Jump to content
Sign in to follow this  
Paul Heyer

Authentication Failed, please what do i do

Recommended Posts

<?php
session_start();
error_reporting(E_ALL);
require_once('functions.php');
require_once("config.inc.php");
$customerid=strlen(trim($_POST['customerid']));
$passcode=strlen(trim($_POST['passcode']));
// check for customerid and passcode
// if authentication fails go back to home page.
if($customerid==0 or $passcode==0 or $accountnum=0) {
$_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>';
header("Location: login_error.php");
exit;
}

// connect to server
$link = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if(!$link) {
$_SESSION['error']='<h4>Failed to connect to the server!</h4>';
header("Location: login_error.php");
exit;
}

// check magic quotes
if(get_magic_quotes_gpc()) {
    $customerid = stripslashes($_REQUEST['customerid']);
    $passcode = stripslashes($_REQUEST['passcode']);
} else {
    $customerid = $_REQUEST['customerid'];
    $passcode = $_REQUEST['passcode'];
}
// connect to database
$db_selected=mysql_select_db($mysql_database);

// connect to database
if(!$db_selected){
$_SESSION['error']='<h4>Failed to connect to the database!</h4>';
header("Location: login_error.php");
exit;
}
// set todays date
$today = date('Y-m-d');

//query string
$query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'",
    mysql_real_escape_string($customerid),
	mysql_real_escape_string($passcode));

// perform query
$result=mysql_query($query, $link);

//check if user exist
if(mysql_num_rows($result) == 1){ 
    $row = mysql_fetch_assoc($result);  

	// if user is admin or moderator
	if($row['level']=='100'){
		set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
		$host  = $_SERVER['HTTP_HOST'];
		$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$today=date('Y-m-d');
		$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
		$result=mysql_query($query, $link);
		$extra = 'admin';
		header("Location: http://$host$uri/$extra");

		}elseif(trim($row['level'])=='10' or trim($row['level'])==10){
		if($row['amount']<10 or $row['amount']<'10'){
		$_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated.
		 <br > Please contact Account Manager for more details.</h4>';
		header("Location: login_error.php");	
		exit;
		}
		set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
		
		$today=date('Y-m-d');
		$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
		$result=mysql_query($query, $link);
		$host = $_SERVER['HTTP_HOST'];
		$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$extra = 'customers';
		header("Location: http://$host$uri/$extra");

		}else{// user exist but no user level

		$_SESSION['error']='<h4>Problem with account. please contact Admin</h4>';
		header("Location: login_error.php");
		}
}else{// if user not found

	$_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>';
	header("Location: login_error.php");
}
// close connection
mysql_close($link);

?>

 

Share this post


Link to post
Share on other sites

Hi Paul,

I'd be happy to help you find the issue, but your title isn't telling me exactly what's happening.

What's going on?

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...