Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New Coder
    Join Date
    Dec 2006
    Posts
    57
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Login script doesn't insert row and calculate right + feedback on the scrip itself..

    Hello,
    I'm having two problems with my login "check" script. The first problem is that nothing is inserted in the login_logs_tbl and the ip_logs_tbl. The second problem is that the "$new_num_logins = $current_num_logins[0] + 1;" part doesn't work, it just inserts "1" all the time regardless of the $current_num_logins[0].

    I would also appreciate any feedback on the login script itself. Structure and content and so on..

    Here is the code;
    PHP Code:
    <?php
    include 'db_info.php';
    // Connect to server and select databse.
    mysql_connect("$sqlhost""$sqlusername""$sqlpassword")or die("cannot connect");
    mysql_select_db("$db_name")or die("cannot select DB");

    // username and password sent from signup form
    $vusername=$_POST['vusername'];
    $vpassword=$_POST['vpassword'];

    $sql="SELECT * FROM $user_tbl WHERE username='$vusername' and password='$vpassword'";
    $result=mysql_query($sql);

    // Mysql_num_row is counting table row
    $count=mysql_num_rows($result);
    // If result matched $vusername and $vpassword, table row must be 1 row

    if($count==1){
    $sql3="SELECT user_id FROM $user_tbl WHERE username='$vusername' and password='$vpassword'";
    $result3=mysql_query($sql3);
    $vuserid mysql_fetch_array($result3);

    // Register $myusername, $mypassword and redirect to file "login_success.php"
    session_register("vusername");
    session_register("vpassword");

    // The current time (for logs)
    $date date("H:i:s M j, Y");

    // The current unix timestamp (for logs)
    $timestamp time();

    // Log the login in the ip log table
    $sql5="INSERT INTO $login_logs_tbl (user_id, ip, logged_date, logged_timestamp) VALUES(".$vuserid[0].", '".$_SERVER['REMOTE_ADDR']."', $date, $timestamp)";
    $result5=mysql_query($sql5);

    // Set the latest login in the user table
    $sql8="UPDATE $user_tbl SET (latest_login_date, latest_login_timestamp) VALUES ($date, $timestamp) where user_id = ".$vuserid[0]."";
    $result8=mysql_query($sql8);

    // Add 1 to the number of logins in the user table
    $sql2 "select num_logins from $user_tbl where user_id = '$vuserid'";
    $result2 mysql_query($sql2) or die( mysql_error() );
    $current_num_logins mysql_fetch_array($result2);
    $new_num_logins $current_num_logins[0] + 1;
    $sql9="UPDATE $user_tbl SET num_logins = '$new_num_logins' where user_id = ".$vuserid[0]."";
    $result9=mysql_query($sql9);
     echo 
    "$new_num_logins";

    // Check if the IP is already logged in the database
    $sql22 "select user_id from $ip_logs_tbl where user_id = ".$vuserid[0]." and ip = '".$_SERVER['REMOTE_ADDR']."'";
    $result22 mysql_query($sql22) or die( mysql_error() );
    $row mysql_fetch_array($result22);
    if (
    $row['user_id'] == ".$vuserid[0].") {

     
    // It's an old ip for that user - change the latest login date
    $sql12="update $ip_logs_tbl set (latest_date, latest_timestamp) values ($date, $timestamp) where ip = '".$_SERVER['REMOTE_ADDR']."'";
    $result11=mysql_query($sql12); 
     
    }
    else {
     
    // It's a new IP for that user - log it
    $sql10="INSERT INTO $ip_logs_tbl (ip, user_id, latest_date, latest_timestamp) VALUES('".$_SERVER['REMOTE_ADDR']."', ".$vuserid[0].", $date, $timestamp)";
    $result10=mysql_query($sql10);

     
    // And add 1 to the number of different IPs in the user table
    $sql4 "select num_ips from $user_tbl where user_id = ".$vuserid[0]."";
    $result4 mysql_query($sql4) or die( mysql_error() );
    $current_num_ips mysql_fetch_array($result2);
    $new_num_ips $current_num_ips[0] + 1;
    $sql11="UPDATE $user_tbl SET num_ips = '$new_num_logins' where user_id = ".$vuserid[0]."";
    $result11=mysql_query($sql11);

    }
     echo 
    "logged in";
    }
    else {
    echo 
    "Wrong Username or Password";
    }
    ?>
    Thanks,
    /Oskar

  • #2
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,129
    Thanks
    2
    Thanked 328 Times in 320 Posts
    A number of your mysql_query(...) statements don't have any error checking and reporting. All of them should have -
    PHP Code:
    or die( mysql_error() ); 
    I notice that several of the table names in the queries are contained in variables. Have these variables been set? I recommend echoing your query strings to make sure that they contain the expected contents.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #3
    New Coder
    Join Date
    Dec 2006
    Posts
    57
    Thanks
    2
    Thanked 0 Times in 0 Posts
    Hello,
    I've changed it to this now (error reporting included in all mysql_query() now);
    PHP Code:
    <?php 
    include 'db_info.php'
    // Connect to server and select databse. 
    mysql_connect("$sqlhost""$sqlusername""$sqlpassword")or die("cannot connect"); 
    mysql_select_db("$db_name")or die("cannot select DB"); 

    // username and password sent from signup form 
    $vusername=$_POST['vusername']; 
    $vpassword=$_POST['vpassword']; 

    $sql="SELECT * FROM $user_tbl WHERE username='$vusername' and password='$vpassword'"
    if (
    $result=mysql_query($sql) or die( mysql_error() )) {

        if(
    mysql_num_rows($result) == 1) {
            
    // If result matched $vusername and $vpassword, table row must be 1 row 
            
    $row mysql_fetch_assoc($result);
            
    $vuserid $row['user_id'];
        
            
    // Register $myusername, $mypassword and redirect to file "login_success.php" 
            
    session_register("vusername");
            
    session_register("vpassword");
        
            
    // Log the login in the ip log table
            
    $sql="INSERT INTO $login_logs_tbl (user_id, ip, logged) VALUES('$vuserid', '".$_SERVER['REMOTE_ADDR']."', CURRENT_DATE, NOW())"
            
    mysql_query($sql) or die( mysql_error() );
        
            
    // Set the latest login in the user table
            
    $sql="UPDATE $user_tbl SET (latest_login, num_logins) VALUES (CURRENT_DATE, NOW(),num_logins+1) where user_id = '$vuserid'"
            
    mysql_query($sql) or die( mysql_error() );
        
            
    // Check if the IP is already logged in the database 
            
    $sql="update $ip_logs_tbl set (latest) values (CURRENT_DATE, NOW()) where ip = '".$_SERVER['REMOTE_ADDR']."' AND user_id='$vuserid'"
            
    mysql_query($sql) or die( mysql_error() );
            if (
    mysql_affected_rows() == 0) {
                 
    // It's a new IP for that user - log it 
                
    $sql="INSERT INTO $ip_logs_tbl (ip, user_id, latest) VALUES('".$_SERVER['REMOTE_ADDR']."', '$vuserid', CURRENT_DATE, NOW())"
                
    mysql_query($sql) or die( mysql_error() ); 
                
                 
    // And add 1 to the number of different IPs in the user table 
                
    $sql="UPDATE $user_tbl SET num_ips = num_ips+1 where user_id = '$vuserid'"
                
    mysql_query($sql) or die( mysql_error() );
            }
            echo 
    "logged in";
        } else {
            echo 
    "Wrong Username or Password";
        }
    }
    ?>
    But I get the error;

    Warning: session_register(): Cannot send session cookie - headers already sent by (output started at .../tests/checklogin.php:1) in .../tests/checklogin.php on line 20

    Warning: session_register(): Cannot send session cache limiter - headers already sent (output started at .../tests/checklogin.php:1) in .../tests/checklogin.php on line 20
    Column count doesn't match value count at row 1
    I don't get that, isn't it the session_register that registers the session? And what headers is it talking about?

    Thanks in advance,
    /Oskar R

  • #4
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    You should assign variables to the $_SESSION array directly rather than using session_register().
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.

  • #5
    Senior Coder whizard's Avatar
    Join Date
    Jan 2005
    Location
    Philadelphia, PA, USA
    Posts
    1,662
    Thanks
    14
    Thanked 76 Times in 76 Posts
    You need to start your sessions before any output is sent to the page... Is this file a standalone file, or is it included in a page where output has already been sent to the page?

    Quote Originally Posted by http://us3.php.net/manual/en/function.session-register.php
    If session_start() was not called before this function is called, an implicit call to session_start() with no parameters will be made.
    Therefore, if output has already been sent to the page and you haven't already called session_start(), it calls it when you call session_register(), which triggers the error.

    If that is the case, you need to call session_start() before any output has been sent to the page.

    HTH
    Dan
    PHP Tip: If you want to use short tags (<? or <?=$var) then make sure short_open_tag is set to "1". It really helps.

    Don't forget to save everyone time and mark your thread as Resolved :)

    "Also note that it is your responsibility to die() if necessary."

    DON'T USE THE MYSQL_ EXTENSION


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •