Annoying little activation login code -.-'

[Noskiw]

<?php

$username = $_POST['username'];
$password = $_POST['password'];
$id = $_GET['id'];

echo "<br />";

if ($_POST['submit']) {
    if ($username && $password) {
        $sql = "SELECT * FROM users WHERE username='" . $username . "'";
        $res = mysql_query($sql) or die(mysql_error());
        $sql2 = "SELECT activated FROM users WHERE id='".$id."'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        
        while($row2 = mysql_fetch_assoc($res2)){
            if ($row2['activated'] == 0) {
                echo "<p align='left>Your account is not yet active. Please check your email!</p>";
            }
        }

            $numrows = mysql_num_rows($res);

            if ($numrows != 0) {
                while ($row = mysql_fetch_assoc($res)) {
                    $dbusername = $row['username'];
                    $dbpassword = $row['password'];
                    $acti = $row['activated'];

                    $dbfirstname = $row['first name'];
                    $dblastname = $row['last name'];
                    $id = $row['id'];
                }

                if ($username == $dbusername && md5($password) == $dbpassword) {
                    $_SESSION['username'] = $username;
                    $_SESSION['first name'] = $dbfirstname;
                    $_SESSION['last name'] = $dblastname;
                    $_SESSION['id'] = $id;
                    echo "You're now <b>Logged In</b> Click <b><a href='index.php'>here</a></b> to return to the index!";
                } else {
                    echo "Incorrect password!";
                }

            } else {
                echo "That user <b>doesn't</b> exist!";
            }

        }
    } else {
        echo "Please <b>enter</b> a username and a password!";
}

if (!$_POST['submit']) {

?>

<form action="index.php?p=login" method="POST">

    <table>
    
        <h1>Login</h1>
        
        <tr><td>Username: </td><td><input type="text" name="username" /></td></tr>
        <tr><td>Password: </td><td><input type="password" name="password" /></td></tr>
        <tr><td><input type="submit" name="submit" value="Login" /></td></tr>
    
    </table>

</form>

<?php

}

?>

 

This is my login script... Now the....

 

$sql2 = "SELECT activated FROM users WHERE id='".$id."'";
        $res2 = mysql_query($sql2) or die(mysql_error());
        
        while($row2 = mysql_fetch_assoc($res2)){
            if ($row2['activated'] == 0) {
                echo "<p align='left>Your account is not yet active. Please check your email!</p>";
            }
        }

 

Part is annoying me hugely because It won't let me bar the user from logging in if they haven't activated their account via email... Any thoughts?

[Maq]

Sorry but what are you trying to do exactly?

[Noskiw]

Basically, in my database, there are 2 fields, random, and activated. The "random" field is the unique code that the user recieves in their e-mail upon registering to activate their account, and the "activated" column has a default value of "0", and when activated via email, it is then supposed to allow them to log in by changing the value to "1". But if the user attempts to log in, it lets them in anyway.

[Pikachu2000]

There's nothing stopping the rest of the code from executing if the value is 0. Basically, it's working exactly as written.

 

while($row2 = mysql_fetch_assoc($res2)){
               $active = $row2['active']
}
// only allow script to continue to login if $active != 0;
if( $active == 0 ) {
      echo 'You haven\'t confirmed yourmembership, whatever, yada, yada';
} else {
     // continue login 
}

[Noskiw]

Thanks so much, that worked perfectly