User Auth script problems.

neveriwas

I am not sure why, but in this script, I can't seem to get the login portion to work as it tells me that the username doesn't exist. Even though I know it does. And also, it wont check the database for an existing username when I sign up. I think I might have a logical problem in here that I am not seeing. I am using the ADODB wrapper as well.

Thanks!

session_start();
	session_register('auth');
	session_register('logname');
	include("universalconst.inc.php");
	include("adodb360/adodb.inc.php");
	switch (@$do)
	{
	  case "login":
		$db = ADONewConnection("$mysql");
		$db->Connect($host, $user, $password, $database_name);
		$result = $db->GetOne("SELECT loginname FROM $memberstbl WHERE loginname='$fusername'");
		//$num = mysql_num_rows($result);
		if ($result == 1) 								//login name was found
		{
			$result = $db->GetOne("SELECT loginname FROM $memberstbl WHERE loginname='$fusername' AND password=password('$fpassword')") 
			or die ("Error in query: $result" . $db->ErrorMsg() );
			//$num = mysql_num_rows($result);
			if ($result > 0)							//password is correct
			{
				$auth="yes";
				$logname=$fusername;
				$today = date ("Y-m-d h:m:s");
				$query = $db->Execute("INSERT INTO $logontbl (loginname,logintime) VALUED ('$logname','$today')") 
				or die ("Error in query: $query" . $db->ErrorMsg() );
				header("Location: index.php");
			}	
			else 								//password is not correct
			{
				unset($do);
				$message = "The Login Name, '$fusername' exists but the password you entered is wrong. Please try again.<br>";
				include("login_form.php");
			}
		}
		elseif ($num == 0) 							//login name not found
		{
			unset($do);
			$message = "The Login Name you entered does not exist. Please try again.<br>";
			include("login_form.php");
		}
	break;

case "new":
	foreach($HTTP_POST_VARS as $key => $value)
	{
		if ($key != "realname")
		{
			if ($value == "")
			{
				unset($do);
				$message_new = "Required information is missing. Please try again.";
				include("login_form.php");
				exit();
			}
		}
		if (ereg("{Name)",$key))
		{
			if (!ereg("^[A-Za-z' -] {1,50}$",$key))
			{
				unset($do);
				$message_new = "$realname is not a valid name. Please type your correct name.";
				include ("login_form.php");
				exit();
			}
		}
		$$key = strip_tags(trim($value));
	}

	if (!ereg("^.+@.+\\..+$",$email))
	{
		unset($do);
		$message_new = "$email is not a valid e-mail address. Please try again.";
		include("login_form.php");
		exit();
	}

	 	$db = ADONewConnection("$mysql");
	 	$db->Connect($host, $user, $password, $database_name);
		$result = $db->GetOne("SELECT loginname FROM $memberstbl WHERE loginname='$fusername'");
		//$num = mysql_num_rows($result);
	if ($result > 0)
	{
		unset($do);
		$message_new = "$newname already used. Select another username."; //Username already exists
		include("login_form.php");
		exit();
	}
	else
	{
	 	$today = time("Y-m-d");
		$result = $db->Execute("INSERT INTO $memberstbl (loginname,signedup,password,realname,email) VALUES
			('$newname','$today',password('$newpass'),'$realname','$email')") 
			or die ("Error in query: $result" . $db->ErrorMsg() );
		$auth = "yes";
		$logname = $newname;
		header("Location: Member.php");
			//e-mail confirmation can go here	
	}
	break;

	default:
		include("login_form.php");
}

Frederick

Try and see if this gets you on the right path.

$sql = mysql_query("SELECT * FROM $memberstbl WHERE loginname='$fusername' AND password='$fpassword' ")
or die(mysql_error());

if (mysql_numrows($sql)) {
$p = mysql_fetch_array($sql);

if ($p["loginname"] == $fusername && $p["password"] == $fpassword) {
    echo "Do something";
} else {
    echo "Login information was incorrect";
}
} else {
    echo "No user found";
}

neveriwas

I can't mix Mysql calls with ADODB calls. And I need to use ADODB.

Prior to converting to ADODB, I was using what you had suggested. So that does work. However, in the near future this script will need to be able to be instantly ported to various other databases and also have simultaneous database connections. These are some of the things that ADODB can offer. Documentation, on the other hand, has MUCH to be desired.
🙁

daphreeek

In all your querys you have a '$' infront of the table name - should that be there? where did you set those variables? If they are just the name and infact not variables set previously, then get rid of the '$'

Matt

neveriwas

Yep, they are set. The error reports the correct table in the mysql error that it gets. So I know it's passing correctly. :-)

What is posted is a code snip of the larger script where I am having trouble.