where the names & passwords match up, the person logs in and goes to the control panel just fine. If it is invalid, the person is not able to get in.
Here's where it gets strange. If you try to login to a business account, if it is a valid login, then you are logged in just fine - BUT for some reason, you are directed to the personal control panel. (Actually, the business & personal control panel are on the same php script - I'm just using a lot of if/else statements to figure out what type of account the person is using).
If it is an INvalid login, the first time it fails. But if you try to login again with the same invalid login info, my script thinks that it is a valid login (and takes you to the personal control panel section of the script).
Of course, b/c it's an invalid login AND because it's taking you to the wrong section, when you try to login as a business, one of the tests that I'm running to try to narrow this down - outputting the User ID number - the ID is blank.
If this is confusing, maybe the following code will help you. I have copied the code for login.php as well as control.php.
Any help would be appreciated.
Thanks,
David
login.php:
control.php
Thanks,
David
I'm having a pretty big problem with a login script that I can't figure out.
The login page is here: www.areacodebook.com/login.php
Here's the issue: You you try to login to a personal account (first name & last name), the script works perfectly. If it is a valid login, where the names & passwords match up, the person logs in and goes to the control panel just fine. If it is invalid, the person is not able to get in.
Here's where it gets strange. If you try to login to a business account, if it is a valid login, then you are logged in just fine - BUT for some reason, you are directed to the personal control panel. (Actually, the business & personal control panel are on the same php script - I'm just using a lot of if/else statements to figure out what type of account the person is using).
If it is an INvalid login, the first time it fails. But if you try to login again with the same invalid login info, my script thinks that it is a valid login (and takes you to the personal control panel section of the script).
Of course, b/c it's an invalid login AND because it's taking you to the wrong section, when you try to login as a business, one of the tests that I'm running to try to narrow this down - outputting the User ID number - the ID is blank.
If this is confusing, maybe the following code will help you. I have copied the code for login.php as well as control.php.
Any help would be appreciated.
Thanks,
David
login.php:
PHP:
<?PHP
// ini_set('error_reporting', E_ALL);
// ini_set('display_errors', true);
require('library.php');
if (isset($_SESSION['fname']) && isset($_SESSION['bname'])) {
unset($_SESSION['fname']);
unset($_SESSION['bname']);
$relogin = 'true';
}
else if (isset($_SESSION['fname']) || isset($_SESSION['bname'])) {
header("Location: control.php");
exit();
}
else {
$verlogin = isset($_POST['login']) ? $_POST['login'] : "";
if ($verlogin == 'submitted') {
if ($_POST['fname'] && $_POST['bname']) {
$duplicate = 'yes';
}
else {
if (!empty($_POST['fname'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$qType = 'per';
}
else if (!empty($_POST['bname'])) {
$bname = $_POST['bname'];
$password = $_POST['password'];
$qType = 'bus';
}
else {
echo '<br /><b><center>We are sorry, but there seems to have been an error. Please contact us for assistance';
}
if ($qType=='per') {
$password = md5($password);
$sql = mysql_query("SELECT * FROM user WHERE fname='$fname' AND lname='$lname' AND password='$password'");
if (!$sql) {
echo 'Query failed. Error: ', mysql_error();
exit();
}
}
else if ($qType=='bus') {
$password = md5($password);
$sql = mysql_query("SELECT * FROM buser WHERE name='$bname' AND password='$password'");
if (!$sql) {
echo 'Query failed. Error: ', mysql_error();
exit();
}
$_SESSION['bname'] = $_POST['bname'];
}
else {
echo '<br /><b><center>We are sorry, but there seems to have been an error. Please contact us for assistance';
exit();
}
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)) {
foreach( $row AS $key => $val ) {
$$key = stripslashes( $val );
}
/* Testing purposes only
echo "$fname";
echo "$bname";
exit();
End Test */
$_SESSION['bname'] = $bname;
$_SESSION['fname'] = $fname;
$_SESSION['lname'] = $lname;
$_SESSION['email'] = $email;
$_SESSION['user_id'] = $user_id;
header("Location: control/control.php");
exit();
}
}
else {
echo '<center><br /><b>You were not able to be logged in. Please verify that all required fields are filled in. If you need assistance, please contact us.</b><br /><br />';
echo '<hr></center>';
}
}
}
}
?>control.php
PHP:
<?PHP
// Testing Purposes Only
// echo $_SESSION['fname'];
// echo $_SESSION['bname'];
//
if (isset($_SESSION['fname'])) {
echo '<center><h2><b><u>User Control Panel</u></h2></center>';
echo 'Hello, '.$_SESSION['fname'].' '.$_SESSION['lname'].'! You are now logged in.<br /><br /><hr>';
/* echo 'Your ID number is: '.$_SESSION['user_id'].'.<br />'; */
echo 'Here you can do multiple actions, such as add a phone number. Just click on the links below!<hr><br /><br />';
echo '<a class="class2" href="addphone.php">Add a phone number</a> • <a class="class2" href="addaddress.php">Add/Modify Mailing Address</a>
<br /><br />
<a class="class2" href="../logout.php">Logout of your control panel</a><br><br>';
}
else if (isset($_SESSION['bname'])) {
echo '<center><h2><b><u>Business Control Panel</u></h2></center>';
echo 'Hello, '.$_SESSION['bname'].'! You are now logged in.<br /><br /><hr>';
// Testing
echo 'Your ID number is: '.$_SESSION['user_id'].'.<br /><br /><hr>';
// End Testing
echo 'Here you can do multiple actions, such as add a phone number. Just click on the links below!<hr><br /><br />';
echo '<a class="class2" href="addbizphone.php">Add a phone number</a> • <a class="class2" href="addbizaddress.php">Add/Modify Mailing Address</a>
<br /><br />
<a class="class2" href="../logout.php">Logout of your control panel</a><br><br>';
}
else {
echo '<center><b>You currently are not logged in. Please <a class="class2" href="../login.php">login</a> now.<br></b></center>';
}
?>Thanks,
David
Last edited:
