[SOLVED] not getting if statement to log in

[dolcezza]

I had this script working, now suddenly (live) it's saying" you have to activate first" even when it is activated. I checked the database and activated == 1, so I can't figure out why it isn't logging in.

Any help appreciated.

 

session_start();
require_once("db_connect.php");
<?
  
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
header("Location: https://www.caregivingsocal.com/members.php");
} 
if(isset($_POST['submit'])) {
if(!$_POST['username']) die("Error: You must enter your username to log in.");
if(!$_POST['password']) die("Error: You must enter a password to log in.");
//set cookie if checked
if(!empty($_POST['stay_in'])) {
$joined =''.$_POST['username'].'[]'.md5($_POST['password']).'';
setcookie('login_cookie', $joined, 2147483647, '/','www.caregivingsocal.com');
} // end if
//verify user
$get_user = mysql_query("SELECT * FROM mem WHERE username = '".$_POST['username']."' AND user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
if(!$q) die("Login Failure: Please verify your username and password are correct." . mysql_error());
$row = mysql_fetch_array($get_user);
if ($row['activated'] == 0) {
 ?><p>Sorry, you must activate your account first!</p><p>Didn't get your validation email? <a href="resend.php">Click here</a> to resend the validation email.</p>
<?
die();
}
// set session variables
$_SESSION['logged_in'] = 1;
$_SESSION['username'] = $_POST['username'];
$_SESSION['password'] = $_POST['password'];
session_write_close();
Header("Location: https://www.caregivingsocal.com/signin.php");
} else {
//show login form
?>
<form name="login" method="post" action="<?$_SERVER['PHP_SELF']; ?>">
<table>
<tr><td>Username:</td><td><input type="text" id="username" name="username"></td></tr>
<tr><td>Password:</td><td><input type="password" id="password" name="password"></td></tr>
<tr><td>Submit: <input type="submit" value="submit" name="submit" id="submit"></td></tr>
<tr><td><input type="checkbox" name="stay_in[]" checked="yes">Remember Me</td></tr></table></form>
<?
} // end else
?>

[emehrkay]

$row = mysql_fetch_array($get_user);

// add to see what is returned from the database

print_r($row);

 

 

 

you have some security issues too. you are putting direct user input into the database and you do not do an exit; after your header call

[dolcezza]

It still just has the activate message, nothing else.

 

[dolcezza]

if I try "print_r($get_user);"

I get "Resource id #3"

 

I have no idea what id 3 would be!

[emehrkay]

the problem is with this part

 

$row = mysql_fetch_array($get_user);

if ($row['activated'] == 0) {

 

i dont know what it is, but there is a problem in that block of code

[dolcezza]

resource id # 3 means it is getting something from the database?

 

[Stooney]

try something like this, make sure you have the right number for the $row array:

 

$row = mysql_fetch_array($get_user, MYSQL_NUM);
if ($row[0] == 0) {
//not logged in
exit(); }

[dolcezza]

I'm kind of new at this.. what do you mean by right number? The column in the database?

 

 

[Stooney]

yea, say your table is    id, name, activated.  then those would be $row[0], $row[1], $row[2] (assuming you dont have the query pull em in a different order). 

[revraz]

He is treating the variable as if it was an Object, not a Array.

 

use $row=mysql_fetch_object($get_user); instead, then $row['activated'] will be created if he has a column named activated in his DB.

 

the problem is with this part

 

$row = mysql_fetch_array($get_user);

if ($row['activated'] == 0) {

 

i dont know what it is, but there is a problem in that block of code

[dolcezza]

I tried, and get the same message

$row=mysql_fetch_object($get_user);

if ($row['activated'] == 0) {

 

and I tried this and get "not logged in"

$row = mysql_fetch_array($get_user, MYSQL_NUM);
if ($row[10] == 0) {
echo 'not logged in'
exit(); }

[Stooney]

Is the query executing?  check mysql_error()

[dolcezza]

where do I put it, after "$get_user = mysql_query("SELECT * FROM mem WHERE username = '".$_POST['username']."' AND user_password = '".md5($_POST['password'])."'");" or no?

 

[Stooney]

right after

 

$q = mysql_fetch_object($get_user);

 

add

 

echo mysql_error();

[dolcezza]

I get nothing but "not logged in"

 

[CMC]

Try revising your query like this:

 

$get_user = mysql_query("SELECT * FROM mem WHERE username = '".$_POST['username']."' AND user_password = '".md5($_POST['password'])." AND activated='1'"

 

Perhaps that is the problem. Also double check that the row 'activated' does indeed exist and you haven't made a typo or something. Maybe the row is user_activated?

[dolcezza]

and get rid of the rest like this?

$get_user = mysql_query("SELECT * FROM mem WHERE username = '".$_POST['username']."' AND user_password = '".md5($_POST['password'])." AND activated='1'");


if ($row['activated'] == 0) {
 ?><p>Sorry, you must activate your account first!</p><p>Didn't get your validation email? <a href="resend.php">Click here</a> to resend the validation email.</p>
<?
die();
}

 

If so, I still get the activate message. I checked the column name, it is "activated".

[CMC]

Hmm here this is how I generally would use a login.

$userName = htmlentities(trim($_POST['userName']));
$userPassword = md5(trim($_POST['userPassword]));
$activated = 1;
//setup sql to see if username & password match/exist
$sql = "SELECT user_name,user_password FROM table_name WHERE user_name='$userName' AND user_password='$userPassword'";
$query = mysql_query($sql) or die("Could not run query: ".mysql_error());
$num = mysql_num_rows($query);
//check if there is a row
if($row == 1){
//setup sql to see if account is activated
$sql = "SELECT user_name,user_password,activated FROM table_name WHERE user_name='$userName' AND   
           user_password='$userPassword' AND activated='$activated'";
$query = mysql_query($sql) or die("Could not check activation");
//if query fails, account has not been activated
if(!$query){
  echo "Please activate your account!";
}else{
//otherwise they are logged in 
echo "You have been logged in!";
}
}elseif($num == 0){
//if no rows are found, give error
echo "Incorrect username or password!";
}else{
echo "Username does not exist";
}

 

[revraz]

You can check if activated in the query as you authenticate, and just check it after you verify it's a valid account.  Unless you have a reason to query again.

[CMC]

Running two separate queries, one for authentication, other for activation would give more precision over user-friendly errors wouldn't it? I see what you mean, you could fit it all into one query, but I like to do it with 2 because I can give a more specific error message if there is one. Hopefully I haven't missed something...  ???

[revraz]

Once you query the first time, you can just load it to an array, then do a if then on the array.  Would save a little bit of DB overhead.

[dolcezza]

I got it solved outside if anyone is interested. "whats happening is that you are populating $q with your data after the query, once you call fetch_array for $row, you've already cleared your buffer"

$get_user = mysql_query("SELECT * FROM mem WHERE username = '".$_POST['username']."' AND user_password = '".md5($_POST['password'])."'");
$q = mysql_fetch_object($get_user);
if(!$q) die("Login Failure: Please verify your username and password are correct." . mysql_error());
$row = mysql_fetch_array($get_user);

if ($q->activated == 0) {
 ?><p>Sorry, you must activate your account first!</p><p>Didn't get your validation email? <a href="resend.php">Click here</a> to resend the validation email.</p>
<?
die();
}

Thanks to all though!!!!