MrSamCraft Posted March 11, 2013 Share Posted March 11, 2013 Hello, So im in the middle of making a login section and so far so good, until i hit a brick wall... So for the users needto active the account. I tested this with my test account and before I activated the test account via the database (changed it form 0 to 1) it said "User not activated". From that point on I activated it, now when i try to login Im just getting "That username/password combination is incorrect" (But its not...) Here have a look for your self http://enderbase.com/login.php Username: test Password: test Here the code User.php <?php function logged_in() { return (isset($_SESSION['iduser'])) ? true : false; } function user_exists($username) { $username = sanitize($username); return (mysql_result(mysql_query("SELECT COUNT(`iduser`) FROM `user` WHERE `username` = '$username'"), 0) == 1) ? true : false; } function user_active($username) { $username = sanitize($username); return (mysql_result(mysql_query("SELECT COUNT(`iduser`) FROM `user` WHERE `username` = '$username' AND `active` = 1"), 0) == 1) ? true : false; } function iduser_from_username($username) { $username = sanitize($username); return mysql_result(mysql_query("SELECT `iduser` FROM `user` WHERE `username` = '$username'"), 0, 'iduser'); } function login($username, $password) { $iduser = iduser_from_username($username); $username = sanitize($username); $password = md5($passowrd); return (mysql_result(mysql_query("SELECT COUNT(`iduser`) FROM `user` WHERE `username` = '$username' AND `password` = '$password'"), 0) == 1) ? $iduser : false; } ?> Login.php <?php include 'core/init.php'; if (empty($_POST) === false) { $username = $_POST['username']; $password = $_POST['password']; if (empty($username) === true || empty($password) === true) { $errors[] = 'You need to enter a username and password!'; } else if (user_exists($username) === false) { $errors[] = 'We can\'t find that username. Have you registerd?'; } else if (user_active($username) === false) { $errors[] = 'You havn\'t activated your account!'; } else { $login = login($username, $password); if ($login === false) { $errors[] = 'That username/password combination is incorrect!'; } else { $_SESSION['iduser'] = $login; header('Location: index.php'); exit(); } } } ?> Thanks, Sam (p.s. Im a noob to this ) Quote Link to comment Share on other sites More sharing options...
crf1121359 Posted March 11, 2013 Share Posted March 11, 2013 had the same issue before. try activating the user's account via the activation.php file and try again. Quote Link to comment Share on other sites More sharing options...
crf1121359 Posted March 11, 2013 Share Posted March 11, 2013 p.s. stop using mysql function. you risk the sql injection and php wont support them soon. use mysqli function instead which is alot harder to use but more secure. I am strugling with mysqli myself by the way. Quote Link to comment Share on other sites More sharing options...
MrSamCraft Posted March 11, 2013 Author Share Posted March 11, 2013 had the same issue before. try activating the user's account via the activation.php file and try again. OK, thanks ill try! Quote Link to comment Share on other sites More sharing options...
AyKay47 Posted March 11, 2013 Share Posted March 11, 2013 You can acquire all of the necessary information that you need from one query, instead of the 3-4 you are currently using. Are you storing the md5 hashed version of the password inside of the database? Using exit() at the end of a script does nothing, as the script will exit naturally. Side note, using an md5 hash on passwords is simply not enough, as md5 hashes are easy enough to crack using brute force methods. I suggest instead using the crypt function with CRYPT_BLOWFISH hash type and a compatible salt. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.