...

View Full Version : Login script doesn't insert row and calculate right + feedback on the scrip itself..



oskare100
01-03-2007, 10:31 PM
Hello,
I'm having two problems with my login "check" script. The first problem is that nothing is inserted in the login_logs_tbl and the ip_logs_tbl. The second problem is that the "$new_num_logins = $current_num_logins[0] + 1;" part doesn't work, it just inserts "1" all the time regardless of the $current_num_logins[0].

I would also appreciate any feedback on the login script itself. Structure and content and so on..

Here is the code;

<?php
include 'db_info.php';
// Connect to server and select databse.
mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$vusername=$_POST['vusername'];
$vpassword=$_POST['vpassword'];

$sql="SELECT * FROM $user_tbl WHERE username='$vusername' and password='$vpassword'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $vusername and $vpassword, table row must be 1 row

if($count==1){
$sql3="SELECT user_id FROM $user_tbl WHERE username='$vusername' and password='$vpassword'";
$result3=mysql_query($sql3);
$vuserid = mysql_fetch_array($result3);

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("vusername");
session_register("vpassword");

// The current time (for logs)
$date = date("H:i:s M j, Y");

// The current unix timestamp (for logs)
$timestamp = time();

// Log the login in the ip log table
$sql5="INSERT INTO $login_logs_tbl (user_id, ip, logged_date, logged_timestamp) VALUES(".$vuserid[0].", '".$_SERVER['REMOTE_ADDR']."', $date, $timestamp)";
$result5=mysql_query($sql5);

// Set the latest login in the user table
$sql8="UPDATE $user_tbl SET (latest_login_date, latest_login_timestamp) VALUES ($date, $timestamp) where user_id = ".$vuserid[0]."";
$result8=mysql_query($sql8);

// Add 1 to the number of logins in the user table
$sql2 = "select num_logins from $user_tbl where user_id = '$vuserid'";
$result2 = mysql_query($sql2) or die( mysql_error() );
$current_num_logins = mysql_fetch_array($result2);
$new_num_logins = $current_num_logins[0] + 1;
$sql9="UPDATE $user_tbl SET num_logins = '$new_num_logins' where user_id = ".$vuserid[0]."";
$result9=mysql_query($sql9);
echo "$new_num_logins";

// Check if the IP is already logged in the database
$sql22 = "select user_id from $ip_logs_tbl where user_id = ".$vuserid[0]." and ip = '".$_SERVER['REMOTE_ADDR']."'";
$result22 = mysql_query($sql22) or die( mysql_error() );
$row = mysql_fetch_array($result22);
if ($row['user_id'] == ".$vuserid[0].") {

// It's an old ip for that user - change the latest login date
$sql12="update $ip_logs_tbl set (latest_date, latest_timestamp) values ($date, $timestamp) where ip = '".$_SERVER['REMOTE_ADDR']."'";
$result11=mysql_query($sql12);

}
else {
// It's a new IP for that user - log it
$sql10="INSERT INTO $ip_logs_tbl (ip, user_id, latest_date, latest_timestamp) VALUES('".$_SERVER['REMOTE_ADDR']."', ".$vuserid[0].", $date, $timestamp)";
$result10=mysql_query($sql10);

// And add 1 to the number of different IPs in the user table
$sql4 = "select num_ips from $user_tbl where user_id = ".$vuserid[0]."";
$result4 = mysql_query($sql4) or die( mysql_error() );
$current_num_ips = mysql_fetch_array($result2);
$new_num_ips = $current_num_ips[0] + 1;
$sql11="UPDATE $user_tbl SET num_ips = '$new_num_logins' where user_id = ".$vuserid[0]."";
$result11=mysql_query($sql11);

}
echo "logged in";
}
else {
echo "Wrong Username or Password";
}
?>


Thanks,
/Oskar

CFMaBiSmAd
01-03-2007, 11:01 PM
A number of your mysql_query(...) statements don't have any error checking and reporting. All of them should have -

or die( mysql_error() );

I notice that several of the table names in the queries are contained in variables. Have these variables been set? I recommend echoing your query strings to make sure that they contain the expected contents.

oskare100
01-07-2007, 01:32 PM
Hello,
I've changed it to this now (error reporting included in all mysql_query() now);

<?php
include 'db_info.php';
// Connect to server and select databse.
mysql_connect("$sqlhost", "$sqlusername", "$sqlpassword")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");

// username and password sent from signup form
$vusername=$_POST['vusername'];
$vpassword=$_POST['vpassword'];

$sql="SELECT * FROM $user_tbl WHERE username='$vusername' and password='$vpassword'";
if ($result=mysql_query($sql) or die( mysql_error() )) {

if(mysql_num_rows($result) == 1) {
// If result matched $vusername and $vpassword, table row must be 1 row
$row = mysql_fetch_assoc($result);
$vuserid = $row['user_id'];

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("vusername");
session_register("vpassword");

// Log the login in the ip log table
$sql="INSERT INTO $login_logs_tbl (user_id, ip, logged) VALUES('$vuserid', '".$_SERVER['REMOTE_ADDR']."', CURRENT_DATE, NOW())";
mysql_query($sql) or die( mysql_error() );

// Set the latest login in the user table
$sql="UPDATE $user_tbl SET (latest_login, num_logins) VALUES (CURRENT_DATE, NOW(),num_logins+1) where user_id = '$vuserid'";
mysql_query($sql) or die( mysql_error() );

// Check if the IP is already logged in the database
$sql="update $ip_logs_tbl set (latest) values (CURRENT_DATE, NOW()) where ip = '".$_SERVER['REMOTE_ADDR']."' AND user_id='$vuserid'";
mysql_query($sql) or die( mysql_error() );
if (mysql_affected_rows() == 0) {
// It's a new IP for that user - log it
$sql="INSERT INTO $ip_logs_tbl (ip, user_id, latest) VALUES('".$_SERVER['REMOTE_ADDR']."', '$vuserid', CURRENT_DATE, NOW())";
mysql_query($sql) or die( mysql_error() );

// And add 1 to the number of different IPs in the user table
$sql="UPDATE $user_tbl SET num_ips = num_ips+1 where user_id = '$vuserid'";
mysql_query($sql) or die( mysql_error() );
}
echo "logged in";
} else {
echo "Wrong Username or Password";
}
}
?>

But I get the error;


Warning: session_register(): Cannot send session cookie - headers already sent by (output started at .../tests/checklogin.php:1) in .../tests/checklogin.php on line 20

Warning: session_register(): Cannot send session cache limiter - headers already sent (output started at .../tests/checklogin.php:1) in .../tests/checklogin.php on line 20
Column count doesn't match value count at row 1

I don't get that, isn't it the session_register that registers the session? And what headers is it talking about?

Thanks in advance,
/Oskar R

marek_mar
01-07-2007, 02:18 PM
You should assign variables to the $_SESSION array directly rather than using session_register().

whizard
01-07-2007, 02:20 PM
You need to start your sessions before any output is sent to the page... Is this file a standalone file, or is it included in a page where output has already been sent to the page?


If session_start() was not called before this function is called, an implicit call to session_start() with no parameters will be made.

Therefore, if output has already been sent to the page and you haven't already called session_start(), it calls it when you call session_register(), which triggers the error.

If that is the case, you need to call session_start() before any output has been sent to the page.

HTH
Dan



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum