User Activation

[idkwhy]

i'm trying to finish my login script and apart of the login script is the program checking with the database to see whether or not the user has been activated. In my db, the user is not activated. However, in the program, the program is reading that it's active no matter what. This is frustrating.

 

The query isn't throwing an error.

 

Additionally, I have to include the dbconnect.php file in order for the query line to run without a non-object error. This is annoying too, as it should be just fine being passed through the parameters. I would like it if someone could read through this for me and give me some insight to answer these two questions:

 

1) Why is the user always activated?

2) Why do I have to include the dbconnect.php? Why isn't the passing parameters working?

 

Thanks

 

userfunctions.php

function user_active($username, $mysqli) {
include('inc/dbconnect.php');
$username = sanitize($mysqli, $data);
$command = "SELECT COUNT(`userID`)
FROM `users`
WHERE `userName` = '$username' AND `Active` = '1'";
$result = $mysqli->query($command) or die($mysqli->error);
$row = $result->fetch_assoc();
$columns = array_keys($row);
return $result !== false;
}

 

login.php

if(isset($username)) {
if(!user_exists($username, $command, $mysqli, $result)) {
 $errors[] = 'We can\'t find that username. Have you registered?';
} else {
 if(!user_active($username, $data, $mysqli, $command)) {
 $errors[] = 'You haven\'t activated your account.';
 } else {
 $login = login($username, $password, $mysqli);
 if($login === false) {
 $errors[] = 'That username/password combination is incorrect.';
 } else {
 $login = $_SESSION['userID'];
 echo "<br />it\'s still working<br />";
 //header('Location: index.php');
 //exit();
 }
 }
}
}

 

These are snippets of each, not the full code. If requested I'll provide the full code

[maxudaskin]

My suggestion is to seperate the active users data from the users themselves.

 

Have a second table that is queried to find the last page load activity. This way you can, if you want, log all of the user's actions, login's, or none of them at all.

[idkwhy]

My suggestion is to seperate the active users data from the users themselves.

 

Have a second table that is queried to find the last page load activity. This way you can, if you want, log all of the user's actions, login's, or none of them at all.

 

This is interesting, and certainly something I'm going to try. However, how would I log user actions, logins, etc?

[Christian F.]

When it comes to the problem of always having to include dbconnect.php; You're not using mysqli_close () in ny of your files, by any chance? If so, remove every occurrence if it. That should clear that issue up, at least.

 

As for the first problem, go over these four lines again, line by line and pay close attention:

$result = $mysqli->query($command) or die($mysqli->error);
$row = $result->fetch_assoc();
$columns = array_keys($row);
return $result !== false;

[idkwhy]

When it comes to the problem of always having to include dbconnect.php; You're not using mysqli_close () in ny of your files, by any chance? If so, remove every occurrence if it. That should clear that issue up, at least.

 

As for the first problem, go over these four lines again, line by line and pay close attention:

$result = $mysqli->query($command) or die($mysqli->error);
$row = $result->fetch_assoc();
$columns = array_keys($row);
return $result !== false;

 

Thanks! I fixed it with

$arr = $result->fetch_array();
return $arr['COUNT(`userID`)'] != 0;

 

I don't have any

mysqli_close();

.. I still don't know why it's doing that. I can't have that there for much longer though, it slows down the queries. Anyone have any idea?

[mikosiko]

Your function is receiving 2 parameters, and in your index.php you are calling it with 4.

[DavidAM]

Have a look at the function definition and then look at where you are calling it:

 

function user_active($username, $mysqli) {


if(!user_active($username, $data, $mysqli, $command)) {

 

The function definition has two parameters: Username and the mySql Object. However, when you call it, you are passing four parameters (which is not too big of a deal) but the second parameter you pass is not your mysql object (unless you are using some strange naming convention).

[idkwhy]

Fixed it. Thank you guys so much!

[DavidAM]

Fixed it. Thank you guys so much!

 

Glad to hear it. Please click the Topic Solved button so others will know it is solved.

 

The function definition has two parameters: Username and the mySql Object. However, when you call it, you are passing four parameters (which is not too big of a deal) but the second parameter you pass is not your mysql object (unless you are using some strange naming convention).

 

(Is it bad form to quote yourself?)

 

I really feel like I should clarify the "not too big of a deal" statement:

 

PHP has functions that let you retrieve the arguments passed to a function as an array, even if the function definition does not specifically name those parameters. As good programming practice, this is something that should be avoided, unless you have a need for unlimited parameters (see sprintf). I said "not too big of a deal" because it is not an error condition, and the code will run, but in this particular case, there was obviously a mismatch in parameters.