On Mon, 2007-03-12 at 10:20 -0800, Mike Franks wrote:
> Michael -
>
> You're storing the $directorid in session. Unless you've taken some
> extreme measures, session values are stored in cookies. Some users may
> have disabled cookies.
>
> See: http://us2.php.net/session
>
> Mike
>
But I thought session variables were stored on the hard drive of the
machine the web server is running on....?
> On 3/12/2007, "Michael Sullivan" <[EMAIL PROTECTED]> wrote:
>
> >First of all, I apologize for cross-posting this, but it is somewhat
> >urgent. The code I'm pasting below is the login script for my
> college's
> >Music Festival Web Interface. I say this is urgent because this
> >interface is in use as we speak. Thw way it works (or is supposed to
> >work) is this: A director registers for an account using the
> >registerdirector.php script (not included in this message). An entry
> in
> >the Director table of my mysql database is created. The director is
> >assigned a unique director_id, which identifies their ownership of
> all
> >data belonging to them. When they log in, a query is sent to the
> >database to return all data where email_address == their username.
> >Their password is checked against the password in the database. Their
> >director_id is returned and placed in the $directorid variable. The
> >problem is that for some reason that I can't figure out, sometimes,
> >seemingly at random the $directorid variable is blank. It should
> never
> >be blank, and I can't even come up with a theoretical scenario why it
> >would be blank. Here's what my Director table looks like:
> >
> >mysql> describe Director;
> >+---------------+-----------------+------+-----+---------+----------------+
> >| Field | Type | Null | Key | Default | Extra
> >|
> >+---------------+-----------------+------+-----+---------+----------------+
> >| director_id | int(5) unsigned | NO | PRI | NULL |
> >auto_increment |
> >| email_address | varchar(255) | NO | | |
> >|
> >| password | varchar(255) | NO | | |
> >|
> >| director_name | varchar(255) | NO | | |
> >|
> >| phone_number | varchar(17) | NO | | |
> >|
> >| fax_number | varchar(17) | YES | | NULL |
> >|
> >| cell_number | varchar(12) | YES | | NULL |
> >|
> >+---------------+-----------------+------+-----+---------+----------------+
> >7 rows in set (0.15 sec)
> >
> >And here's my code:
> >
> ><?
> > session_start();
> >
> > require_once("miscfunc.php");
> >
> > $page = "login.php";
> >
> > include("dbconnect.php");
> > $loginuser = $_POST['user'];
> > $loginpass = stripslashes($_POST['passwd']);
> >
> > $tableName = "Director";
> > $query = "SELECT * FROM ".$tableName." WHERE email_address=
> >\"$loginuser\";";
> >//print "$query<br><br>\n";
> > $result = mysql_query($query, $link) or die ("Could not connect to
> >the database. ".mysql_error());
> > $a_row = mysql_fetch_array($result, MYSQL_ASSOC);
> >
> > $string = $a_row['password'];
> > if ($loginpass == $a_row['password'])
> > {
> >
> > set_var("loggedin", true);
> > $emailaddress = $loginuser;
> > $loggedin = true;
> >
> >
> > set_var("loggedin", $loggedin);
> > set_var("loginuser", $loginuser);
> > set_var("emailaddress", $emailaddress);
> >
> > $directorid = $a_row['director_id'];
> >
> >if ($directorid == 0 || $directorid = " ")
> >{
> >//We have a problem
> >$message = $message."\nDirectorID = $directorid\n";
> >$message = $message."\nLoginUser = $loginuser\n";
> >$message = $message."\nPassword = $loginpass\n";
> >if (!mail("[EMAIL PROTECTED]", "DirectorID 0", $message))
> print
> >"There was a problem; Could not send a report of the problem to the
> >webmaster<br><br>\n";
> >}
> > set_var("directorid", $directorid);
> > $action = "$loginuser logged in.";
> > $log = "INSERT INTO Logs (session_id, type, director_id,
> >time_stamp, action) VALUES(\"".session_id()."\", \"Login\",
> >\"$directorid\", \"".time()."\", \"$action\");";
> > mysql_query($log, $link) or die("Could not create log record:
> >".mysql_error());
> >
> >
> >
> > include("mainpage.php");
> > }
> > else
> > {
> > print "Login incorrect. Do you need to register?";
> > include("index.php");
> > }
> >?>
> >
> >Please help. I don't want the directors who participate in our
> contest
> >to lose faith in our Music Program because of my mistakes...
> >-Michael Sullivan-
> >
>
>
>
>
