Authentication Failed

#1
    <?php
session_start();
error_reporting(E_ALL);
require_once('functions.php');
require_once("config.inc.php");
$customerid=strlen(trim($_POST['customerid']));
$passcode=strlen(trim($_POST['passcode']));
// check for customerid and passcode
// if authentication fails go back to home page.
if($customerid==0 or $passcode==0 or $accountnum=0) {
$_SESSION['error']='<h4>Please enter User ID, Account number and PassCode</h4>';
header("Location: login_error.php");
exit;
}

// connect to server
$link = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
if(!$link) {
$_SESSION['error']='<h4>Failed to connect to the server!</h4>';
header("Location: login_error.php");
exit;
}

// check magic quotes
if(get_magic_quotes_gpc()) {
    $customerid = stripslashes($_REQUEST['customerid']);
    $passcode = stripslashes($_REQUEST['passcode']);
} else {
    $customerid = $_REQUEST['customerid'];
    $passcode = $_REQUEST['passcode'];
}
// connect to database
$db_selected=mysql_select_db($mysql_database);

// connect to database
if(!$db_selected){
$_SESSION['error']='<h4>Failed to connect to the database!</h4>';
header("Location: login_error.php");
exit;
}
// set todays date
$today = date('Y-m-d');

//query string
$query=sprintf("SELECT * FROM customers WHERE customerid='%s' AND passcode='%s'",
    mysql_real_escape_string($customerid),
	mysql_real_escape_string($passcode));

// perform query
$result=mysql_query($query, $link);

//check if user exist
if(mysql_num_rows($result) == 1){ 
    $row = mysql_fetch_assoc($result);  

	// if user is admin or moderator
	if($row['level']=='100'){
		set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
		$host  = $_SERVER['HTTP_HOST'];
		$uri   = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$today=date('Y-m-d');
		$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
		$result=mysql_query($query, $link);
		$extra = 'admin';
		header("Location: http://$host$uri/$extra");

		}elseif(trim($row['level'])=='10' or trim($row['level'])==10){
		if($row['amount']<10 or $row['amount']<'10'){
		$_SESSION['error']='<h4>Login Error: <br > This account exists but has not been activated.
		 <br > Please contact Account Manager for more details.</h4>';
		header("Location: login_error.php");	
		exit;
		}
		set_session($row['customerid'],$row['level'],true,$row['cot'],$row['tax'],$row['demurrage']);
		
		$today=date('Y-m-d');
		$query="UPDATE customers SET lastlogin = '$today' WHERE customerid='$customerid'";
		$result=mysql_query($query, $link);
		$host = $_SERVER['HTTP_HOST'];
		$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
		$extra = 'customers';
		header("Location: http://$host$uri/$extra");

		}else{// user exist but no user level

		$_SESSION['error']='<h4>Problem with account. please contact Admin</h4>';
		header("Location: login_error.php");
		}
}else{// if user not found

	$_SESSION['error']='<h4>Invalid User ID and or password!<b /r> Press back to login again.</h4>';
	header("Location: login_error.php");
}
// close connection
mysql_close($link);

?>
#2

very vague title. i guess that you mean that a login attempt failed. otherwise, you will need to be more specific about the problem so that members can better assist you.

i notice that you are using header redirects without an exit or die. some have exit but others do not. Fixing that will solve some problems.

i also notice that you are not using pdo and prepared statements. pdo is very easy to learn and to implement. You should try it

#3

Need more information than basically, “It doesn’t work” and a code dump.

Repost the question with more information, because no one is going to bug hunt your issue.

closed #4