jpslcut

Thanks Keith and everyone. The problem was that I specified a certain length string for a password in my script and then in mysql database I never specified enough characters for the password and so it always returned a truncated value which of course never matched because of the length. And all of this because I somebody told me godaddy never allows passwords of greater than 14 characters. Thanks again problem solved

SHA1('abcdefg') 2fb5e13419fc89246865e7a324f476ec624e8740 is the returned value however godaddy only allows passwords of 14 characters long so I edited that field to 14 The value of "pass" in the database when I display it is only 2fb5e13419fc89 which is many characters short of the value the database returned. But even before I changed that it still didn't work. Thank you so much for your help. joseph

Keith the result of phpmyadmin, I entered: SELECT SHA1('abcdefg') It returned: Showing rows 0 - 0 (1 total, Query took 0.0003 sec) I so appreciate the solution I know is coming next for I already suspected version mismatch or some strange setting or other thing godaddy does differently than everyone else in mysql. But I have played with every different combination of settings with no results already and probably just need to change something in the script. The call in the script that mentions SHA1 is as follows: In register.php: // Add the user to the database: $q = "INSERT INTO users (email, pass, first_name, last_name, active, registration_date) VALUES ('$e', SHA1('$p'), '$fn', '$ln', '$a', NOW() )"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); And in Login.php: // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); These are the only two places in my script that mention SHA1 Thank you so much for your hard work here fixing everyones problems. I hope that soon I can contribute likewise as I am able to learn. joseph

SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com') AND active IS NULL returns: Showing rows 0 - 0 (1 total, Query took 0.0004 sec) SELECT user_id, first_name, user_level FROM users WHERE (pass=SHA1('abcdefg')) AND active IS NULL returns: MySQL returned an empty result set (i.e. zero rows). (Query took 0.0003 sec) SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) returns: MySQL returned an empty result set (i.e. zero rows). (Query took 0.0004 sec) But the record is there as follows: user_id first_name last_name email pass 6 joseph Pratt josephopratt@gmail.com 2fb5e13419fc89 user_level active registration_date 0 NULL 2009-08-04 09:13:21 I so appreciate your help. joseph

I solved the redirection issue by correcting an address in a file. In phpmyadmin, every time in I run: SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) AND active IS NULL I get MySQL returned an empty result set (i.e. zero rows). (Query took 0.0004 sec) The other values seem to be echoing as: [dbc] => mysqli Object // which is $dbc and I don't know what it is or how to determine its value ( ) [e] => josephopratt@gmail.com // which is $e [p] => abcdefg // which would be my password in text form [q] => SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) AND active IS NULL // which is of course what I used to query [r] => mysqli_result Object // Which would be $r and I don't know what this is or how to tell its value ( ) Thank you so very much for your time and effort. It's very much appreciated joseph

After line 24 I echoed out the value of $q. It echoed correctly as follows: SELECT user_id, first_name, user_level FROM users WHERE (email='josephopratt@gmail.com' AND pass=SHA1('abcdefg')) AND active IS NULL But I have noticed something else that seems amiss. On the code that is emailed on which the user must click to activate his account is as follows: http://www.myexam.info/login/activate.php?x=josephopratt%40gmail.com&y=13f42d8cb5afcc24cd63ce84e7e28d1a And when I click on that it does indeed take me to some page. But I do not have a "login" directory on my server. Yet the page appears. And when I remove the "login" and point to the file I know exists, which is "activate.php" in my root directory, I get the error message contained inside the file "activate.php" Your account could not be activated. Please re-check the link or contact the system administrator. How can a page that does not exist be displayed through a link that points to nothing? Thanks again for your help. I appreciate the time you spend doing things like this and I intend to do the same as I am able. joseph

After working at it for several hours I have to admit I haven't been able to accomplish the task you gave me. I don't know how to "use the SQL echoed out (with the email address and password) in phpadmin. But from all the querys I have been able to do, it does seem to be returning the correct information. All of the active fields are set to NULL. Its a script I got from easykiss123.com from a tutorial to set up username and password registration before granting access to password protected pages on my site. I wrote to them several times this last week and got no answer except they did remove the links to the tutorial. Thats why I turned to this website to see if I can get it to work. One of the main reasons behind me doing this myself is the learning process. I hope you will bear with me Keith, I'm not the sharpest tool in the shed.

I printed out the value of '$q' and it showed the correct username and password. I then went to phpadmin and executed the same line of code that is included in the error message below. Error SQL query: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL" MySQL said: #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '$q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pa' at line 1 Also I can see that none of the data in the 'active' column is set to NULL, and when I did change that setting it still made no difference. thanks again joseph

I feel like an idiot, but I posted the code from a file I was experimenting with and I cannot see a way to modify my first post. So please ignore the code in the first post and use this code instead. The offending code results in line 38 being printed to the screen and the users account not being activated. I think godaddy's default settings are returning the password in a format that cannot be read by my script. Or that I am not comparing the input password with the one in the database correctly. Thank you so much for your patience with me. joseph 1 <?php # Script 16.8 - login.php 2 // This is the login page for the site. 3 require_once ('includes/config.inc.php'); 4 $page_title = 'Login'; 5 include ('includes/header.html'); 6 if (isset($_POST['submitted'])) { 7 require_once (MYSQL); 8 // Validate the email address: 9 if (!empty($_POST['email'])) { 10 $e = mysqli_real_escape_string ($dbc, $_POST['email']); 11 } else { 12 $e = FALSE; 13 echo '<p class="error">You forgot to enter your email address!</p>'; 14 } 15 // Validate the password: 16 if (!empty($_POST['pass'])) { 17 $p = mysqli_real_escape_string ($dbc, $_POST['pass']); 18 } else { 19 $p = FALSE; 20 echo '<p class="error">You forgot to enter your password!</p>'; 21 } 22 if ($e && $p) { // If everything's OK. 23 // Query the database: 24 $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; 25 $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); 26 if (@mysqli_num_rows($r) == 1) { // A match was made. 27 // Register the values & redirect: 28 $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 29 mysqli_free_result($r); 30 mysqli_close($dbc); 31 32 $url = BASE_URL . 'index.php'; // Define the URL: 33 ob_end_clean(); // Delete the buffer. 34 header("Location: $url"); 35 exit(); // Quit the script. 36 37 } else { // No match was made. 38 echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; 39 } 40 } else { // If everything wasn't OK. 41 echo '<p class="error">Please try again.</p>'; 42 } 43 44 mysqli_close($dbc); 45 46 } // End of SUBMIT conditional. 47 ?> <h1>Login</h1> <p>Your browser must allow cookies in order to log in.</p> <form action="login.php" method="post"> <fieldset> <p><b>Email Address:</b> <input type="text" name="email" size="20" maxlength="40" /></p> <p><b>Password:</b> <input type="password" name="pass" size="20" maxlength="20" /></p> <div align="center"><input type="submit" name="submit" value="Login" /></div> <input type="hidden" name="submitted" value="TRUE" /> </fieldset> </form> <?php // Include the HTML footer. include ('includes/footer.html'); ?>

I have what should be a simple script. I am using MySQL 3.23.32. Basically the user comes to my website (myexam.info) and registers. Then a confirmation email is sent. He opens it and clicks on link to activate his account. That link takes him to a login page here he types his email and password. Then the error message: An error occurred in script '/home/content/l/a/s/lastinghearts/html/login.php' on line 33: Object of class mysqli_result could not be converted to string Here is the offending code: // Query the database: $q = "SELECT user_id, first_name, user_level FROM users WHERE (email='$e' AND pass=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); echo '<p class="error">Before r</p>'; echo "$r"; // I added this line echo '<p class="error">After r</p>'; echo '<p class="error">Query worked</p>'; // I added this line if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'index.php'; // Define the URL: ob_end_clean(); // Delete the buffer. header("Location: $url"); echo '<p class="error">A match was made</p>'; exit(); // Quit the script. } else { // No match was made. echo '<p class="error">Either the email address and password entered do not match those on file or you have not yet activated your account.</p>'; } } else { // If everything wasn't OK. echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } // End of SUBMIT conditional. ?> My server is godaddy.com. I think their default settings have something to do with this problem. Any help would be greatly appreciated. I promise that after I am more proficient I will contribute what I can to this forum. Thanks joseph