Paul Heyer Posted July 5, 2019 Share Posted July 5, 2019 <?php session_start(); error_reporting(E_ALL); require_once('functions.php'); require_once("config.inc.php"); $customerid=strlen(trim($_POST['customerid'])); $passcode=strlen(trim($_POST['passcode'])); // check for customerid and passcode // if authentication fails go back to home page. if($customerid==0 or $passcode==0 or $accountnum=0) { $_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>'; header("Location: login_error.php"); exit; } // connect to server $link = mysql_connect($mysql_host, $mysql_user, $mysql_pass); if(!$link) { $_SESSION['error']='<h4>Failed to connect to the server!</h4>'; header("Location: login_error.php"); exit; } // check magic quotes if(get_magic_quotes_gpc()) { $customerid = stripslashes($_REQUEST['customerid']); $passcode = stripslashes($_REQUEST['passcode']); } else { $customerid = $_REQUEST['customerid']; $passcode = $_REQUEST['passcode']; } // connect to database $db_selected=mysql_select_db($mysql_database); // connect to database if(!$db_selected){ $_SESSION['error']='<h4>Failed to connect to the database!</h4>'; header("Location: login_error.php"); exit; } // set todays date $today = date('Y-m-d'); //query string $query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'", mysql_real_escape_string($customerid), mysql_real_escape_string($passcode)); // perform query $result=mysql_query($query, $link); //check if user exist if(mysql_num_rows($result) == 1){ $row = mysql_fetch_assoc($result); // if user is admin or moderator if($row['level']=='100'){ set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $today=date('Y-m-d'); $query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'"; $result=mysql_query($query, $link); $extra = 'admin'; header("Location: http://$host$uri/$extra"); }elseif(trim($row['level'])=='10' or trim($row['level'])==10){ if($row['amount']<10 or $row['amount']<'10'){ $_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated. <br > Please contact Account Manager for more details.</h4>'; header("Location: login_error.php"); exit; } set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']); $today=date('Y-m-d'); $query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'"; $result=mysql_query($query, $link); $host = $_SERVER['HTTP_HOST']; $uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\'); $extra = 'customers'; header("Location: http://$host$uri/$extra"); }else{// user exist but no user level $_SESSION['error']='<h4>Problem with account. please contact Admin</h4>'; header("Location: login_error.php"); } }else{// if user not found $_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>'; header("Location: login_error.php"); } // close connection mysql_close($link); ?> Link to comment Share on other sites More sharing options...
Funce Posted July 7, 2019 Share Posted July 7, 2019 Hi Paul, I'd be happy to help you find the issue, but your title isn't telling me exactly what's happening. What's going on? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now