Jump to content
Larry Ullman's Book Forums

Recommended Posts

Hey Guys,

 

Hoping someone can help me with this script.  I'm banging my head against a wall and I suspect that the answer is staring at me in the face.

 

I'm using the script 12.2 with modifications:

 

I'm trying to, in addition to checking to see if form fields are filled out and there is a match to also running a query that selects a users expiry date (membership) and then compares is to the current date. If the current date is earlier than the expiry log in should proceed.  If the current date is later than the expiry date then I'm trying to add that message to the error array.

 

I've pasted the script below.  Thanks in advance! 

 

Steve

 

<?php # Script 12.2 - login_functions.inc.php
// This page defines two functions used by the login/logout process.

/* This function determines an absolute URL and redirects the user there.
 * The function takes one argument: the page to be redirected to.
 * The argument defaults to index.php.
 */
function redirect_user ($page = 'index.php') {

    // Start defining the URL...
    // URL is http:// plus the host name plus the current directory:
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
    
    // Remove any trailing slashes:
    $url = rtrim($url, '/\\');
    
    // Add the page:
    $url .= '/' . $page;
    
    // Redirect the user:
    header("Location: $url");
    exit(); // Quit the script.

} // End of redirect_user() function.


/* This function validates the form data (the email address and password).
 * If both are present, the database is queried.
 * The function requires a database connection.
 * The function returns an array of information, including:
 * - a TRUE/FALSE variable indicating success
 * - an array of either errors or the database result
 */
function check_login($dbc, $user_id = '', $pass = '') {

    $errors = array(); // Initialize error array.

    // Validate the user id:
    if (empty($user_id)) {
        $errors[] = 'You forgot to enter your user id.';
    } else {
        $u = mysqli_real_escape_string($dbc, trim($user_id));
    }

    // Validate the password:
    if (empty($pass)) {
        $errors[] = 'You forgot to enter your password.';
    } else {
        $p = mysqli_real_escape_string($dbc, trim($pass));
    }

    if (empty($errors)) { // If everything's OK.

        // Retrieve the user_id and first_name for that email/password combination:
        
        $q = "SELECT user_id, first_name FROM users WHERE user_id='$u' AND pass='$p'";        
        $r = @mysqli_query ($dbc, $q); // Run the query.
        
        // Check the result:
        if (mysqli_num_rows($r) == 1) {

            // Fetch the record:
            $row = mysqli_fetch_array ($r, MYSQLI_ASSOC);
    
            // Return true and the record:
            return array(true, $row);
            
        } else { // Not a match!
            $errors[] = 'The userid and password entered do not match those on file.';
        }
        
          // Retrieve the expiry date for that userid/password combination:
        
        $q2 = "SELECT expiry_date FROM users WHERE user_id='$u' AND pass='$p'";        
        $r2 = @mysqli_query ($dbc, $q2); // Run the query.
        
        //Check the expiry date against the current date:
    
        if (CURDATE() < $r2); {
        
            // Fetch the record:
            $row = mysqli_fetch_array ($r2, MYSQLI_ASSOC);
    
            // Return true and the record:
            return array(true, $row);
            
        } else { // Not a match!
            $errors[] = 'Your membership has expired. Please click here to renew.';
        }
        
    }// End of empty($errors) IF.

    // Return false and the errors:
    return array(false, $errors);
    }
 // End of check_login() function.

Link to comment
Share on other sites

Hi Hartley:

 

This is the relevant part that I'm trying to add on to the example script in the book. #12.2 

 

// Retrieve the expiry date for that userid/password combination:
        
        $q2 = "SELECT expiry_date FROM users WHERE user_id='$u' AND pass='$p'";        
        $r2 = @mysqli_query ($dbc, $q2); // Run the query.
       

//Check the expiry date against the current date:
    
        if (CURDATE() < $r2); {
        
    // Fetch the record:
            $row = mysqli_fetch_array ($r2, MYSQLI_ASSOC);
    
   // Return true and the record:
            return array(true, $row);
            
        } else { // Mebership Expired!
            $errors[] = 'Your membership has expired. Please click here to renew.';

}
 

Link to comment
Share on other sites

Just so you know, $r2 is not a date. It's a MySQLi results object. You need to first retrieve the date from the results object, then do the comparision.

 

Add the following code before your if statement, and you'll see what I mean:

echo '<pre>';
var_dump($r2);
echo '</pre>';
Link to comment
Share on other sites

I used $r2 as a result object to distinguish it from the $r used in the query above.  In the first part of the post where I posted the entire script you can see that I'm trying to use the script to not only check to see if the form fields are valid and then query the database to see if the record does exist but I also need to make sure the users expiry date is valid.  So I ran a second query and assigned it $q2 and the results $r2.  It's not working for me to say the least!

Link to comment
Share on other sites

Yes I think so.  What I've done is to modify the SQL statement including expiry_date in the SELECT and expiry_date > NOW() in the WHERE clause. 

 

It returns the error array but I can't figure out how to add the error "You membership has expired" to the array. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...