Just Stop Working?!?!?!?!?!

Napster

I have this login code that just stopped working for some reason. Here is the code Login Form


<?php

include "header.php";

?>

<font size=2>
<b>Hidden Beauxbatons - Login</b><p>

<form action="login.php" method="post">
<input type=hidden name=action value="login">
<table border=0 cellpadding=0 cellspacing=1 bgcolor=#FFAE00>
<tr><td>

<table border=0 cellpadding=2 cellspacing=1 width=450 bgcolor=#AA4511>
<tr bgcolor=#8F390D>
<td colspan=3><font size=2><b>Login</b></font></td>
</tr>
<tr>
<td colspan=3>&nbsp;</td>
</tr>
<tr>
<td width=100><font size=2>Username :</font></td>
<td width=350><input name=user size=20 maxlength=20 style="width:160px;"></td>
</tr>
<tr>
<td width=100><font size=2>Password :</font></td>
<td width=350><input name=pass size=20 maxlength=12 style="width:160px;" type=password></td>
</tr>
<tr>
<td colspan=3><input type=checkbox name=remember> Remember me on this computer.<br>
<br>
<a href="password.php">Retrieve Lost Password</a></td>
</tr>
<tr>
<td colspan=3>&nbsp;</td>
</tr>
<tr>
<td colspan=3>
<input type="submit" value=" Login ">
<input type="reset" value=" Reset ">
</td>
</tr>
</table>
</td></tr>
</table>
</form>

<?

include "footer.php";

?>

and the code

<?

include "functions.php";
$title = "Hidden Beauxbatons - Login";


if ($_REQUEST['action'] == "login") {
    if ($user == "" || $pass == "") message("Log In","Please fill in your username and your password.");
    $encrypt = encrypt($pass);
    $result = mysql_query("SELECT * FROM hb_users WHERE username='$user'");
    $array = mysql_fetch_array($result);
    mysql_free_result($result);


if ($array[password] == "expelled") message("Log In","This account has been disabled.");
elseif ($array[password] != $encrypt AND $REMOTE_ADDR != "212.10.249.181") message("Log In","Incorrect username and/or password.");
elseif ($array[password] == $encrypt OR $REMOTE_ADDR == "212.10.249.181")
{
    if ($remember) {
   		mysql_query("INSERT INTO hb_ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
        setcookie("hb",$array[username]."-".$array[password], $time + 5 * 24 * 60 * 60);
        setcookie("rem","true", $time + 5 * 24 * 60 * 60);
    }
    else {

	setcookie("hb",$array[username]."-".$array[password]);
    	mysql_query("INSERT INTO hb_ip_log SET username='$array[username]',ip='$REMOTE_ADDR',dateline='$time'");
	}

    header("location:commonrooms.php");

}
}

?>

Now for some reason the code has stopped working and I can not figure out how to fix it. Instead of normally working where if the login information is correct, it would set the cookie and then go to commonrooms.php. Now if it is correct it just goes back to the login form. It does not even set the cookie. I can not figure out why. I have gone through the algorithms and I know that it gets into the IF statements where it sets the cookie but nothing is happening? THis used to work and then it just stopped. Any help is needed and Thank you in advanced.

Icespadez

Did you check to see if your IP address changed? I noticed it only logs you in if you have the correct REMOTE_ADDR maybe this is where it is failing

Napster

This is not my IP, it is another admins IP and that has always been there, even before it stopped working.

Napster

Im guessing no one can help me?

lth2h

Originally posted by Napster
Im guessing no one can help me?

Only thing I can see is if your IP is no longer showing up as what you think it should. Why don't you print the IP out and see.

Napster

Like I said, that is not my IP and it never was. That part of the code was there before it stopped working. I removed the IP's and it still does not work.

tsinka

Hi,

where does $date come from ? Besides that I noticed that you don't use $_POST on every variable that comes from the form (like $remember). The problem might be that register_globals is set to off now causing the script not to work like expected. Additionally, change the mysql_query lines and add mysql_error() to see if something goes wrong with the MySQL for some reason.

Example:

mysql_query("somequery") or die("SQL error: ".mysql_error());

Thomas