Ok, so all of a sudden, my management system stopped working because of this error:
Please notify the admin that the script is connecting to the database, but not inserting the information Duplicate entry '127' for key 1
And there isnt a duplicate in the database.
This is where the error is said to echo:
login_script.php
<?
session_start();
include ("config.php");
//checking to see if you have any users in the database, if so, the script continues, if not, it stops and lets you know
$usersquery=mysql_query("SELECT username FROM users")
or die ("The query on the number of users didn't work. ".mysql_error());
if (mysql_num_rows($usersquery) == "0") {
print "Deleted all ".
"of the users. That's no good.<br><br>If you are not the admin of this site, please email him/her at <a href=\"mailto:$admin_address\">$admin_address</a> to let him/her know that you received the error message.";
exit();
}
$ip_address = "$REMOTE_ADDR";
//lock out option
//if you want people to be locked out after 3 incorrect logins set this as "1"
//if you don't want to used this option, set this as "0" in config.php
if ($iplockout == "1") {
$loginquery=mysql_query("SELECT * FROM logins WHERE ip_address = '$ip_address' AND incorrect")
or die ("ip_address check/logins check query didn't work ".mysql_error());
$logindata = mysql_fetch_object ($loginquery);
if (mysql_num_rows($loginquery) >= "4") {
print "You have been locked out. Too many incorrect logins from ip address: $ip_address";
exit();
}
}
$password = md5($password);
// If $username and $password are set, match data against users table
$query=mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'")
or die ("For some reason the script wasn't able to check the username/password. ".mysql_error());
// If num_rows from users table = 1, set session variables
if (mysql_num_rows($query) == "1") {
session_start();
// Declaring some varibles
$valid_user = $username;
$id = session_id();
$ip_address = "$REMOTE_ADDR";
$data = mysql_fetch_object ($query);
$seclevel = $data->securitylevel; // this declares the security level varibles
$rowid = $data->id;
$datetime = date("n-d-y@h:iA", time() + 3600);
// adds 1 to the users "logincount" in the users table. that way you see how many times a person has logged in
mysql_query("UPDATE users SET logincount = logincount+1 WHERE (username = '$username')")
or die("Bad query: ".mysql_error());
/*
the 4 lines below this comment registers variables so you can "call" this variables on other secure pages
example:
print "You logged in as: $valid_user";
that code will display the users name
*/
session_register("valid_user");
session_register("ip_address");
session_register("id");
session_register("seclevel");
// inserting login information, 1 = correct login
$insert = "INSERT INTO logins(datetime, ip_address, username, password, correct, incorrect) ".
"VALUES('$datetime', '$ip_address', '$username', '$password', '1', '0')" or die("Bad query: ".mysql_error());
$mysql_insert = mysql_query($insert, $mysql_link)
or die("Please notify the admin that the script is connecting to the database, but not inserting the information ".mysql_error());
//moves you to the logged in page
header("Location: ./index.php?sid=$id");
exit; // exit; "cancels the script"
}
// if the data given is incorrect/doesn't match...
if (mysql_num_rows($query) == 0) {
// inserting login information, 0 = incorrect login
$insert = "INSERT INTO logins(datetime, ip_address, username, password, correct, incorrect) ".
"VALUES('$datetime', '$ip_address', '$username', '$password', '0', '1')" or die("Bad query: ".mysql_error());
$mysql_insert = mysql_query($insert, $mysql_link)
or die("Please notify the admin that the script is connecting to the database, but not inserting the information ".mysql_error());
$id = session_id();
// moves back to the login page
header("Location: ../index.php?id=home&login=error&sid=$id");
}
?>
any ideas/thoughts?
Thanks!
