Need some assistance with login code setting timestamp.

webguync

Hello,

I have some code for a login form which verifies if both fields are completed (username and login) and checks the database to see if the fields match up with what's in the MySQL table and if so proceeds to the testing page. This part seems to work ok, but I am also trying to set a timestamp for when they login and this isn't working. Here is my code:


<?php
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
session_start();
$con = mysql_connect("localhost","username","pw") or die('Could not connect: ' . mysql_error());

mysql_select_db("DBName") or die(mysql_error());


// Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['password']) ) {
    echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'12px';>Please fill in both your username and password to access your exam results.</h2>";
	  echo "<meta http-equiv='refresh' content='5; url=ExamLogin.php'>";
                exit;
   }
   // Create the variables again.

   $username = mysql_real_escape_string($_POST['username']);
   $password = $_POST['password'];

   // Encrypt the password again with the md5 hash. 
   // This way the password is now the same as the password inside the database.
   //$pwid = md5($pwid);

   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,password,name
           FROM   Editor_Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'12px';>You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds.</h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
   } else {
      // Now create an object from the data you've retrieved.
      $row = mysql_fetch_object($result);
      // You've now created an object containing the data.
      // You can call data by using -> after $row.
      // For example now the password is checked if they're equal.

  // By storing data inside the $_SESSION superglobal,
  // you stay logged in until you close your browser.
   $_SESSION['name'] = $row->name;
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
//Update record with current time IF the account has never logged in before
$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = ''";
$result = mysql_query($query);
//Check if query ran succesfully

   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:EditorLogin.php");
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";


?>

and the MySQL structure for the table

CREATE TABLE `Editor_Candidates` (
  `name` text,
  `username` text,
  `password` varchar(10) default NULL,
  `login_timestamp` date NOT NULL default '0000-00-00',
  `user_id` int(11) NOT NULL auto_increment,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;

hoping someone can offer assistance as to why the timestamp isn't being set.

rincewind456

NOW() returns a date time like

2010-02-03 19:18:28

you're trying to enter that into a field of 0000-00-00 format it will thow a syntax error when you do it, use [man]mysql_error()[/man] to check for errors

webguync

thanks. How would I create the MySQL error for the Query I have. I am trying this, but know it's not tight. Do I need to create a variable for login_timestamp?

echo mysql_errno(login_timestamp) . ": " . mysql_error(login_timestamp). "\n";

rincewind456

Sorry I didn't look at your code closely enough this line

$result = mysql_query($query) or die(mysql_error());

should be outputting the error message.

But basically you have to either find another way of getting the login time or more sensibly, changing the login_timestamp field in the database to a default that fits the data you're trying to enter.

webguync

not sure what to change MySQL to. here is current structure

CREATE TABLE `Editor_Candidates` (
  `name` text,
  `username` text,
  `password` varchar(10) default NULL,
  `login_timestamp` datetime NOT NULL default '0000-00-00 00:00:00',
  `user_id` int(11) NOT NULL auto_increment,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;

rincewind456

Well you've changed the structure, so the date should now be inserted

webguync

Well I agree it should, but it's not. Do you know if I need to set the function to anything in MySQL under my login_timestamp field, and if so...what?

rincewind456

this

$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = ''";

should be this

$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = '';";

webguync

I changed the SQL code to that and still no love.

All of my code again

<?php
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);
session_start();
$con = mysql_connect("localhost","username","password") or die('Could not connect: ' . mysql_error());

mysql_select_db("DBName") or die(mysql_error());


// Same checking stuff all over again.
if(isset($_POST['submit'])) {
   if(empty($_POST['username']) || empty($_POST['password']) ) {
    echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>Please fill in both your username and password to access your exam results.</h2>";
	  echo "<meta http-equiv='refresh' content='5; url=ExamLogin.php'>";
                exit;
   }
   // Create the variables again.

   $username = mysql_real_escape_string($_POST['username']);
   $password = $_POST['password'];

   // Encrypt the password again with the md5 hash. 
   // This way the password is now the same as the password inside the database.
   //$pwid = md5($pwid);

   // Store the SQL query inside a variable. 
   // ONLY the username you have filled in is retrieved from the database.
   $query = "SELECT username,password,name
           FROM   Editor_Candidates
           WHERE
           password = '$password'
           AND
           username='$username'";

   $result = mysql_query($query) or die(mysql_error());
   if(mysql_num_rows($result) == 0) { 
      // Gives an error if the username/pw given does not exist.
      // or if something else is wrong.
     echo "<h2 style='color:#0080b2;font-weight:bold;font-family:arial, helvetica, sans-serif;font-size:'14px';>You have entered a username or password that does not match our database records. please try again. You will be redirected back to the login screen in 5 seconds.</h2> " . mysql_error();
echo "<meta http-equiv='refresh' content='5; url=EditorLogin.php'>";
exit();
/*
this would benefit from a redirect to a page giving better information to
the user and maybe logging some errors.
*/
   } else {
      // Now create an object from the data you've retrieved.
      $row = mysql_fetch_object($result);
      // You've now created an object containing the data.
      // You can call data by using -> after $row.
      // For example now the password is checked if they're equal.

  // By storing data inside the $_SESSION superglobal,
  // you stay logged in until you close your browser.

   $_SESSION['name'] = $row->name;
     $_SESSION['username'] = $username;
      $_SESSION['sid'] = session_id(); 
      // Make it more secure by storing the user's IP address.
      $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
      // Now give the success message.
      // $_SESSION['username'] should print out your username.

//move this to after your redirect further below..
//Update record with current time IF the account has never logged in before
$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = '';"; 

$result = mysql_query($query);

//Check if query ran succesfully

   }
}

// Start a session. If not logged in will be redirected back to login screen.

if(!isset($_SESSION['username'])){
header("Location:EditorLogin.php");
exit;
}
echo "<div id='welcome'><h3>Welcome! You are now logged in " . $_SESSION['name'] . "</h3>";


?>

rincewind456

You've taken out the error reporting!

You need to reinstate it and then let us know what the error message is, because I can see no reason why the query should fail, in fact I created a test table from your schema and ran the query successfully.

webguync

I don't think I took out the error reporting. You mean this right?

ini_set("display_errors","1");
ERROR_REPORTING(E_ALL);

webguync

also, if you don't mind posting your test code, that would be a big help.

rincewind456

webguync;10941488 wrote:
I don't think I took out the error reporting. You mean this right?
ini_set("display_errors","1");
ERROR_REPORTING(E_ALL); 

No I mean this bit

 or die(mysql_error());

webguync

not getting any error when I add that back in.

rincewind456

So what exactly is happening when you run the update? if the syntax is correct, which it appears to be, and there is no error returned by mysql_error() then it would seem to me that your trying to update a record that doesn't exist, this wouldn't throw an error.

So you need to get your script to echo the sql statement rather than running the query and then run that echoed query in a command line or through phpmyadmin and see if it actually does work.

webguync

The record definitely exist. The login works,but when I look at the record in PHPadmin, the date doesn't get updated when the login occurs which is what I want.

not exactly sure what you mean with the echoing of the query statement. This produces an error.

echo "
$query = "UPDATE `Editor_Candidates`
          SET `login_timestamp` = NOW()
          WHERE `username` = '$username'
            AND `password` = '$password'
            AND login_timestamp = '';"; 
";

halojoy

This is what I would try.
Notice I have removed a few things.

One important thing here, is that fild login_timestamp actually is an empty string ="";
Because if it is NULL or whatever else, then maybe no UPDATE is done.

$query = "UPDATE Editor_Candidates
          SET login_timestamp = NOW()
          WHERE username = '$username'
            AND password = '$password'
            AND login_timestamp = ''";
echo $query; //for debugging test

webguync

ok, well the resulting echo from that is:

UPDATE Editor_Candidates SET login_timestamp = NOW() WHERE username = 'dave.smith@aol.com' AND password = 'ds101' AND login_timestamp = ''

the username and login info is correct. There is another field in the table called name which is not included in the login. Does this matter with the Query? Anyway, I ran in it PHPMyAdmin. No errors, but zero rows affected. My table structure again is this:


CREATE TABLE `Editor_Candidates` (
  `name` text,
  `username` text,
  `password` varchar(10) default NULL,
  `login_timestamp` datetime NOT NULL default '0000-00-00 00:00:00',
  `user_id` int(11) NOT NULL auto_increment,
  PRIMARY KEY  (`user_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=6 ;

webguync

well I guess the obvious solution is to do this, which seems to work


$query = "UPDATE Editor_Candidates
          SET login_timestamp = NOW()
          WHERE username = '$username'
            AND password = '$password'
            AND login_timestamp = '0000-00-00 00:00:00'";

the only issue I have is the server location is on west coast, and I want it to display EST (+3 hours). How can this be done?

rincewind456

The only problem with your query is that the login time wont update if you use the AND login_timestamp = '0000-00-00 00:00:00' line because after the first login the login_timestamp field will never equal NULL , '' or 0000-00-00 00:00:00 so the query will never update the login time other than the first login