First of all, I apologize for cross-posting this, but it is somewhat
urgent. The code I'm pasting below is the login script for my college's
Music Festival Web Interface. I say this is urgent because this
interface is in use as we speak. Thw way it works (or is supposed to
work) is this: A director registers for an account using the
registerdirector.php script (not included in this message). An entry in
the Director table of my mysql database is created. The director is
assigned a unique director_id, which identifies their ownership of all
data belonging to them. When they log in, a query is sent to the
database to return all data where email_address == their username.
Their password is checked against the password in the database. Their
director_id is returned and placed in the $directorid variable. The
problem is that for some reason that I can't figure out, sometimes,
seemingly at random the $directorid variable is blank. It should never
be blank, and I can't even come up with a theoretical scenario why it
would be blank. Here's what my Director table looks like:
mysql> describe Director;
+---------------+-----------------+------+-----+---------+----------------+
| Field | Type | Null | Key | Default | Extra
|
+---------------+-----------------+------+-----+---------+----------------+
| director_id | int(5) unsigned | NO | PRI | NULL |
auto_increment |
| email_address | varchar(255) | NO | | |
|
| password | varchar(255) | NO | | |
|
| director_name | varchar(255) | NO | | |
|
| phone_number | varchar(17) | NO | | |
|
| fax_number | varchar(17) | YES | | NULL |
|
| cell_number | varchar(12) | YES | | NULL |
|
+---------------+-----------------+------+-----+---------+----------------+
7 rows in set (0.15 sec)
And here's my code:
<?
session_start();
require_once("miscfunc.php");
$page = "login.php";
include("dbconnect.php");
$loginuser = $_POST['user'];
$loginpass = stripslashes($_POST['passwd']);
$tableName = "Director";
$query = "SELECT * FROM ".$tableName." WHERE email_address=
\"$loginuser\";";
//print "$query<br><br>\n";
$result = mysql_query($query, $link) or die ("Could not connect to
the database. ".mysql_error());
$a_row = mysql_fetch_array($result, MYSQL_ASSOC);
$string = $a_row['password'];
if ($loginpass == $a_row['password'])
{
set_var("loggedin", true);
$emailaddress = $loginuser;
$loggedin = true;
set_var("loggedin", $loggedin);
set_var("loginuser", $loginuser);
set_var("emailaddress", $emailaddress);
$directorid = $a_row['director_id'];
if ($directorid == 0 || $directorid = " ")
{
//We have a problem
$message = $message."\nDirectorID = $directorid\n";
$message = $message."\nLoginUser = $loginuser\n";
$message = $message."\nPassword = $loginpass\n";
if (!mail("[EMAIL PROTECTED]", "DirectorID 0", $message)) print
"There was a problem; Could not send a report of the problem to the
webmaster<br><br>\n";
}
set_var("directorid", $directorid);
$action = "$loginuser logged in.";
$log = "INSERT INTO Logs (session_id, type, director_id,
time_stamp, action) VALUES(\"".session_id()."\", \"Login\",
\"$directorid\", \"".time()."\", \"$action\");";
mysql_query($log, $link) or die("Could not create log record:
".mysql_error());
include("mainpage.php");
}
else
{
print "Login incorrect. Do you need to register?";
include("index.php");
}
?>
Please help. I don't want the directors who participate in our contest
to lose faith in our Music Program because of my mistakes...
-Michael Sullivan-
