Jump to content

Activated Not Working


kirbyweb
 Share

Recommended Posts

This is only part of the activation I am doing so do not say it is not finished.

<?phpsession_start();if (isset($_POST['username']) and isset($_POST['password'])) {  $connect = mysql_connect('_____.byethost5.com', '_____', '_____') or die('Couldn\'t connect!');  mysql_select_db('__________') or die('Couldn\'t find db');  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);  $activated = [activated];  if ($activated=='0')   {	 die("Your account is not yet activated. Please check your email.");	 exit();}$password = md5($password);  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");  if (mysql_num_rows($query) == 1) {	echo 'You\'re in! <a href="member.php">Click Here</a>';	$_SESSION['username']=$username;  } else echo 'Incorrect username/password!';} else die('User/pass not POSTed!');?>

Now when I try this it keeps saying you are successfully logged in, but it is suppose to say, your account is not yet activated.Does anyone know why and can anyone help me thanks.

Link to comment
Share on other sites

Since "[activated]" is not valid PHP syntax, I would say yeah, you're missing something. That should also give you a syntax error, you should be seeing an error message for that. If you're not seeing an error message you need to make sure that PHP is configured to show them to you.

Link to comment
Share on other sites

Err, well, currently it doesn't make sense, both syntactically as JSG said and in a logical sense - maybe you wanted to check their activation status in the database or something?

Edited by Synook
Link to comment
Share on other sites

well how do I fix the code? What am I missing.
That's sort of up to you, it depends what you want the script to do. Is $activated a value that gets submitted from the form? Is it a field in the database that you need to check? This is your script, you should know what you're trying to do.
Link to comment
Share on other sites

OK, then you need to replace the part that sets and checks $activated so that it gets it out of the database. It should be obvious to you that doing this:$activated = [activated];is not going to get the value from the correct row in the correct table in the correct database.Since you're already selecting everything from the database anyway it would make sense to move that code to check the activation status after the code that gets the record from the database.

Link to comment
Share on other sites

I'll tell you what the steps are, and you can determine if you want duplicate code or if you'd rather move code around so that you don't need to duplicate anything.In order to connect to the database and get the 'activated' field for the row corresponding to the entered username:1. Connect to the database server using mysql_connect2. Select the database to use using mysql_select_db3. Send a query to the database to get the appropriate row corresponding to the entered username using mysql_query4. Get the row array from the result using mysql_fetch_assoc5. Check if the result actually returned a row or if the result was empty (the username wasn't found) - mysql_fetch_assoc will return a value of false instead of an array if the result set has no results6. Get the activated field from the row arrayYou're already using mysql_connect, mysql_select_db, and mysql_query to get the row in the database. So it would make sense to move your activation code after you get the row from the database so that you don't need to get the row from the database twice. You can find the references for each of those functions in the PHP manual or the PHP section of the w3schools site.

Link to comment
Share on other sites

The code is using mysql_query to get the record and then it uses mysql_num_rows to see if a record was returned. So inside that if statement you can add a call to mysql_fetch_assoc to get the record from the result, and then check the activated field in the record before you store the username in the session and whatever else.http://www.php.net/manual/en/function.mysql-fetch-assoc.php

Link to comment
Share on other sites

Check the manual page for mysql_fetch_assoc, there are examples there to show how it's used. If you put this code inside the if statement you can skip step 5, if it's in the if statement then you've already checked if the query returned records and don't need to do it again. As for checking the value, if you save the row from mysql_fetch_assoc in the $row variable, then $row['activated'] will contain the activated field that you want to check.

Link to comment
Share on other sites

<?phpsession_start();if (isset($_POST['username']) and isset($_POST['password'])) {  $connect = mysql_connect('_______', '_________', '______') or die('Couldn\'t connect!');  mysql_select_db('_______') or die('Couldn\'t find db');  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'";  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);  while ($row = mysql_fetch_assoc($query)) {  $activated = $row['activated'];}  if ($activated=='0')   {	 die("Your account is not yet activated. Please check your email.");	 exit();}  $password = md5($password);  if (mysql_num_rows($query) == 1) {	echo 'You\'re in! <a href="member.php">Click Here</a>';	$_SESSION['username']=$username;  } else echo 'Incorrect username/password!';} else die('User/pass not POSTed!');?>

Did I do it right? the screen comes up blank. Tell or show me what I have to fix.

Edited by kirbyweb
Link to comment
Share on other sites

the screen comes up blank
Do you still have error messages disabled? You should set display_errors to on, html_errors to on, and error_reporting to E_ALL in the PHP options. It's not going to help you if PHP isn't showing error messages.You don't need the while loop. A while loop will loop over every record in the result. If the result only has 1 record there's no reason to loop over it. You can just use this line to get the one record:$row = mysql_fetch_assoc($query);Like I said before, that line should be inside the if statement where you check that 1 record was returned. After that line you can add your if statement to check if they're activated before you print the link and put the username in the session.Your query statements are also not in the right order, look at the order you have these lines in:
  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'";  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);...$password = md5($password);

So you run the query first, then you escape all the variables that you just used in the query, then you hash the password. You need to hash the password first, then escape everything, then run the query. It's not necessary to escape a password that has already been hashed.

Link to comment
Share on other sites

<?phpsession_start();if (isset($_POST['username']) and isset($_POST['password'])) {$password = md5($password);  $username = mysql_real_escape_string($_POST['username']);  $password = mysql_real_escape_string($_POST['password']);  $row = mysql_fetch_assoc($query); {  $activated = $row['activated'];}  if ($activated=='0')  {	 die("Your account is not yet activated. Please check your email.");	 exit();}    $connect = mysql_connect('______', '_______', '______') or die('Couldn\'t connect!');  mysql_select_db('________') or die('Couldn\'t find db');  $query = mysql_query("SELECT * FROM users WHERE username = '$username' AND password = '$password'");  if (mysql_num_rows($query) == 1) {	echo 'You\'re in! <a href="member.php">Click Here</a>';	$_SESSION['username']=$username;  } else echo 'Incorrect username/password!';} else die('User/pass not POSTed!');?>

Like this?

Link to comment
Share on other sites

It looks like you're moving around code without looking at the code. Now you have this line near the start:$row = mysql_fetch_assoc($query);But you don't send the query until several lines later. You're trying to get the row before you've even sent the query.You can replace this line:$password = mysql_real_escape_string($_POST['password']);With this:$password = md5($_POST['password']);And delete the other line that hashes the password, this is the only line you need to get the password from post and hash it.This is the if statement I'm talking about in my other posts:if (mysql_num_rows($query) == 1) {Your code to get the row and check the activated field needs to go inside that if statement.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...