Jump to content

Annoying little activation login code -.-'


Noskiw

Recommended Posts

<?php

$username = $_POST['username'];
$password = $_POST['password'];
$id = $_GET['id'];

echo "<br />";

if ($_POST['submit']) {
    if ($username && $password) {
        $sql = "SELECT * FROM users WHERE username='" . $username . "'";
        $res = mysql_query($sql) or die(mysql_error());
        $sql2 = "SELECT activated FROM users WHERE id='".$id."'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        
        while($row2 = mysql_fetch_assoc($res2)){
            if ($row2['activated'] == 0) {
                echo "<p align='left>Your account is not yet active. Please check your email!</p>";
            }
        }

            $numrows = mysql_num_rows($res);

            if ($numrows != 0) {
                while ($row = mysql_fetch_assoc($res)) {
                    $dbusername = $row['username'];
                    $dbpassword = $row['password'];
                    $acti = $row['activated'];

                    $dbfirstname = $row['first name'];
                    $dblastname = $row['last name'];
                    $id = $row['id'];
                }

                if ($username == $dbusername && md5($password) == $dbpassword) {
                    $_SESSION['username'] = $username;
                    $_SESSION['first name'] = $dbfirstname;
                    $_SESSION['last name'] = $dblastname;
                    $_SESSION['id'] = $id;
                    echo "You're now <b>Logged In</b> Click <b><a href='index.php'>here</a></b> to return to the index!";
                } else {
                    echo "Incorrect password!";
                }

            } else {
                echo "That user <b>doesn't</b> exist!";
            }

        }
    } else {
        echo "Please <b>enter</b> a username and a password!";
}

if (!$_POST['submit']) {

?>

<form action="index.php?p=login" method="POST">

    <table>
    
        <h1>Login</h1>
        
        <tr><td>Username: </td><td><input type="text" name="username" /></td></tr>
        <tr><td>Password: </td><td><input type="password" name="password" /></td></tr>
        <tr><td><input type="submit" name="submit" value="Login" /></td></tr>
    
    </table>

</form>

<?php

}

?>

 

This is my login script... Now the....

 

$sql2 = "SELECT activated FROM users WHERE id='".$id."'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        
        while($row2 = mysql_fetch_assoc($res2)){
            if ($row2['activated'] == 0) {
                echo "<p align='left>Your account is not yet active. Please check your email!</p>";
            }
        }

 

Part is annoying me hugely because It won't let me bar the user from logging in if they haven't activated their account via email... Any thoughts?

Link to comment
https://forums.phpfreaks.com/topic/209040-annoying-little-activation-login-code/
Share on other sites

Basically, in my database, there are 2 fields, random, and activated. The "random" field is the unique code that the user recieves in their e-mail upon registering to activate their account, and the "activated" column has a default value of "0", and when activated via email, it is then supposed to allow them to log in by changing the value to "1". But if the user attempts to log in, it lets them in anyway. :(

There's nothing stopping the rest of the code from executing if the value is 0. Basically, it's working exactly as written.

 

while($row2 = mysql_fetch_assoc($res2)){
               $active = $row2['active']
}
// only allow script to continue to login if $active != 0;
if( $active == 0 ) {
      echo 'You haven\'t confirmed yourmembership, whatever, yada, yada';
} else {
     // continue login 
}

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.