Login script acting weird

pinehead18


$lastlogon = date("l, M, d");
 $pass = md5($pass);
          $sql = "SELECT * FROM users where user='$uname' and pass='$pass'";
        $result =  mysql_query($sql);
        $row =  mysql_fetch_array($result);

    if ($row["user"] == $uname && $row["pass"] ==
$pass) {
        $lastlogon = date("l, M, d");
        setcookie ("user", $uname, time()+604800, "/", ".l.com", "0");
        $sqll = "UPDATE users SET last_logon='$lastlogon' WHERE user='".$_POST['uname']."";
        mysql_query($sqll);
        header("location: mypage");
        echo $sqll;
        } else {
         //header("LOCATION: [url]http://www.l.com/[/url]");
        echo $lastlogon;
        echo $sqll;
}

Ok this script has no problem loggin in and setting the cookie. However it does not update the users and set last_logon to equal $lastlogon.

Any ideas?
Thanks
Anthony

LordShryku

Difference between your two queries is that in the first one, you use $uname, in the second one, you use $_POST['uname']. Any difference?

pinehead18

No diffrence they are the same $uname. Comming from the same input. You think that could be cuasing the problem?

LordShryku

Well, maybe. But you're also missing the ' after $_POST['unmae'] in the second query.

pinehead18

notice how i echo $sqll ?? Well it will not echo anything. Like it isn't even performing the statement.

pinehead18

in fact if i echo "didn't work" in the last else statement It says it didn't work. Yet it sets the cookie WTF is going on

LordShryku

Time for mass debugging. Try this:

$lastlogon = date("l, M, d");
$pass      = md5($pass);
$sql       = "SELECT * FROM users where user='$uname' and pass='$pass'";
$result    =  mysql_query($sql);
$row       =  mysql_fetch_array($result);
if ($row["user"] == $uname && $row["pass"] == $pass) {
   $lastlogon = date("l, M, d");
   if(setcookie("user",$uname,time()+604800,"/",".l.com","0")) {
      $sqll = "UPDATE users SET last_logon='$lastlogon' WHERE user='".$_POST['uname']."'";
      if(mysql_query($sqll)) {
         echo "Updated user!";
      }
      else {
         echo "Couldn't update user<br />".$sqll."<br />".mysql_error();
      }
   }
   else {
      echo "Couldn't set cookie";
   }
}
else {
   echo "User or pass doesn't match";
}

pinehead18

says user or pass dont' math WTF how come it logs it in and set the cookie then.

Dang this blows lol

LordShryku

Okay, so let's add to that statement. Change
else {
echo "User or pass doesn't match";

to this

else {
   echo "User or pass doesn't match
         <br />DB User: ".$row["user"]."
         <br />Submitted User: ".$uname."
         <br />DB Pass: ".$row["pass"]."
         <br />Submitted Pass: ".$pass;

Let's compare those, see if they really do match...

pinehead18

for db user and db pass it shows them both as blank

LordShryku

Ok, echo your first query to the screen. You don't by chance have register_globals off do you?

pinehead18

however when icheck to see what the pass is.. For the form. it shows
839d7228b5ccc60e54455093a966b8c2
and the db shows 986376f97b0e8744ff073c6402dd38ec for the pass

Yet i know they are the same..
Ideas?

pinehead18

NO when i echo it it shows the right sql statement. It seems our problem is lying within the password fields

pinehead18

Seems i might have fixed it.

Thank you so much for your help. If it wern't for your "clean" code i would have been in some huge trouble.

LordShryku

What was the problem? I'm curious....