Calgaryalberta Posted January 26, 2008 Share Posted January 26, 2008 Yesterday I put together a script that a user registers > they get emailed an activation link, with their new username and password, they they click the activation link > It takes them to the site and says, "Account Activated". Then say you're the user - you click "Login" you enter your new userid, and password - and click "login" it says, "Account Not Activated" I think its a problem with the login script (which Ive posted) What its supposed to do is upon the user clicking the activation link there is a field in the database that changes from 0 to 1. 0 =not activated and 1=activated. Also upon clicking their activation link they're automatically assigned access to the members area, but there are multiple areas (ie: members, admins, managers, directors) So there is a field in the database called accesslevel that also changes when they click their activation link from 0 to 1 So, when logging in the database should see they have level 1 access and direct them to the members page... Right now the error Im getting is: "Your Account is Not Activated" (when the account is activated) :-\ I dont know why its doing this, anyone see any errors: <?php $con = mysql_connect("*****","****","****") or die('Could not connect: ' . mysql_error()); mysql_select_db("login", $con); session_start(); if(!$_POST['submit']){ echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<form method=\"post\" action=\"login.php\">\n"; echo "<tr><td>Username</td><td><input type=\"text\" name=\"username\"></td></tr>\n"; echo "<tr><td>Password</td><td><input type=\"password\" name=\"password\"></td></tr>\n"; echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"Login\" name=\"submit\"></td></tr>\n"; echo "</form></table>\n"; }else { $user = mysql_real_escape_string(trim($_POST['username'])); $pass = mysql_real_escape_string(trim($_POST['password'])); $errors = array(); if(!$user){ $errors[] = "You did not supply a username!"; }else { if(!$pass){ $errors[] = "You did not supply a password!"; }else { $sql = "SELECT count(*) FROM `users` WHERE `uid`='".$uid."'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ $errors[] = "Username does not exist!"; }else { $sql2 = "SELECT uid,activated,accesslevel FROM `users` WHERE `uid`='".$user."' AND `pass`='".md5($pass)."'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res) == 0){ $errors[] = "Incorrect username and password combination!"; }else { $row = mysql_fetch_assoc($res2); if($row['activated'] == 0){ $errors[] = "Your account is not activated!"; } } } } } if(count($errors) > 0){ foreach($errors AS $error){ echo $error . "<br>\n"; } }else { $_SESSION['uid'] = $row['id']; switch($row['accesslevel']){ case 1: header("Location: /members/index.php"); break; case 2: header("Location: /admin/index.php"); break; case 3: header("Location: /manager/index.php"); break; default: header("Location: /directors/index.php"); } } } ?> Quote Link to comment Share on other sites More sharing options...
revraz Posted January 26, 2008 Share Posted January 26, 2008 Is the field `activated` in your MySQL DB set as INTEGER? Also, why are you checking if they exist twice? Seems redundant to do a Count then check again if they exist. Quote Link to comment Share on other sites More sharing options...
revraz Posted January 26, 2008 Share Posted January 26, 2008 Also, why not merge activated and accesslevel into one? 0 Could mean non member and not activated can't it? Since you set them both to 1 after they activate. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.