dominic600 Posted August 7, 2011 Share Posted August 7, 2011 so ive went over this thing a few times and i cant see what im doing wrong, after following the tutorial.. anyways i fixed a few errors, mainly spelling and syntax errors, but for somereason on my when i go to activate the account, when i type my account and password in it says its incorrect... <?php $title = "Trucks Profiles - Activate your account"?> <?php require("styles/top.php"); ?> <div id='full'> <?php $getcode = $_GET['code']; $form = "<form action='activate.php' method='post'> <table> <tr> <td>Activate Code:</td> <td><input type='text' name='code' value='$getcode'></td> </tr> <tr> <td>Username:</td> <td><input type='text' name='username'></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password'></td> </tr> <tr> <td></td> <td><input type='submit' name='submitbtn' value='Activate'></td> </tr> </table> </form>"; if ($_POST['submitbtn']){ $code = strip_tags($_POST['code']); $username = strip_tags($_POST['username']); $password = strip_tags($_POST['password']); if ($code && $username && $password){ if (strlen($code) == 25){ $pass = md5(md5($password)); require("scripts/connect.php"); $query = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$pass'"); $numrows = mysql_num_rows($query); if ($numrows == 1){ $row = mysql_fetch_assoc($query); $dbcode = $row['code']; if ($code == $dbcode){ mysql_query("UPDATE users SET active='1' WHERE username='$username'"); echo "You are now active, you may now log in."; } else echo"Your Activation code is incorrect."; } else echo "Your Username and/or Password are incorrect."; } else echo "Invalid Code."; } else echo "You did not fill out all the fields."; } else echo "$form"; ?> </div> <?php require("styles/bottom.php"); ?> Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 7, 2011 Share Posted August 7, 2011 Hi Dominic, I don't know if this is correct or just a mistake, you hashed the password twice? )$pass = md5(md5($password)); Quote Link to comment Share on other sites More sharing options...
dominic600 Posted August 7, 2011 Author Share Posted August 7, 2011 yeah i did. the tutorial im following said to do that.. Quote Link to comment Share on other sites More sharing options...
voip03 Posted August 7, 2011 Share Posted August 7, 2011 in u code $getcode = $_GET['code']; .. . .. if ($code && $username && $password)... $code variable should be $getcode Quote Link to comment Share on other sites More sharing options...
voip03 Posted August 7, 2011 Share Posted August 7, 2011 check all the $code variables Quote Link to comment Share on other sites More sharing options...
dominic600 Posted August 7, 2011 Author Share Posted August 7, 2011 i did and i canged them all to &getcode and still samething. Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted August 7, 2011 Share Posted August 7, 2011 then your $password variable does not match your $pass variable..most likely because you are hashing the password twice, however this might not be what is causing this...output both variables and compare the values... Quote Link to comment Share on other sites More sharing options...
phpSensei Posted August 7, 2011 Share Posted August 7, 2011 Dominic, are you using the same hash method when a user registers? Quote Link to comment Share on other sites More sharing options...
dominic600 Posted August 7, 2011 Author Share Posted August 7, 2011 yeah i have the md5 hash thing twice on activat and register. but i have $pass is $password == $repassword but one problem i seen was i created 2 accounts 2 different emails and when i went into the database to look at them for some reason it made the passwords 'pass' when i did not input that for the passwords.. Quote Link to comment Share on other sites More sharing options...
trq Posted August 7, 2011 Share Posted August 7, 2011 If you are hashing the passwords properly you wont be able to read them at all. Quote Link to comment Share on other sites More sharing options...
dominic600 Posted August 7, 2011 Author Share Posted August 7, 2011 so even tho it just says 'pass' in the database its really not just 'pass'? Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted August 7, 2011 Share Posted August 7, 2011 an MD5 hash will translate your string into a 32 character hash.. so if you are seeing "pass" in you db table in the password field then something is wrong there and we will need to look at that code first being beginning to try and fix this issue.. Quote Link to comment Share on other sites More sharing options...
dominic600 Posted August 7, 2011 Author Share Posted August 7, 2011 Well theres my code that would put the password into the database. maybe the double md5 is whats messing it up? <?php require("styles/top.php"); ?> <div id='content'> <div id='full'> <?php $form = "<form action='register.php' method='post'> <table> <tr> <td></td> <td>Fields indicating <font color='red'>*</font> are require.</td> </tr> <tr> <td>First Name:</td> <td><input type='text' name='firstname'><font color='red'>*</font></td> </tr> <tr> <td>Last Name:</td> <td><input type='text' name='lastname'><font color='red'>*</font></td> </tr> <tr> <td>Username:</td> <td><input type='text' name='username'><font color='red'>*</font></td> </tr> <tr> <td>E-mail:</td> <td><input type='text' name='email'><font color='red'>*</font></td> </tr> <tr> <td>Password:</td> <td><input type='password' name='password'><font color='red'>*</font></td> </tr> <tr> <td>Confirm Password:</td> <td><input type='password' name='repassword'><font color='red'>*</font></td> </tr> <tr> <td>Avatar:</td> <td><input type='file' name='avatar'></td> </tr> <tr> <td>Website:</td> <td><input type='text' name='website'></td> </tr> <tr> <td>Youtube User Name:</td> <td><input type='text' name='youtube'></td> </tr> <tr> <td>Bio:</td> <td><textarea name='bio' cols='35' rows='5'></textarea></td> </tr> <tr> <td></td> <td><input type='submit' name='submitbtn' value='Register'></td> </tr> </table> </form>"; if ($_POST['submitbtn']){ $firstname = strip_tags($_POST['firstname']); $lastname = strip_tags($_POST['lastname']); $username = strip_tags($_POST['username']); $email = strip_tags($_POST['email']); $password = strip_tags($_POST['password']); $repassword = strip_tags($_POST['repassword']); $website = strip_tags($_POST['website']); $youtube = strip_tags($_POST['youtube']); $bio = strip_tags($_POST['bio']); $name = $_FILES['avatar'] ['name']; $type = $_FILES['avatar'] ['type']; $size = $_FILES['avatar'] ['size']; $tmpname = $_FILES['avatar']['tmpname']; $ext = substr($name, strrpos($name, '.')); if ($firstname && $lastname && $username && $email && $password && $repassword){ if ($password == $repassword){ if (strstr($email, "@") && strstr($email, ".") && strlen($email) >= 6){ require("scripts/connect.php"); /*$query = mysql_query("SELECT * FROM users WHERE username='$username' ");*/ $query=mysql_query("SELECT * FROM users WHERE username='$username' ") or die(mysql_error()); $numrows = mysql_num_rows($query); if ($numrows == 0){ /*$query=mysql_query("SELECT * FROM users WHERE email='$email' ");*/ $query=mysql_query("SELECT * FROM users WHERE email='$email' ") or die(mysql_error()); $numrows=mysql_num_rows($query); if ($numrows == 0){ $pass = md5(md5($password)); $date = date("F d, Y"); if($name){ move_uploaded_file($tmpname, "avatars/$username.$ext"); $avatar = "$username.$ext"; } else $avatar = "default_avatar.png"; $code = substr (md5(rand(11111111111, 999999999999999)), 2, 25); mysql_query("INSERT INTO users (`first_name`,`last_name`,`username`,`email`,`password`,`avatar`,`bio`,`website`,`youtube`,`last_login`,`active`,`code`,`locked`,`date`) VALUES ( '$firstname', '$lastname', '$username', '$email', 'pass', '$avatar', '$bio', '$website', '$youtube', '', '0', '$code', '0', '$date')"); /*mysql_query("INSERT INTO users (Field, Type) VALUES ('', '$firstname', '$lastname', '$username', '$email', 'pass', '$avatar', '$bio', '$website', '$youtube', '', '0', '$code', '0', '$date')");*/ $webmaster = "Admin@trucksite.com"; $subject = "Activate Your Account!"; $headers = "From: Admin <$webmaster>"; $message = "Hello $firstname.\n\nWelcome to trucksite below is a link for you to activate your account!.\n http://tprofiletesting.net23.net/activate.php?code=$code"; mail($email, $subject, $message, $headers); echo "Your activation email has been sent to <b>$email</b>."; } else echo "That email is currently in use."; } else echo "That username is currently in use."; } else echo "You did not enter a vaild email."; } else echo "Your passwords did not match."; } else echo"You did not fill in all the required fields."; } echo "$form"; Quote Link to comment Share on other sites More sharing options...
trq Posted August 7, 2011 Share Posted August 7, 2011 You have the string 'pass' in your query, not the variable $pass. Quote Link to comment Share on other sites More sharing options...
dominic600 Posted August 7, 2011 Author Share Posted August 7, 2011 i guess i need a break cause ive been staring at this so long i cant notice the obivious stuff. cause that fixed everything! Thanks for input man! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.