Jump to content

Authentication Failed, please what do i do


Paul Heyer

Recommended Posts

<?php
session_start();
error_reporting(E_ALL);
require_once('functions.php');
require_once("config.inc.php");
$customerid=strlen(trim($_POST['customerid']));
$passcode=strlen(trim($_POST['passcode']));
// check for customerid and passcode
// if authentication fails go back to home page.
if($customerid==0 or $passcode==0 or $accountnum=0) {
$_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>';
header("Location: login_error.php");
exit;
}

// connect to server
$link = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if(!$link) {
$_SESSION['error']='<h4>Failed to connect to the server!</h4>';
header("Location: login_error.php");
exit;
}

// check magic quotes
if(get_magic_quotes_gpc()) {
    $customerid = stripslashes($_REQUEST['customerid']);
    $passcode = stripslashes($_REQUEST['passcode']);
} else {
    $customerid = $_REQUEST['customerid'];
    $passcode = $_REQUEST['passcode'];
}
// connect to database
$db_selected=mysql_select_db($mysql_database);

// connect to database
if(!$db_selected){
$_SESSION['error']='<h4>Failed to connect to the database!</h4>';
header("Location: login_error.php");
exit;
}
// set todays date
$today = date('Y-m-d');

//query string
$query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'",
    mysql_real_escape_string($customerid),
	mysql_real_escape_string($passcode));

// perform query
$result=mysql_query($query, $link);

//check if user exist
if(mysql_num_rows($result) == 1){ 
    $row = mysql_fetch_assoc($result);  

	// if user is admin or moderator
	if($row['level']=='100'){
		set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
		$host  = $_SERVER['HTTP_HOST'];
		$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$today=date('Y-m-d');
		$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
		$result=mysql_query($query, $link);
		$extra = 'admin';
		header("Location: http://$host$uri/$extra");

		}elseif(trim($row['level'])=='10' or trim($row['level'])==10){
		if($row['amount']<10 or $row['amount']<'10'){
		$_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated.
		 <br > Please contact Account Manager for more details.</h4>';
		header("Location: login_error.php");	
		exit;
		}
		set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
		
		$today=date('Y-m-d');
		$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
		$result=mysql_query($query, $link);
		$host = $_SERVER['HTTP_HOST'];
		$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$extra = 'customers';
		header("Location: http://$host$uri/$extra");

		}else{// user exist but no user level

		$_SESSION['error']='<h4>Problem with account. please contact Admin</h4>';
		header("Location: login_error.php");
		}
}else{// if user not found

	$_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>';
	header("Location: login_error.php");
}
// close connection
mysql_close($link);

?>

 

Link to comment
Share on other sites

Hi Paul,

I'd be happy to help you find the issue, but your title isn't telling me exactly what's happening.

What's going on?

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...