<?php
session_start();
error_reporting(E_ALL);
require_once('functions.php');
require_once("config.inc.php");
$customerid=strlen(trim($_POST['customerid']));
$passcode=strlen(trim($_POST['passcode']));
// check for customerid and passcode
// if authentication fails go back to home page.
if($customerid==0 or $passcode==0 or $accountnum=0) {
$_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>';
header("Location: login_error.php");
exit;
}
// connect to server
$link = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if(!$link) {
$_SESSION['error']='<h4>Failed to connect to the server!</h4>';
header("Location: login_error.php");
exit;
}
// check magic quotes
if(get_magic_quotes_gpc()) {
$customerid = stripslashes($_REQUEST['customerid']);
$passcode = stripslashes($_REQUEST['passcode']);
} else {
$customerid = $_REQUEST['customerid'];
$passcode = $_REQUEST['passcode'];
}
// connect to database
$db_selected=mysql_select_db($mysql_database);
// connect to database
if(!$db_selected){
$_SESSION['error']='<h4>Failed to connect to the database!</h4>';
header("Location: login_error.php");
exit;
}
// set todays date
$today = date('Y-m-d');
//query string
$query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'",
mysql_real_escape_string($customerid),
mysql_real_escape_string($passcode));
// perform query
$result=mysql_query($query, $link);
//check if user exist
if(mysql_num_rows($result) == 1){
$row = mysql_fetch_assoc($result);
// if user is admin or moderator
if($row['level']=='100'){
set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$today=date('Y-m-d');
$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
$result=mysql_query($query, $link);
$extra = 'admin';
header("Location: http://$host$uri/$extra");
}elseif(trim($row['level'])=='10' or trim($row['level'])==10){
if($row['amount']<10 or $row['amount']<'10'){
$_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated.
<br > Please contact Account Manager for more details.</h4>';
header("Location: login_error.php");
exit;
}
set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
$today=date('Y-m-d');
$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
$result=mysql_query($query, $link);
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = 'customers';
header("Location: http://$host$uri/$extra");
}else{// user exist but no user level
$_SESSION['error']='<h4>Problem with account. please contact Admin</h4>';
header("Location: login_error.php");
}
}else{// if user not found
$_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>';
header("Location: login_error.php");
}
// close connection
mysql_close($link);
?>very vague title. i guess that you mean that a login attempt failed. otherwise, you will need to be more specific about the problem so that members can better assist you.
i notice that you are using header redirects without an exit or die. some have exit but others do not. Fixing that will solve some problems.
i also notice that you are not using pdo and prepared statements. pdo is very easy to learn and to implement. You should try it
Need more information than basically, “It doesn’t work” and a code dump.
Repost the question with more information, because no one is going to bug hunt your issue.