From 08f5d641791df465d6a4c83d1610c46e410e5958 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 11 Dec 2007 19:13:11 +0000 Subject: [PATCH] Fix the login so it authenticates on the right record -- there is probably other stuff wrong if this is happening, but this is the easiest fix for now. There should never be two records in the `users` table with the same username/emailaddress, it should use the multi-role stuff... but this change will also work with multi-role anyways once the cause of this is fixed (registering as a volunteer when you're already a committee member creates a new record in the users table, instead of attaching you to the old one). --- user_login.php | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/user_login.php b/user_login.php index f62216f..cfa09bb 100644 --- a/user_login.php +++ b/user_login.php @@ -26,7 +26,7 @@ require_once("common.inc.php"); require_once("user.inc.php"); - function try_login($user, $pass) + function try_login($user, $pass, $type=null) { /* Ensure sanity of inputs, user should be an email address, but it's stored * in the username field */ @@ -40,10 +40,12 @@ //$x = user_valid_password($pass); if(!strlen($pass)) return false; + if($type) $typequery=" AND types LIKE '%$type%'"; else $typequery=""; $q = mysql_query("SELECT id,username,password FROM users WHERE username='$user' + $typequery AND deleted='no'"); echo mysql_error(); if(mysql_num_rows($q) != 1) return false; @@ -101,7 +103,7 @@ { if($_POST['pass'] && $_POST['user']) { - $id = try_login($_POST['user'], $_POST['pass']); + $id = try_login($_POST['user'], $_POST['pass'],$type); if($id == false) { header("location: user_login.php?type=$type¬ice=login_failed"); exit;