PHP login script - Object not found!
Hi there, please could someone tell me what is wrong with my code, I have checked it quite a few times now, and I am unable to find anything out of place.
The main script:
<?php
session_start();
switch (@$_POST['Button'])
{
case "Login":
include("dbstuff.php");
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Query died: connect");
$sql = "SELECT username FROM storemembers
WHERE username='$_POST[fusername]'";
$result = mysqli_query($cxn,$sql)
or die("Query died: fusername");
$num = mysqli_num_rows($result);
if($num > 0)
{
include("functions.php");
$password = secure_pass($_POST['fpassword']);
$username = $_POST[fusername];
$sql = "SELECT username FROM storemembers
WHERE username='$username'
AND password='$password'";
$result2 = mysqli_query($cxn,$sql)
or die("Query died: $password");
$num2 = mysqli_num_rows($result2);
if($num2 > 0) //password matches
{
$_SESSION['auth']="yes";
$_SESSION['logname'] = $username;
header("Location: SecretPage.php");
}
else // password does not match
{
$message_1="The Login Name, '$_POST[fusername]'
exists, but you have not entered the
correct password! Please try again.";
$fusername = strip_tags(trim($_POST[fusername]));
include("form_login_reg.inc");
}
} // end if $num > 0
elseif($num == 0) // login name not found
{
$message_1 = "The User Name you entered does not
exist! Please try again.";
include("form_login_reg.inc");
}
break;
case "Register":
/* Check for blanks */
foreach($_POST as $field => $value)
{
if ($field != "fax")
{
if ($value == "")
{
$blanks[] = $field;
}
else
{
$good_data[$field] = strip_tags(trim($value));
}
}
} // end foreach POST
if(isset($blanks))
{
$message_2 = "The following fields are blank.
Please enter the required information: ";
foreach($blanks as $value)
{
$message_2 .="$value, ";
}
extract($good_data);
include("form_login_reg.inc");
exit();
} // end if blanks found
foreach($_POST as $field => $value)
{
$$field = strip_tags(trim($value));
}
if(@is_array($errors))
{
$message_2 = "";
foreach($errors as $value)
{
$message_2 .= $value." Please try again<br />";
}
include("form_login_reg.inc");
exit();
} // end if errors are found
/* check to see if user name already exists */
include("dbstuff.php");
$cxn = mysqli_connect($host,$user,$passwd,$dbname)
or die("Couldn't connect to server");
$sql = "SELECT username FROM storemembers
WHERE username='$username'";
$result = mysqli_query($cxn,$sql)
or die("Query died: username.");
$num = mysqli_num_rows($result);
if($num > 0)
{
$message_2 = "$username already used. Select another
User Name.";
include("form_login_reg.inc");
exit();
} // end if user name already exists
else
{
include("functions.php");
$password = secure_pass($_POST['password']);
$today = date("Y-m-d");
$sql = "INSERT INTO storemembers (username,createdate,
password,firstname,lastname,email,house_name_no,street,city,
state,zip,telephone) VALUES
('$username','$today', '$password',
'$firstname', '$lastname', '$email','$house_name_no','$street','$city',
'$state','$zip','$telephone')";
mysqli_query($cxn,$sql);
$_SESSION['auth']="yes";
$_SESSION['logname'] = $username;
/* send email to new Customer */
$emess = "You have successfully registered. ";
$emess .= "Your new user name and password are: ";
$emess .= "\n\n\t$username\n\t";
$emess .= "$password\n\n";
$emess .= "We appreciate your interest. \n\n";
$emess .= "If you have any questions or problems,";
$emess .= " email [email protected]";
$subj = "Your new customer registration";
#$mailsend=mail("$email","$subj","$emess");
header("Location: SecretPage.php");
} // end else no errors found
break;
default:
include("form_login_reg.inc");
} // end switch
?>
I think this is a good business---www.bgocled.com
Greg K posted this at 05:32 — 12th May 2012.
He has: 2,145 posts
Joined: Nov 2003
There is a lot wrong with the code compared to how I would do it, for example, your code as is is wide open to SQL injections.
So can you narrow it down to what problems you are experiencing that makes you think something needs changed? Are you getting specific error messages?
-Greg
Hire Developer posted this at 08:10 — 3rd July 2012.
They have: 26 posts
Joined: May 2012
It is going to be difficult without any more information where about are you getting that error? Also, this code is very insecure. You can't use this safely in a production environment.
Greg K posted this at 03:40 — 2nd December 2012.
He has: 2,145 posts
Joined: Nov 2003
This thread is now closed due to inactivity by OP on this thread.
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.