PRodgers4284 Posted February 14, 2008 Share Posted February 14, 2008 I want to have a activation facility in my login script, i have added an active field to my database which adds a "0" to the database everytime a user registers with the site. If the active field is "0" then a message will appear account it not active. Im not sure if my query is correct, not sure if im using the select statement correct. I was trying to use $q = "select password,active from employers where username = '$username'"; $result = mysql_query($q,$conn); $row = mysql_fetch_array($sql); if($row['active']=='0'){ return 3; //Indicates inactive account and then an error message below Quote Link to comment Share on other sites More sharing options...
revraz Posted February 14, 2008 Share Posted February 14, 2008 You don't use $sql anywhere so I assume you mean $row = mysql_fetch_array($result); Quote Link to comment Share on other sites More sharing options...
trq Posted February 14, 2008 Share Posted February 14, 2008 Also note that return is pretty well useless outside of a function. I would also recommend always checking your results prior to attempting to use them. <?php $q = "SELECT `password`,active FROM employers WHERE username = '$username' LIMIT 1"; if ($result = mysql_query($q,$conn)) { if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); if ($row['active'] == 0) { echo "account inactive"; } } } ?> Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 14, 2008 Author Share Posted February 14, 2008 I wasnt too sure it i was going the right way about it, was trying to fit it into my login code which is: <?php $validation = ""; /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } $q = "select password,active from employers where username = '$username'"; $result = mysql_query($q,$conn); $row = mysql_fetch_array($result); if($row['active']=='0'){ return 3; //Indicates inactive account } } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /* Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; } } Quote Link to comment Share on other sites More sharing options...
trq Posted February 14, 2008 Share Posted February 14, 2008 This.... if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } seems all backward to me. Your return false on success and true and failure. hence your confirmuser function isn't really very readable. eg; <?php if (confirmUser()) { // success } else { // failed. } ?> Is allot more readable / makes more sence. Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 14, 2008 Author Share Posted February 14, 2008 This.... if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } seems all backward to me. Your return false on success and true and failure. hence your confirmuser function isn't really very readable. eg; <?php if (confirmUser()) { // success } else { // failed. } ?> Is allot more readable / makes more sence. Thanks for the reply, appreciate ur help, im new to php and still learning, im having trouble with the activation code, cant same to get it fitted into the code properly to check the active field in the table. Quote Link to comment Share on other sites More sharing options...
trq Posted February 14, 2008 Share Posted February 14, 2008 Did you read my original reply and change your code accordingly? If so, lets see your current code. Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 14, 2008 Author Share Posted February 14, 2008 Did you read my original reply and change your code accordingly? If so, lets see your current code. My code at present is: <?php $validation = ""; /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } $q = "SELECT `password`,active FROM employers WHERE username = '$username' LIMIT 1"; if ($result = mysql_query($q,$conn)) { if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); if ($row['active'] == 0) { return 3; //Indicates inactive account } } I then have the error output at the bottom of the code else if($result == 3){ $validation = "Inactive Account"; } Quote Link to comment Share on other sites More sharing options...
trq Posted February 14, 2008 Share Posted February 14, 2008 I then have the error output at the bottom of the code else if($result == 3){ $validation = "Inactive Account"; } And where is $result defined? we need to see your calling code. Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 14, 2008 Author Share Posted February 14, 2008 heres the full code <?php $validation = ""; /** * Checks whether or not the given username is in the * database, if so it checks if the given password is * the same password in the database for that user. * If the user doesn't exist or if the passwords don't * match up, it returns an error code (1 or 2). * On success it returns 0. */ function confirmUser($username, $password){ global $conn; /* Add slashes if necessary (for query) */ if(!get_magic_quotes_gpc()) { $username = addslashes($username); } /* Verify that user is in database */ $q = "select password from users where username = '$username'"; $result = mysql_query($q,$conn); if(!$result || (mysql_numrows($result) < 1)){ return 1; //Indicates username failure } /* Retrieve password from result, strip slashes */ $dbarray = mysql_fetch_array($result); $dbarray['password'] = stripslashes($dbarray['password']); $password = stripslashes($password); /* Validate that password is correct */ if($password == $dbarray['password']){ return 0; //Success! Username and password confirmed } else{ return 2; //Indicates password failure } $q = "SELECT `password`,active FROM employers WHERE username = '$username' LIMIT 1"; if ($result = mysql_query($q,$conn)) { if (mysql_num_rows($result)) { $row = mysql_fetch_array($result); if ($row['active'] == 0) { return 3; //Indicates inactive account } } /** * checkLogin - Checks if the user has already previously * logged in, and a session with the user has already been * established. Also checks to see if user has been remembered. * If so, the database is queried to make sure of the user's * authenticity. Returns true if the user has logged in. */ function checkLogin(){ /* Check if user has been remembered */ if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){ $_SESSION['username'] = $_COOKIE['cookname']; $_SESSION['password'] = $_COOKIE['cookpass']; } /* Username and password have been set */ if(isset($_SESSION['username']) && isset($_SESSION['password'])){ /* Confirm that username and password are valid */ if(confirmUser($_SESSION['username'], $_SESSION['password']) != 0){ /* Variables are incorrect, user not logged in */ unset($_SESSION['username']); unset($_SESSION['password']); return false; } return true; } /* User not logged in */ else{ return false; } } /** * Determines whether or not to display the login * form or to show the user that he is logged in * based on if the session variables are set. */ function displayLogin(){ global $validation; global $logged_in; if($logged_in){ echo "Welcome <b>$_SESSION[username]</b> <br> <br><a href=\"viewemployeedetails.php\">User Account Details</a> <br> <br><a href=\"viewcv.php\">CV Page</a></li> <br> <br><a href=\"logout.php\">Logout</a>"; } else{ include "loginform.php"; echo "<p>$validation</p>"; } } /** * Checks to see if the user has submitted his * username and password through the login form, * if so, checks authenticity in database and * creates session. */ if(isset($_POST['sublogin'])){ $_POST['user'] = trim($_POST['user']); /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['pass']); $result = confirmUser($_POST['user'], $md5pass); /* Check that all fields were typed in */ if(!$_POST['user'] || !$_POST['pass']){ $validation = "You didn't fill in a required field"; } /* Spruce up username, check length */ else if(strlen($_POST['user']) > 30){ $validation = "Username is longer than 30 characters"; } /* Check error codes */ else if($result == 1){ $validation = "Username doesn't exist"; } else if($result == 2){ $validation = "Incorrect Password"; } /* Username and password correct, register session variables */ $_POST['user'] = stripslashes($_POST['user']); $_SESSION['username'] = $_POST['user']; $_SESSION['password'] = $md5pass; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if(isset($_POST['remember'])){ setcookie("cookname", $_SESSION['username'], time()+60*60*24*100, "/"); setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/"); } } /* Sets the value of the logged_in variable, which can be used in your code */ $logged_in = checkLogin(); ?> Quote Link to comment Share on other sites More sharing options...
trq Posted February 14, 2008 Share Posted February 14, 2008 And what exactly is happening? to be honest, your mkaing this allot more complcated then need be. Its getting to the point where its becomming quite difficult to follow. Quote Link to comment Share on other sites More sharing options...
PRodgers4284 Posted February 14, 2008 Author Share Posted February 14, 2008 And what exactly is happening? to be honest, your mkaing this allot more complcated then need be. Its getting to the point where its becomming quite difficult to follow. Ok, were im i goin wrong, im sorry im still learning and i know the code isnt the most efficient. Is there anything i can do to improve it? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.