What I am trying to do: I am trying to log in using jquery and php and trying to register each log in and logout in a mysql table called logs.
Problem: Everytime I log in only the random session_id, login_time and logout_time are getting registered but username and fullname are not getting registered. (NOTE: I havent done anything for the ip_address so I am not talking about it)
I would also like to know the drawbacks/ flaws that are present on the scripts and how to rectify them.
Thanks in advance.
JQuery
<script>
$(document).ready(function() {
$('#loggedin').click(function() {
var username=$("#username").val();
var password=$("#password").val();
//var hidden=$('#form_name').val();
var dataString = 'username='+username+'&password='+password;
if($.trim(username).length>0 && $.trim(password).length>0){
$.ajax({
type: "POST",
url: "scripts/testlogin.php",
data: dataString,
cache: false,
beforeSend: function(){
$("#loggedin").val('Connecting...');
},
success: function(data){
if(data){
//alert(data);
window.location.href="./home.php";
}
else
{
//alert(data);
//$('#box').shake();
$("#loggedin").val('Log In')
$("#error").html("<span style='color:#cc0000'>Error:</span> Invalid username and password. ");
}
}
});
}
return false;
});
});
</script>
PHP(login)
<?php
include 'connect.php';
include 'f_userTrack.php';
//if ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['form_name'] == 'loginform')
if (isset($_POST['password']) && isset($_POST['username']))
{
$found = false;
$error = '';
$fullname = '';
$sessid = rand();
$session_timeout = 600;
$password = $_POST['password'];
$sql = "SELECT salt, password, firstname, lastname, account_status FROM users WHERE username = '".mysqli_real_escape_string($db, $_POST['username'])."'";
$result = mysqli_query($db, $sql);
/* if(!$result){
printf("Error:%s
", mysqli_error($db));
exit();
}*/
if ($data = mysqli_fetch_array($result))
{
$salt = $data['salt'];
$crypt_pass = hash('sha256', $salt.$password);
if ($crypt_pass == $data['password'] && $data['account_status'] != 0)
{
$found = true;
$fullname = $data['firstname'].' '.$data['lastname'];
}
}
mysqli_close($db);
if($found == false)
{
//$error = "Username or Password is incorrect! Try again.";
//header('Location: login.php');
//exit;
}
else
{
if (session_id() == "")
{
session_start();
userLogin($sessid); //Registering the login
echo '1';
}
$_SESSION['username'] = $_POST['username'];
$_SESSION['fullname'] = $fullname;
$_SESSION['session_id'] = $sessid;
$_SESSION['expires_by'] = time() + $session_timeout;
$_SESSION['expires_timeout'] = $session_timeout;
$rememberme = isset($_POST['rememberme']) ? true : false;
if ($rememberme)
{
setcookie('username', $_POST['username'], time() + 3600*24*30);
setcookie('password', $_POST['password'], time() + 3600*24*30);
}
//header('Location: home.php');
//exit;
}
}
$username = isset($_COOKIE['username']) ? $_COOKIE['username'] : '';
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : '';
?>
f_userTrack
<?php
//Tracks user log in
function userLogin($session_id){
include 'connect.php';
if (isset($_SESSION['username']))
{
$loggedusername = $_SESSION['username'];
$fullname = $_SESSION['fullname'];
}
$sessid = $session_id;
$sql = "INSERT `logs` (`session_id`, `fullname`, `username`, `ip_address`, `login_time`,`logout_time`) VALUES ('$sessid', '$fullname', '$loggedusername', '', NOW(), '')";
$result = mysqli_query($db, $sql);
mysqli_close($db);
}
//Tracks user log out
function userLogout(){
include 'connect.php';
if (isset($_SESSION['session_id']))
{
$usersessionid = $_SESSION['session_id'];
}
$sql = "UPDATE `logs` SET `logout_time` = NOW() WHERE `session_id` = '$usersessionid'";
$result = mysqli_query($db, $sql);
mysqli_close($db);
}
?>
