Eskimo887 Posted July 22, 2006 Share Posted July 22, 2006 My join form (which I'm guessing you're all farmiliar with now) now sends the user an activation code. This, when clicked sets the activation column on the table from 0 to 1. This bit works fine, however, when I get to logging in, obviously you don't want someone logging in you isn't activated, so I've used an IF statement as below:[code]/** * Checks to see if the user has submitted his * pid and password through the login form, * if so, checks authenticity in database and * creates session. */if(isset($_POST['sublogin'])){$l = mysql_connect ( "" , "" , "" ) or die("Error connecting: <br><br>".mysql_error());mysql_select_db( "" ) or die("Error getting db: <br><br>".mysql_error());$username = trim(addslashes($_POST['pid']));$password = md5(trim($_POST['password']));$query = mysql_query("SELECT * FROM roster WHERE pid = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());$row = mysql_fetch_array($query);// now we check if they are activatedif($row['Activated'] > 0){ /* Check that all fields were typed in */ if(!$_POST['pid'] || !$_POST['password']){ die('You didn\'t fill in a required field.'); } /* Spruce up pid, check length */ $_POST['pid'] = trim($_POST['pid']); if(strlen($_POST['pid']) > 30){ die("Sorry, the pid is longer than 30 characters, please shorten it."); } /* Checks that pid is in database and password is correct */ $md5pass = md5($_POST['password']); $result = confirmUser($_POST['pid'], $md5pass); /* Check error codes */ if($result == 1){ die('That pid doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /* pid and password correct, register session variables */ $_POST['pid'] = stripslashes($_POST['pid']); $_SESSION['pid'] = $_POST['pid']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his pid, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ //if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['pid'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); //} /* Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; return;}/* Sets the value of the logged_in variable, which can be used in your code */$logged_in = checkLogin();} else {echo "activation required";}?>[/code]This is just the part which runs when the user submits the form. Without the activation part, it runs fine and logs in the user. However, with the activation part, it will say "activation required" if they are not activted, but doesn't log in if they are, just refreshes the page and stays as a log in form.I think it's probably to do with misplacement of brackets, but I'm not sure where they should go. The entire login script is below:[code]<?/** * Checks whether or not the given pid is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */function confirmUser($pid, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $pid = addslashes($pid); } /* Verify that user is in database */ $q = "select password from roster where pid = '$pid'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates pid failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! pid and password confirmed } else{ return 2; //Indicates password failure }}/** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['pid'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* pid and password have been set */ if(isset($_SESSION['pid']) && isset($_SESSION['password'])){ /* Confirm that pid and password are valid */ if(confirmUser($_SESSION['pid'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['pid']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; }}/** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $logged_in; if($logged_in){ //$row2 = mysql_result($result, 0); ?><link href="images/mm_entertainment.css" rel="stylesheet" type="text/css" /><p align="center"><span class="pageName">Logged In!</span></p><p align="center"> Welcome <b><?php $pid=$_SESSION["pid"];$result = mysql_query("SELECT first_name FROM roster WHERE pid='$pid'"); if (!$result) { echo("<P>Error performing query: " . mysql_error() . "</P>"); exit(); } echo(mysql_result($result,0));//echo($_SESSION[pid]); ?></b>, you are logged in. <a href="logout.php">Logout</a> <?php } else{?></p></p><link href="images/mm_entertainment.css" rel="stylesheet" type="text/css" /><form action="" method="post"> <table align="left" border="0" cellspacing="0" cellpadding="3"><tr> <td colspan="2" class="pageName"><div align="center">Login</div></td> </tr><tr><td class="bodyText">Pilot ID:</td><td><input type="text" name="pid" maxlength="3" size="15"></td></tr><tr><td>Password:</td><td><input type="password" name="password" maxlength="20" size="15"></td></tr><tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr></table></form><? }}/** * Checks to see if the user has submitted his * pid and password through the login form, * if so, checks authenticity in database and * creates session. */if(isset($_POST['sublogin'])){$l = mysql_connect ( "" , "" , "" ) or die("Error connecting: <br><br>".mysql_error());mysql_select_db( "" ) or die("Error getting db: <br><br>".mysql_error());$username = trim(addslashes($_POST['pid']));$password = md5(trim($_POST['password']));$query = mysql_query("SELECT * FROM roster WHERE pid = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());$row = mysql_fetch_array($query);// now we check if they are activatedif($row['Activated'] > 0){ /* Check that all fields were typed in */ if(!$_POST['pid'] || !$_POST['password']){ die('You didn\'t fill in a required field.'); } /* Spruce up pid, check length */ $_POST['pid'] = trim($_POST['pid']); if(strlen($_POST['pid']) > 30){ die("Sorry, the pid is longer than 30 characters, please shorten it."); } /* Checks that pid is in database and password is correct */ $md5pass = md5($_POST['password']); $result = confirmUser($_POST['pid'], $md5pass); /* Check error codes */ if($result == 1){ die('That pid doesn\'t exist in our database.'); } else if($result == 2){ die('Incorrect password, please try again.'); } /* pid and password correct, register session variables */ $_POST['pid'] = stripslashes($_POST['pid']); $_SESSION['pid'] = $_POST['pid']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his pid, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ //if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['pid'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); //} /* Quick self-redirect to avoid resending data on refresh */ echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">"; return;}/* Sets the value of the logged_in variable, which can be used in your code */$logged_in = checkLogin();} else {echo "activation required";}?>[/code] Quote Link to comment Share on other sites More sharing options...
hackerkts Posted July 22, 2006 Share Posted July 22, 2006 I just wanna point out this[code]if($row['Activated'] > 0)[/code]Since you already set it to 0 = not activated and 1 = activated.You can change it to[code]if($row['Activated'] == 1)[/code] Quote Link to comment Share on other sites More sharing options...
Eskimo887 Posted July 22, 2006 Author Share Posted July 22, 2006 Hmm, tis odd.Perhaps the best way to show you what's going on is for you to see for yourself...[url=http://southerncrossairlines.ausvirtual.com/New%20Site/Complete/join2.php]http://southerncrossairlines.ausvirtual.com/New%20Site/Complete/join2.php[/url]This is my join page, feel free to go there and sign up. I suggest you sign up twice and activate only one of them to see what's happening.It is logging in the activated one know, and not logging in the unactivated one. But, if I have tried logging in when unacticated, I get the "activation required" at the top. If you then log in with the activated one, then try logging out, it gives a "headers already sent error", which you don't get if you don't try logging in with the unactivated one first.I know that seems complicated, but go to the link above and have a look for yourself. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.