vinson89 Posted May 11, 2014 Share Posted May 11, 2014 Hi, I'm quite new to PHP and I have some problem in my php script.How do we allow the user immediately logged into the system after they enter the correct activation code? Here is my script: <?php$username = $_POST['username'];$activation_code = $_POST['activation_code'];$db_host = "localhost";$db_name = "databasename";$db_use = "root";$db_pass = "password";$link = mysql_connect($db_host, $db_use, $db_pass);mysql_select_db($db_name, $link);$command = "UPDATE email_activation SET check_activation='$activation_code' WHERE username='$username' and activation='$activation_code'";$result = mysql_query($command);if ($result) {$query = "SELECT * FROM email_activation where username LIKE '%$username%' LIMIT 0 , 1 ";$result = mysql_query($query) OR die(mysql_error());while($row = mysql_fetch_array($result)){$name = $row['username'];$email = $row['email'];$password = $row['password];$activation = $row['activation'];$query = "INSERT INTO member (username, email, password, activation) VALUES ('$username','$email','$password','$activation')";$result = mysql_query($query) OR die(mysql_error());if ($result) {echo "Congratulations. Your membership has been activated and saved in member table …";}else{echo ("Congratulations. Your membership has been activated but it's can't saved in member table …");}}}else{echo ("You've entered an invalid username / activation code – please retry");}?> Link to comment https://forums.phpfreaks.com/topic/288415-immediately-logged-into-system/ Share on other sites More sharing options...
Ch0cu3r Posted May 11, 2014 Share Posted May 11, 2014 How do we allow the user immediately logged into the system How does your code identify the user is logged in? Also your code has potential for SQL injection attacks because you are not validating and sanitizing the users input before using it in your queries You should not be using wildcard search here. $query = "SELECT * FROM email_activation where username LIKE '%$username%' LIMIT 0 , 1 "; You need to do an absolute match WHERE username ='$username' Also You should also consider converting your code to PDO or mysqli as the mysql_* functions are deprecated and no longer supported. Link to comment https://forums.phpfreaks.com/topic/288415-immediately-logged-into-system/#findComment-1479102 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.