Activated Not Working

[kirbyweb]

This is only part of the activation I am doing so do not say it is not finished.

<?phpsession_start();if (isset($_POST['username']) and isset($_POST['password'])) {  $connect = mysql_connect('_____.byethost5.com', '_____', '_____') or die('Couldn\'t connect!');  mysql_select_db('__________') or die('Couldn\'t find db');  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);  $activated = [activated];  if ($activated=='0')   {	 die("Your account is not yet activated. Please check your email.");	 exit();}$password = md5($password);  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");  if (mysql_num_rows($query) == 1) {	echo 'You\'re in! <a href="member.php">Click Here</a>';	$_SESSION['username']=$username;  } else echo 'Incorrect username/password!';} else die('User/pass not POSTed!');?>

Now when I try this it keeps saying you are successfully logged in, but it is suppose to say, your account is not yet activated.Does anyone know why and can anyone help me thanks.

[Synook]

Are you missing something on this line?

$activated = [activated];

[kirbyweb]

Am I?

[justsomeguy]

Since "[activated]" is not valid PHP syntax, I would say yeah, you're missing something. That should also give you a syntax error, you should be seeing an error message for that. If you're not seeing an error message you need to make sure that PHP is configured to show them to you.

[kirbyweb]

I will try and make it so it shows errors but can you tell me what I am missing?

[Synook]

Err, well, currently it doesn't make sense, both syntactically as JSG said and in a logical sense - maybe you wanted to check their activation status in the database or something?

[kirbyweb]

well how do I fix the code? What am I missing.

[justsomeguy]

well how do I fix the code? What am I missing.

That's sort of up to you, it depends what you want the script to do. Is $activated a value that gets submitted from the form? Is it a field in the database that you need to check? This is your script, you should know what you're trying to do.

[kirbyweb]

It is suppose check the database to see if the user has activated its account, if in the database it says 0 then it is suppose to display the message.

[justsomeguy]

OK, then you need to replace the part that sets and checks $activated so that it gets it out of the database. It should be obvious to you that doing this:$activated = [activated];is not going to get the value from the correct row in the correct table in the correct database.Since you're already selecting everything from the database anyway it would make sense to move that code to check the activation status after the code that gets the record from the database.

[kirbyweb]

Well I am new to php so what should I do?If I wanted to keep the code where it is, what would I change the code to?

[justsomeguy]

I'll tell you what the steps are, and you can determine if you want duplicate code or if you'd rather move code around so that you don't need to duplicate anything.In order to connect to the database and get the 'activated' field for the row corresponding to the entered username:1. Connect to the database server using mysql_connect2. Select the database to use using mysql_select_db3. Send a query to the database to get the appropriate row corresponding to the entered username using mysql_query4. Get the row array from the result using mysql_fetch_assoc5. Check if the result actually returned a row or if the result was empty (the username wasn't found) - mysql_fetch_assoc will return a value of false instead of an array if the result set has no results6. Get the activated field from the row arrayYou're already using mysql_connect, mysql_select_db, and mysql_query to get the row in the database. So it would make sense to move your activation code after you get the row from the database so that you don't need to get the row from the database twice. You can find the references for each of those functions in the PHP manual or the PHP section of the w3schools site.

[kirbyweb]

so add the fetch, and move the code under the database get code?

[justsomeguy]

The code is using mysql_query to get the record and then it uses mysql_num_rows to see if a record was returned. So inside that if statement you can add a call to mysql_fetch_assoc to get the record from the result, and then check the activated field in the record before you store the username in the session and whatever else.http://www.php.net/manual/en/function.mysql-fetch-assoc.php

[kirbyweb]

I cannot figure it out, I should be able to can you just edit my code and fix it please.

[justsomeguy]

You posted that message 3 minutes after I posted mine. This stuff takes more than 3 minutes to figure out, I'm not going to do your work for you.

[kirbyweb]

Well can you explain more so it is easier.

[justsomeguy]

Read post 12 again and tell me which of those steps you're having problems with, post the code you're working with if possible.

[kirbyweb]

45and 6Those are what I am having trouble with.

[justsomeguy]

Check the manual page for mysql_fetch_assoc, there are examples there to show how it's used. If you put this code inside the if statement you can skip step 5, if it's in the if statement then you've already checked if the query returned records and don't need to do it again. As for checking the value, if you save the row from mysql_fetch_assoc in the $row variable, then $row['activated'] will contain the activated field that you want to check.

[kirbyweb]

<?phpsession_start();if (isset($_POST['username']) and isset($_POST['password'])) {  $connect = mysql_connect('_______', '_________', '______') or die('Couldn\'t connect!');  mysql_select_db('_______') or die('Couldn\'t find db');  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'";  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);  while ($row = mysql_fetch_assoc($query)) {  $activated = $row['activated'];}  if ($activated=='0')   {	 die("Your account is not yet activated. Please check your email.");	 exit();}  $password = md5($password);  if (mysql_num_rows($query) == 1) {	echo 'You\'re in! <a href="member.php">Click Here</a>';	$_SESSION['username']=$username;  } else echo 'Incorrect username/password!';} else die('User/pass not POSTed!');?>

Did I do it right? the screen comes up blank. Tell or show me what I have to fix.

[kirbyweb]

Anyone there?

[justsomeguy]

the screen comes up blank

Do you still have error messages disabled? You should set display_errors to on, html_errors to on, and error_reporting to E_ALL in the PHP options. It's not going to help you if PHP isn't showing error messages.You don't need the while loop. A while loop will loop over every record in the result. If the result only has 1 record there's no reason to loop over it. You can just use this line to get the one record:$row = mysql_fetch_assoc($query);Like I said before, that line should be inside the if statement where you check that 1 record was returned. After that line you can add your if statement to check if they're activated before you print the link and put the username in the session.Your query statements are also not in the right order, look at the order you have these lines in:

  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'";  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);...$password = md5($password);

So you run the query first, then you escape all the variables that you just used in the query, then you hash the password. You need to hash the password first, then escape everything, then run the query. It's not necessary to escape a password that has already been hashed.

[kirbyweb]

<?phpsession_start();if (isset($_POST['username']) and isset($_POST['password'])) {$password = md5($password);  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);  $row = mysql_fetch_assoc($query); {  $activated = $row['activated'];}  if ($activated=='0')  {	 die("Your account is not yet activated. Please check your email.");	 exit();}    $connect = mysql_connect('______', '_______', '______') or die('Couldn\'t connect!');  mysql_select_db('________') or die('Couldn\'t find db');  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");  if (mysql_num_rows($query) == 1) {	echo 'You\'re in! <a href="member.php">Click Here</a>';	$_SESSION['username']=$username;  } else echo 'Incorrect username/password!';} else die('User/pass not POSTed!');?>

Like this?

[justsomeguy]

It looks like you're moving around code without looking at the code. Now you have this line near the start:$row = mysql_fetch_assoc($query);But you don't send the query until several lines later. You're trying to get the row before you've even sent the query.You can replace this line:$password = mysql_real_escape_string($_POST['password']);With this:$password = md5($_POST['password']);And delete the other line that hashes the password, this is the only line you need to get the password from post and hash it.This is the if statement I'm talking about in my other posts:if (mysql_num_rows($query) == 1) {Your code to get the row and check the activated field needs to go inside that if statement.