Hello,
I am the current web admin of JigStop.com. It’s the online storefront for a small fishing tackle store in Dana Point, California. We recently switched from a Windows shared host (Web.com) to a Linux shared host (Godaddy), and a number of issues have come up. I appear to have tackled most of them myself over the last few days, but this one really has me stumped:
When I (or any other users) attempt to log in, it shows the “login successful” page with account-related links. However, it then reloads the index page (as is normally expected) and shows that the user is no longer logged in. There is no evidence of an error on the mySQL tables affected, and there are no errors posted on the pages themselves.
Here is the code for the dologin.php page:
[php]<?
require (“main.js.php”);
$PageTitle = “$domainname Login”;
//-------------------
// Validate User
$query = "
SELECT U_LoginName,U_LoginPassword,U_Groups
FROM js_users
WHERE U_LoginName = ‘$LoginName’
";
$sth = $dbh -> do_query($query);
list ($UserLoginName,$UserLoginPassword,$Groups) = $dbh -> fetch_array($sth);
if ($UserLoginName == ‘’) {
include "includes/header.php";
include "includes/home.menu.php";
echo "<br /><br /><table align=\"center\" cellspacing=\"1\" width=\"90%\" class=\"tableborder\"><tr><td><table cellspacing=\"0\" cellpadding=\"3\" width=\"100%\"><tr>";
echo "<td class=\"tableheader\" align=\"left\"><font class=\"tabletextheader\">Logging In</font></td></tr>";
echo "<tr><td class=\"tablebody\" align=\"left\"><br /><br />";
echo "<p><font class=\"tabletext\">Invalid user name!</font></p><br /><br />";
} else {
if (strcasecmp($UserLoginPassword, $Password) == 0) {
session_start();
$time = time();
if (strstr($Groups, '4') != FALSE) {
setcookie("SID",session_id(),$time+120000,"/",false,0);
} else {
setcookie("SID",session_id(),$time+7200000,"/",false,0);
}
$SID = session_id();
// Update SID in User database
$query = "
UPDATE js_users
SET U_SID = ‘$SID’
WHERE U_LoginName = ‘$UserLoginName’
";
$dbh -> do_query($query);
// Update SID in order database
$query = "
UPDATE js_orders
SET O_SID = ‘$SID’
WHERE O_LoginName = ‘$UserLoginName’
";
$dbh -> do_query($query);
include "includes/header.php";
include "includes/left.menu.php";
echo "<br /><br /><table align=\"center\" cellspacing=\"1\" width=\"90%\" class=\"tableborder\"><tr><td><table cellspacing=\"0\" cellpadding=\"3\" width=\"100%\"><tr>";
echo "<td class=\"tableheader\" align=\"left\"><font class=\"tabletextheader\">Logging In</font></td></tr>";
echo "<tr><td class=\"tablebody\" align=\"left\"><br /><br />";
echo "<p><font class=\"tabletext\">Welcome $UserLoginName, your login was successful!</font></font></p><br />";
echo "<meta http-equiv=\"Refresh\" content=\"1;url=/index.php\" />";
} else {
include "includes/header.php";
include "includes/left.menu.php";
echo "<br /><br /><table align=\"center\" cellspacing=\"1\" width=\"90%\" class=\"tableborder\"><tr><td><table cellspacing=\"0\" cellpadding=\"3\" width=\"100%\"><tr>";
echo "<td class=\"tableheader\" align=\"left\"><font class=\"tabletextheader\">Logging In</font></td></tr>";
echo "<tr><td class=\"tablebody\" align=\"left\"><br /><br />";
echo "<p><font class=\"tabletext\">Incorrect Password!<br /><br />Please use the back button and try again.</font></p><br />";
}
}
if (($LoginName != ‘’) && ($Password != ‘’)){
if ($Password == $UserLoginPassword) {
$Password = ‘*’;
}
$LoginNameS = addslashes($LoginName);
$PasswordS = addslashes($Password);
$query = "
INSERT js_login
SET L_Name = ‘$LoginNameS’,
L_Password = ‘$PasswordS’,
L_IP = ‘$IP’,
L_Date = ‘$NOW’
";
$dbh -> do_query($query);
}
echo “”;
include “includes/footer.php”;
?>
[/php]
I would really appreciate any input you guys might have. I’ll continue to poke at it, because we need this site back in working condition ASAP.
PS: I didn’t create the website, and I know that the code is an absolute mess. The guy credited with building the site did little more than slap together some outdated free PHP packages, dotting the Ts and crossing the Is with his own sloppy designs.