Account Not Activated

[Calgaryalberta]

Yesterday I put together a script that a user registers > they get emailed an activation link, with their new username and password, they they click the activation link > It takes them to the site and says, "Account Activated". Then say you're the user - you click "Login" you enter your new userid, and password - and click "login" it says, "Account Not Activated"

 

I think its a problem with the login script (which Ive posted) What its supposed to do is upon the user clicking the activation link there is a  field in the database that changes from 0 to 1. 0 =not activated and 1=activated. Also upon clicking their activation link they're automatically assigned access to the members area, but there are multiple areas (ie: members, admins, managers, directors)

So there is a field in the database called accesslevel that also changes when they click their activation link from 0 to 1

So, when logging in the database should see they have level 1 access and direct them to the members page...

 

Right now the error Im getting is: "Your Account is Not Activated" (when the account is activated)  :-\ I dont know why its doing this, anyone see any errors:

 

<?php
$con = mysql_connect("*****","****","****") or die('Could not connect: ' . mysql_error());
mysql_select_db("login", $con);

session_start();

if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"login.php\">\n";
echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n";
echo "</form></table>\n";
}else {
$user = mysql_real_escape_string(trim($_POST['username']));
$pass = mysql_real_escape_string(trim($_POST['password']));
$errors = array();

if(!$user){
	$errors[] = "You did not supply a username!";
}else {
	if(!$pass){
		$errors[] = "You did not supply a password!";
	}else {
		$sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'";
		$res = mysql_query($sql) or die(mysql_error());
		if(mysql_num_rows($res) == 0){
			$errors[] = "Username does not exist!";
		}else {
			$sql2 = "SELECT uid,activated,accesslevel FROM `users` WHERE `uid`='".$user."' AND `pass`='".md5($pass)."'";
			$res2 = mysql_query($sql2) or die(mysql_error());
			if(mysql_num_rows($res) == 0){
				$errors[] = "Incorrect username and password combination!";
			}else {
				$row = mysql_fetch_assoc($res2);
				if($row['activated'] == 0){
					$errors[] = "Your account is not activated!";
				}
			}
		}
	}
}

if(count($errors) > 0){
	foreach($errors AS $error){
		echo $error . "<br>\n";
	}
}else {
	$_SESSION['uid'] = $row['id'];

	switch($row['accesslevel']){
		case 1:
			header("Location: /members/index.php");
		break;

		case 2:
			header("Location: /admin/index.php");
		break;

		case 3:
			header("Location: /manager/index.php");
		break;

		default:
			header("Location: /directors/index.php");
	}
}
}

?>

 

 

[revraz]

Is the field `activated` in your MySQL DB set as INTEGER?

 

Also, why are you checking if they exist twice?  Seems redundant to do a Count then check again if they exist.

[revraz]

Also, why not merge activated and accesslevel into one?

 

0 Could mean non member and not activated can't it?  Since you set them both to 1 after they activate.