[SOLVED] user validation always displaying invalid ? please help

[Jnerocorp]

Hello,

 

I have 2 accounts and there is a field in mysql called validated it can be either "true" or "false"

 

I tried writing a code so when the user logs in if the user is validated meaning

$username = $_POST['username'];

$validated = true

$validation = a mysql query that selects validated from members where username = $username

 

$validated == $validation

 

and I have to accounts made

1 account username is "google" its validation is set to false

2nd account username is "jaydesigns" its validation is set to true

 

but when I login both come up as not validated

 

here is the page code:

 

<? 

include_once"config.php";
$final_report = "Please complete all the fields below..";
if(isset($_POST['login'])){
$username= trim($_POST['username']);
$password = trim($_POST['password']);
if($username == NULL OR $password == NULL){
$final_report = "Please complete all the fields below..";
}else{
$check_user_data = mysql_query("SELECT * FROM `members` WHERE `username` = '$username'") or die(mysql_error());
if(mysql_num_rows($check_user_data) == 0){
$final_report = "This username does not exist..";
}else{
$get_user_data = mysql_fetch_array($check_user_data);
if($get_user_data['password'] == $password){

$start_idsess = $_SESSION['username'] = "".$get_user_data['username']."";
$start_passsess = $_SESSION['password'] = "".$get_user_data['password']."";
$validation = mysql_query("SELECT validated FROM `members` WHERE `username` = '$username'") or die(mysql_error());
$validated = "true";
if($validation == $validated) {

$final_report ="You are now logged in $start_idsess ";

} else {

$final_report ="Your account is not validated $start_idsess, <br>
Please Activate your account from the email you recieved from us. <br><br>
If you did not recieve an email click <a href='./activate-send.php'>here</a> to resend the email <br><br>   You will be logged out Now";
session_unset('username');
session_unset('password');

}

?>
<meta http-equiv="Refresh" content="0; URL=./members.php">
<?php
}}}}
?> 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Funky Vision Membership Script</title>
</head>

<body><form action="" method="post"> 
<table width="312" align="center"> 
<tr><td colspan='2'><?php echo "$final_report" ?></td></tr><tr>
  <tr> 
    <td width="120">Username:</td> 
    <td width="180"><input type="text" name="username" size="30" maxlength="25"></td> 
  </tr> 
  <tr> 
    <td>Password:</td> 
    <td><input type="password" name="password" size="30" maxlength="25"></td> 
  </tr>
  <tr>
    <td> </td>
    <td><input type="submit" name="login" value="Login" /></td>
  </tr> 
</table> 

</form>
</body>
</html>

 

[.josh]

You said `validated` can be "true" or "false"; what field type is `validated` in your table?

[Jnerocorp]

well it depends on what account I log into:

 

if I log into account 1 its set to "true"

if i log into account 2 its set to "false"

 

these are just demo accounts where I have validated 1 and not the other

 

-John

[.josh]

I didn't ask you what values you had in your table. I asked you what the field type is.

[Jnerocorp]

oh sorry about that varchar(10)

[.josh]

ah okay I was making sure it wasn't an int or bool type because "true" != true

 

but I see your issue:

 

$validation = mysql_query("SELECT validated FROM `members` WHERE `username` = '$username'") or die(mysql_error());

 

$validation is a result source, so you are comparing $validated to a result source.  You need to use mysql_fetch_array to get the value of `validated`, just like how you did when comparing the passwords

 

[Jnerocorp]

Ohh ok thanks a bunch sir

 

-john