Michael - You're storing the $directorid in session. Unless you've taken some extreme measures, session values are stored in cookies. Some users may have disabled cookies.
See: http://us2.php.net/session Mike On 3/12/2007, "Michael Sullivan" <[EMAIL PROTECTED]> wrote: >First of all, I apologize for cross-posting this, but it is somewhat >urgent. The code I'm pasting below is the login script for my college's >Music Festival Web Interface. I say this is urgent because this >interface is in use as we speak. Thw way it works (or is supposed to >work) is this: A director registers for an account using the >registerdirector.php script (not included in this message). An entry in >the Director table of my mysql database is created. The director is >assigned a unique director_id, which identifies their ownership of all >data belonging to them. When they log in, a query is sent to the >database to return all data where email_address == their username. >Their password is checked against the password in the database. Their >director_id is returned and placed in the $directorid variable. The >problem is that for some reason that I can't figure out, sometimes, >seemingly at random the $directorid variable is blank. It should never >be blank, and I can't even come up with a theoretical scenario why it >would be blank. Here's what my Director table looks like: > >mysql> describe Director; >+---------------+-----------------+------+-----+---------+----------------+ >| Field | Type | Null | Key | Default | Extra >| >+---------------+-----------------+------+-----+---------+----------------+ >| director_id | int(5) unsigned | NO | PRI | NULL | >auto_increment | >| email_address | varchar(255) | NO | | | >| >| password | varchar(255) | NO | | | >| >| director_name | varchar(255) | NO | | | >| >| phone_number | varchar(17) | NO | | | >| >| fax_number | varchar(17) | YES | | NULL | >| >| cell_number | varchar(12) | YES | | NULL | >| >+---------------+-----------------+------+-----+---------+----------------+ >7 rows in set (0.15 sec) > >And here's my code: > ><? > session_start(); > > require_once("miscfunc.php"); > > $page = "login.php"; > > include("dbconnect.php"); > $loginuser = $_POST['user']; > $loginpass = stripslashes($_POST['passwd']); > > $tableName = "Director"; > $query = "SELECT * FROM ".$tableName." WHERE email_address= >\"$loginuser\";"; >//print "$query<br><br>\n"; > $result = mysql_query($query, $link) or die ("Could not connect to >the database. ".mysql_error()); > $a_row = mysql_fetch_array($result, MYSQL_ASSOC); > > $string = $a_row['password']; > if ($loginpass == $a_row['password']) > { > > set_var("loggedin", true); > $emailaddress = $loginuser; > $loggedin = true; > > > set_var("loggedin", $loggedin); > set_var("loginuser", $loginuser); > set_var("emailaddress", $emailaddress); > > $directorid = $a_row['director_id']; > >if ($directorid == 0 || $directorid = " ") >{ >//We have a problem >$message = $message."\nDirectorID = $directorid\n"; >$message = $message."\nLoginUser = $loginuser\n"; >$message = $message."\nPassword = $loginpass\n"; >if (!mail("[EMAIL PROTECTED]", "DirectorID 0", $message)) print >"There was a problem; Could not send a report of the problem to the >webmaster<br><br>\n"; >} > set_var("directorid", $directorid); > $action = "$loginuser logged in."; > $log = "INSERT INTO Logs (session_id, type, director_id, >time_stamp, action) VALUES(\"".session_id()."\", \"Login\", >\"$directorid\", \"".time()."\", \"$action\");"; > mysql_query($log, $link) or die("Could not create log record: >".mysql_error()); > > > > include("mainpage.php"); > } > else > { > print "Login incorrect. Do you need to register?"; > include("index.php"); > } >?> > >Please help. I don't want the directors who participate in our contest >to lose faith in our Music Program because of my mistakes... >-Michael Sullivan- >
