not reading my password and username..

[dominic600]

so ive went over this thing a few times and i cant see what im doing wrong, after following the tutorial..

 

anyways i fixed a few errors, mainly spelling and syntax errors,  but for somereason on my when i go to activate the account, when i type my account and password in it says its incorrect...

 

<?php $title = "Trucks Profiles - Activate your account"?>
<?php require("styles/top.php"); ?>
<div id='full'>
<?php

$getcode = $_GET['code'];

$form = "<form action='activate.php' method='post'>

<table>
<tr>
<td>Activate Code:</td>
<td><input type='text' name='code' value='$getcode'></td>
</tr>
<tr>
<td>Username:</td>
<td><input type='text' name='username'></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='password'></td>
</tr>
<tr>
<td></td>
<td><input type='submit' name='submitbtn' value='Activate'></td>
</tr>
</table>
</form>";

if ($_POST['submitbtn']){
$code = strip_tags($_POST['code']);
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);

if ($code && $username && $password){
	if (strlen($code) == 25){
		$pass = md5(md5($password));
		require("scripts/connect.php");
		$query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'");

		$numrows = mysql_num_rows($query);
		if ($numrows == 1){

			$row = mysql_fetch_assoc($query);
			$dbcode = $row['code'];

			if ($code == $dbcode){
				mysql_query("UPDATE users SET active='1' WHERE username='$username'");
				echo "You are now active, you may now log in.";
			}
			else
				echo"Your Activation code is incorrect.";
		}
		else
			echo "Your Username and/or Password are incorrect.";
	}
	else
		echo "Invalid Code.";
}
else
	echo "You did not fill out all the fields.";
}
else
echo "$form";

?>
</div>

<?php require("styles/bottom.php"); ?>

 

 

[phpSensei]

Hi Dominic,

 

I don't know if this is correct or just a mistake, you hashed the password twice?

 

)$pass = md5(md5($password));

[dominic600]

yeah i did. the tutorial im following said to do that..

[voip03]

in u code

$getcode = $_GET['code'];
..
.
..
if ($code && $username && $password)...

$code variable should be $getcode

[voip03]

check all the $code variables

[dominic600]

i did and i canged them all to &getcode and still samething.

[AyKay47]

then your $password variable does not match your $pass variable..most likely because you are hashing the password twice, however this might not be what is causing this...output both variables and compare the values...

[phpSensei]

Dominic, are you using the same hash method when a user registers?

[dominic600]

yeah i have the md5 hash thing twice on activat and register.

 

but i have $pass  is $password == $repassword

 

but one problem i seen was i created 2 accounts 2 different emails and when i went into the database to look at them for some reason it made the passwords 'pass' when i did not input that for the passwords..

[trq]

If you are hashing the passwords properly you wont be able to read them at all.

[dominic600]

so even tho it just says 'pass' in the database its really not just 'pass'?

[AyKay47]

an MD5 hash will translate your string into a 32 character hash.. so if you are seeing "pass" in you db table in the password field then something is wrong there and we will need to look at that code first being beginning to try and fix this issue..

[dominic600]

Well theres my code that would put the password into the database. maybe the double md5 is whats messing it up?

 

 

<?php require("styles/top.php"); ?>
<div id='content'>
<div id='full'>

<?php

$form = "<form action='register.php' method='post'>
<table>
	<tr>
	<td></td>
	<td>Fields indicating <font color='red'>*</font> are require.</td>

</tr>

<tr>

<td>First Name:</td>

<td><input type='text' name='firstname'><font color='red'>*</font></td>

</tr>

 

<tr>

<td>Last Name:</td>

<td><input type='text' name='lastname'><font color='red'>*</font></td>

</tr>

 

<tr>

<td>Username:</td>

<td><input type='text' name='username'><font color='red'>*</font></td>

</tr>

 

<tr>

<td>E-mail:</td>

<td><input type='text' name='email'><font color='red'>*</font></td>

</tr>

 

<tr>

<td>Password:</td>

<td><input type='password' name='password'><font color='red'>*</font></td>

</tr>

 

<tr>

<td>Confirm Password:</td>

<td><input type='password' name='repassword'><font color='red'>*</font></td>

</tr>

 

<tr>

<td>Avatar:</td>

<td><input type='file' name='avatar'></td>

</tr>

 

<tr>

<td>Website:</td>

<td><input type='text' name='website'></td>

</tr>

 

<tr>

<td>Youtube User Name:</td>

<td><input type='text' name='youtube'></td>

</tr>

 

<tr>

<td>Bio:</td>

<td><textarea name='bio' cols='35' rows='5'></textarea></td>

</tr>

 

<tr>

<td></td>

<td><input type='submit' name='submitbtn' value='Register'></td>

</tr>

</table>

 

</form>";

 

if ($_POST['submitbtn']){

 

 

$firstname = strip_tags($_POST['firstname']);

$lastname = strip_tags($_POST['lastname']);

$username = strip_tags($_POST['username']);

$email = strip_tags($_POST['email']);

$password = strip_tags($_POST['password']);

$repassword = strip_tags($_POST['repassword']);

$website = strip_tags($_POST['website']);

$youtube = strip_tags($_POST['youtube']);

$bio = strip_tags($_POST['bio']);

 

$name = $_FILES['avatar'] ['name'];

$type = $_FILES['avatar'] ['type'];

$size = $_FILES['avatar'] ['size'];

$tmpname = $_FILES['avatar']['tmpname'];

$ext = substr($name, strrpos($name, '.'));

 

if ($firstname && $lastname && $username && $email && $password && $repassword){

if ($password == $repassword){

if (strstr($email, "@") && strstr($email, ".") && strlen($email) >= 6){

 

require("scripts/connect.php");

/*$query = mysql_query("SELECT * FROM users WHERE username='$username' ");*/

$query=mysql_query("SELECT * FROM users WHERE username='$username' ") or die(mysql_error());

$numrows = mysql_num_rows($query);

if ($numrows == 0){

 

/*$query=mysql_query("SELECT * FROM users WHERE email='$email' ");*/

$query=mysql_query("SELECT * FROM users WHERE email='$email' ") or die(mysql_error());

$numrows=mysql_num_rows($query);

if ($numrows == 0){

 

$pass = md5(md5($password));

$date = date("F d, Y");

 

if($name){

move_uploaded_file($tmpname, "avatars/$username.$ext");

$avatar = "$username.$ext";

}

else

$avatar = "default_avatar.png";

 

$code = substr (md5(rand(11111111111, 999999999999999)), 2,  25);

 

 

mysql_query("INSERT INTO users (`first_name`,`last_name`,`username`,`email`,`password`,`avatar`,`bio`,`website`,`youtube`,`last_login`,`active`,`code`,`locked`,`date`) VALUES ( '$firstname', '$lastname', '$username', '$email', 'pass', '$avatar', '$bio', '$website', '$youtube', '', '0', '$code', '0', '$date')");

 

/*mysql_query("INSERT INTO users (Field, Type) VALUES ('', '$firstname', '$lastname', '$username', '$email', 'pass', '$avatar', '$bio', '$website', '$youtube', '', '0', '$code', '0', '$date')");*/

 

$webmaster = "Admin@trucksite.com";

$subject = "Activate Your Account!";

$headers = "From: Admin <$webmaster>";

$message = "Hello $firstname.\n\nWelcome to trucksite below is a link for you to activate your account!.\n http://tprofiletesting.net23.net/activate.php?code=$code";

 

mail($email, $subject, $message, $headers);

echo "Your activation email has been sent to <b>$email</b>.";

}

else

echo "That email is currently in use.";

 

}

else

echo "That username is currently in use.";

}

else

echo "You did not enter a vaild email.";

}

else

echo "Your passwords did not match.";

}

else

echo"You did not fill in all the required fields.";

}

echo "$form";

[trq]

You have the string 'pass' in your query, not the variable $pass.

[dominic600]

i guess i need a break cause ive been staring at this so long i cant notice the obivious stuff. cause that fixed everything!

 

Thanks for input man!