Checking and logging user name in database tables...

frootloops

I have most everything working on this script except one thing.

When "login.php" is displayed a username and password field are displayed, the user fills them in with the correct information, the information is checked against the information stored in the database and they are either displayed a "login success" or "login unsuccessful" page.

What I want to do is store that user's name and time they logged in in a separate database table, so I can see who and when they logged in. The script I have thus far does everything perfectly fine up to the point where it tries to log the user's name in the database... which it doesn't. All I get is the auto generated time stamp, the "user_name" is left blank in the database table.

The code is below, what am I doing wrong?

<?php 
$user_nameFromForm =$_POST['user_name']; 
$passwordFromForm =$_POST['password'];
ini_set("display_errors","on"); 
error_reporting(E_ALL | E_STRICT); 
ini_set("include_path","./includes");
include("reginfo.inc");
if(isset($_POST['submitted']) and $_POST['submitted'] == "yes") 
{ 
  foreach($_POST as $field => $value)         

  { 
    if(empty($value)) 
    { 
         $blank_array[] = $field; 
      } 
    { 
      $good_data[$field] = strip_tags(trim($value)); 
    } 
  }
  if(@sizeof($blank_array) > 0) 
  {
  /*Display error message if information is not entered*/ 
    $message = "<p style='color: red; margin-bottom: 0; 
                 font-weight: bold'> 
                 You didn't fill in one or more required fields. 
                 You must enter: 
                 <ul style='color: red; margin-top: 0; 
                 list-style: none' >";
    foreach($blank_array as $value) 
    { 
       $message .= "<li>$value</li>"; 
    } 
    $message .= "</ul>"; 
    echo $message; 
    extract($good_data); 
    include("logininfo.inc"); 
    exit();    

  } 
  foreach($_POST as $field => $value) 
{ 
  if(!empty($value)) 
  { 
    $user_patt = "/^[A-Za-z0-9_]{5,20}$/";
	$pass_patt = "/(?!^[0-9]*$)(?!^[a-zA-Z]*$)^([a-zA-Z0-9]{4,8})$/";
	if(preg_match("/user/i",$field)) 
    { 
      if(!preg_match($user_patt,$value)) 
      { 
        $error_array[] = "$value is not a valid name"; 
      } //end of username check
	}
	if(!preg_match("/pass/i",$field)) 
    { 
      if(preg_match($pass_patt,$value)) 
      { 
        $error_array[] = "Please enter a password that is between 4 to 8 characters and contains at least an letter and number"; 
      } //end of password check
	}
  } 
  $clean_data[$field] = strip_tags(trim($value)); 
} 
if(@sizeof($error_array) > 0) 
{ 
  $message = "<ul style='color: red; list-style: none' >"; 
  foreach($error_array as $value) 
  { 
    $message .= "<li>$value</li>"; 
  } 
  $message .= "</ul>"; 
  echo $message; 
  extract($clean_data); 
  include("logininfo.inc"); 
  exit(); 
} 
else 
{ 
$cxn = mysqli_connect($host,$user,$passwd,$dbname) 			/* This is where it starts to check to see if the user's name and password are in the database */
             or die("Couldn't connect to server"); 
foreach($clean_data as $field => $value) 
{ 
  $clean_data[$field] = mysqli_real_escape_string($cxn,$value); 
} 
$query = "SELECT * from Registration 
                   WHERE user_name='$user_nameFromForm' 
                   AND password = '$passwordFromForm'"; 
$result = mysqli_query($cxn,$query) or die("Can't Execute query"); 
$nrows = mysqli_num_rows($result); 
if($nrows > 0)												/* If user name and password match in the database, log user's name into a different table in the database */
{ 
$cxn = mysqli_connect($host,$user,$passwd,$dbname) 
             or die("Couldn't connect to server"); 
foreach($clean_data as $field => $value) 
{ 
  $clean_data[$field] = mysqli_real_escape_string($cxn,$value); 
} 
$sql = "INSERT INTO Login (user_name)
	VALUES ('$user_nameFromForm')";
$result = mysqli_query($cxn,$sql) 
            or die("Couldn't execute query"); 
include("loginsucess.inc");  

} 
else 
{ 
  include("loginunsucessful.inc"); 
}
} 
} 
else 
{ 
  include("logininfo.inc"); 
} 
?>

CoderDan

there's a lot 'wrong' with your current script, making it difficult to figure out where it went wrong, but looking at how you're having it do things, i think you may perhaps be missing an 'extract( $clean_data );' right before your 'insert into login' query? although it looks like you ran this routine a few lines up before the 'select from registration' also without an extract call, and effectively you've sanitized the data twice, which would make for some invalid data ( data should only be sanitized one time, and i recommend sanitizing the data as you build it into the query, not prior)

I could point out a lot of other things that there are better ways to do them (like entering user id's instead of user names to the login table) but that might take a while to go through, and it's not what you asked for.