Hi,

I'm very new to PHP to excuse my code...

On my login form, its making me have to login twice, second time is always sucessful, never the first time. As far as I can tell my code is ok, but again, I'm new to PHP. Can anyone shed some light on this for me please :) Thanks.

if ($log == "login")
{

if ($_SESSION['_TO'] != 'staff')
{
$_SESSION['_FROM']='staff';
header('Location: ../config.php');
}
elseif ($_SESSION['_TO'] == 'staff')
{
$conn=odbc_connect($_SESSION['base_source'],$_SESSION['db_user'],$_SESSION['db_pass']);
if (!$conn)
{
exit ($_SESSION['userrecid']="Connection Failed!");
}

$_SESSION['_MyUsername']=$_POST['username'];
$_SESSION['_MyPassword']=$_POST['password'];

$sql="SELECT Users.\"NAME\", Users.\"PASSWORD\", Logon.\"STATUS\" FROM Users LEFT OUTER JOIN Logon ON Logon.\"USER\" = Users.\"NAME\" WHERE \"NAME\"='".$_SESSION['_MyUsername']."' and \"PASSWORD\"='".$_SESSION['_MyPassword']."'";

$rs=odbc_exec($conn,$sql);
if (!$rs)
{
exit ($_SESSION['userrecid']="Error in SQL!");
}

$count=odbc_num_rows($rs);
$status=odbc_result($rs,"STATUS");

if($count==1)
{

if($status==1)
{
$_SESSION['userrecid']="This user is already logged into inspHire!";
header("location: ./ ");
}
elseif($status==0)
{
$sql="UPDATE LOGON SET \"STATUS\"=1 WHERE \"USER\"='".$_SESSION['_MyUsername']."'";
$rs=odbc_exec($conn,$sql);

$_SESSION['_EXEC']=1;
header("location: ./staff-gateway.php");
}
}
else
{
$_SESSION['userrecid']="An Error Has Occured! $status";
header("location: ./ ");
}
}
}

this is very out of context; you'll need to narrow it down to which part does not work. does $count return the correct value (eg. 1)? does $status return the correct value (eg. 0)? add some echos yourself so that you can figure out what's failing.

also, what is the actual error you're getting? that the username/password is wrong ($count == 0)? or that the user is logged in already ($status == 1)?

Thanks Kows,

Doing an echo I have seen that the first time I login, the count returns null, nothing at all. Not even zero. However when I login again It works. NO SQL errors, or php errors display at all.

Only this appears the first time I try and login

$_SESSION['userrecid']="An Error Has Occured!";

Where have you defined 'userrecid'?

This IS defining

$_SESSION['userrecid']="An Error Has Occured!";

it's probably because you've just defined your $_SESSION variables, and so you're unable to use them. try using the $_POST variables in your SQL and see if that changes anything.

and, I would personally only bother storing the username/password once the user was actually logged in -- not when they were simply attempting to login.

Apparently I'm not the only one having this issue ... could it be linked to the issues listed here? http://php.net/manual/en/function.odbc-num-rows.php

that depends entirely on what issues you're actually referring to, seeing as how there are many issues listed in just the first 5 comments. I don't know what database you're using (though if I had to guess I would say MSSQL), but I do know that anything referring to prepared statements is not something you'd need to worry about seeing as how you're not using them.

since you were the one who read about these issues, did you not think to try out any of the possible solutions listed and see for yourself? ;)

my first suggestion would be to return a result for the following query rather than using odbc_num_rows() (this is, of course, assuming you're using MSSQL, though it may fix your problem with another DBMS):
SELECT COUNT(*) 'count' FROM ...
this means you'll actually need to fetch a result, however, and store $row['count'] in $count (if you wish).

really, though, you never got around to answering any of the questions I had above. doing all of this on your own should help you narrow down the problem -- if $count is currently not returning as -1 and is returning as 0 or 1, then it would be something else entirely.

I have cured the issue!

The issue seemed to be resolved by removing this ...

if ($_SESSION['_TO'] != 'staff')
{
$_SESSION['_FROM']='staff';
header('Location: ../config.php');
}
elseif ($_SESSION['_TO'] == 'staff')
{

I had forgotten that I didnt need this anymore ... :eek2:

So now my code reads like this ...

<?php
session_start();

$log = $_GET['mode'];

$username = $_POST["username"];
$password = $_POST["password"];

if ($log == "login")
{
$conn=odbc_connect($_SESSION['base_source'],$_SESSION['db_user'],$_SESSION['db_pass']);
if (!$conn)
{
exit ($_SESSION['userrecid']="Connection Failed!");
}

$sql="SELECT COUNT(*) AS COUNT FROM (SELECT Users.\"NAME\", Users.\"PASSWORD\", Logon.\"STATUS\" FROM Users LEFT OUTER JOIN Logon ON Logon.\"USER\" = Users.\"NAME\" WHERE \"NAME\"='".$username."' and \"PASSWORD\"='".$password."') AS RESULT";

$rs=odbc_exec($conn,$sql);
if (!$rs)
{
exit ($_SESSION['userrecid']="Error in SQL!");
}
$count=0;

$count=odbc_result($rs,1);
odbc_close($conn);

if($count==1)
{
$conn2=odbc_connect($_SESSION['base_source'],$_SESSION['db_user'],$_SESSION['db_pass']);
$sql2="SELECT Users.\"NAME\", Users.\"PASSWORD\", Logon.\"STATUS\" FROM Users LEFT OUTER JOIN Logon ON Logon.\"USER\" = Users.\"NAME\" WHERE \"NAME\"='".$username."' and \"PASSWORD\"='".$password."'";

$rs2=odbc_exec($conn2,$sql2);
if (!$rs2)
{
exit ($_SESSION['userrecid']="Error in SQL!");
}
$status=0;
$status=odbc_result($rs2,3);

if($status==1)
{
$_SESSION['userrecid']="This user is already logged into inspHire!";
header("location: ./ ");
}
elseif($status==0)
{
$sql3="UPDATE LOGON SET \"STATUS\"=1 WHERE \"USER\"='".$username."'";
$rs3=odbc_exec($conn,$sql3);

$_SESSION['_EXEC']=1;
$_SESSION['_UserID']=$username;
header("location: ./staff-gateway.php");
}
odbc_close($conn);
}
elseif($count==0)
{
$_SESSION['userrecid']="An Error Has Occured!";
header("location: ./ ");
}
odbc_close($conn);
}
elseif ($log == "logout")
{
$conn=odbc_connect($_SESSION['base_source'],$_SESSION['db_user'],$_SESSION['db_pass']);
if (!$conn)
{exit("Connection Failed!");}

$sql="UPDATE LOGON SET \"STATUS\"=0 WHERE \"USER\"='".$_SESSION['_UserID']."'";
$rs=odbc_exec($conn,$sql);

odbc_close($conn);

unset($_SESSION['_EXEC']);
session_destroy();
header('Location: ../');
}

?>

Thanks to everyone for their help! :) much appreciated

That is great that you managed to solve the problem! Also, since you have fixed the problem don't forget to append "Resolved" to the thread title by editing the first post and selecting "Mark thread Resolved" from the Thread tools drop-down menu or clecking go advanced while in edit mode and manually change the thread title.