[SOLVED] php Login page

dhossai · October 16th, 2007, 10:54 AM

Hi Fellows!
I have a login page that check the database userid and password filed before log in. If match it allow them to log in and redirect that to a welcome page. It is working fine. Now what I want is ....it should check the table 'active' filed to verify whether user's activated or not their account. If it activated the field is empty. so if it was not activated they will get an messaga saying account is not activated. If the account is activated then it will check the userid and password filed. Iknow it sould very easy but I am kind of stuck. Here is my working login page code..........

Code:


			
include "include/session.php";
include "include/z_db.php";
//////////////////////////////
 
?>
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<title>(Type a title for your page here)</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">
<?
$userid=mysql_real_escape_string($userid);
$password=md5(mysql_real_escape_string($password));
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'"))){
 if(($rec['userid']==$userid)&&($rec['password']==$password)){
  include "include/newsession.php";
            echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=welcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>";
     print "<script>";
       print " self.location='welcome.php';"; // Comment this line if you don't want to redirect
          print "</script>";
    } 
  } 
 else {
  session_unset();
echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct  Userid and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
 
 }
?>
</body>
</html>

c010depunkk · October 16th, 2007, 11:25 AM

Just change your SQL query:

Code:

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password' AND active != ''

dhossai · October 16th, 2007, 11:47 AM

Hi c010depunkk,
Could u pls show me the code for the query, I am kind of novice ther?

karinne · October 16th, 2007, 11:52 AM

see the bold

Code:

$userid=mysql_real_escape_string($userid);
$password=md5(mysql_real_escape_string($password));
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'"))){
 if(($rec['userid']==$userid)&&($rec['password']==$password)){

dhossai · October 16th, 2007, 12:01 PM

Hi C010,
Thanks for our quick reponse but you are not giving me the corrected code that it should be you just showed me where to change but I need to know the changed code to incorporate my objective. Thanks

alexgeek · October 16th, 2007, 12:05 PM

He did change it Dhossai.
He changed:

Code:

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'

to:

Code:

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password' AND active != ''

dhossai · October 16th, 2007, 12:08 PM

Hi alexgeek,
where it got change? I don't see where it check the 'active' filed from the table to verify whether it was activated or not? Pls explain a bit.

karinne · October 16th, 2007, 12:41 PM

Oh dear!

See the green part in alexgeek's code

dhossai · October 16th, 2007, 12:49 PM

Hi Karinne,

Could u pls check my original post and check the code, I do not see any changes it is exactly same as I had. Pls let me know.

karinne · October 16th, 2007, 12:52 PM

In your code you have

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'

and c010depunkk added AND active != '' at the end

Now ... if you don't understand this ... I don't know how else to explain the simplicity of this thread.

dhossai · October 16th, 2007, 01:06 PM

Hi Karrine,
Thanks for this. Now I can see the text but I still can not see any text on Alexe's post anywhere. I don't know it might be my browser is not allowing me to see this or what? It is interesting!!!!! Anyway, How to echo the notice if account was not activated. In my database it it was activated the 'active' field would be empty. Thanks

karinne · October 16th, 2007, 01:07 PM

What platform and browser are you in?

Quote:

In my database it it was activated the 'active' field would be empty.

and that's what the != ' ' is for

c010depunkk · October 16th, 2007, 01:35 PM

OK, back for round two. Here's your code, modified. This should work:

Code:


			
include "include/session.php";
include "include/z_db.php";
//////////////////////////////

?>
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<title>(Type a title for your page here)</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">
<?
$userid=mysql_real_escape_string($userid);
$password=md5(mysql_real_escape_string($password));
if($rec=mysql_fetch_object(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid'"))){
    if($rec->active!='') {
        if($password==$rec->password) {
            include "include/newsession.php";
            echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=welcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>";
            print "<script>";
            print " self.location='welcome.php';"; // Comment this line if you don't want to redirect
            print "</script>";
        } else {
            // password wrong
        }
    } else {
        // account not activated
    }
}else {
    session_unset();
    echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct  Userid and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}
?>
</body>
</html>

dhossai · October 16th, 2007, 01:48 PM

Hi karrine,
In the table field active is populated with number, with this new code I still can log in. User should only be allowed to if the active filed is empty. If the field active is populated I should not be allowed to log in and should get the error messase account is not activated. I am using MySql database.
I am using this....

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password' AND active !=' '"))){
if(($rec['userid']==$userid)&&($rec['password']==$password)){
include "include/newsession.php";
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'"))){
if(($rec['userid']==$userid)&&($rec['password']==$password)){
include "include/newsession.php";

dhossai · October 16th, 2007, 02:20 PM

Hi C010,

Thanks for the code. I tried but user can still log in if the active filed still populated means user did not activate the account. My active field is a m5f enrypted filed which is hidden and generate automatically when user register to the site using " $a = md5(uniqid(rand(), true)); " this. Hope this will help to solve it.

c010depunkk · October 16th, 2007, 03:39 PM

I've provided two methods so far.... Both could work, but you are also going to have to try and understand the code or all the help we give you is useless!

Or try wording your question a bit more coherently and provide a bit more info about what you are exactly trying to do....

dhossai · October 16th, 2007, 05:05 PM

Hi c010,
Well I don't know how much i have to explain to get it out. Ok, here I go again, in my 'tbl_login' table i have a field called "ctive". If the filed is empty that means user have activated the account. How user activate it? When user signup, active field in tbl_login got populated with random number whis is md5 encrypted using ----$a = md5(uniqid(rand(), true)); --- this methond. user get an email with activation link. When user click that link account is activated and active field in tbl_login become empty. So I want to make sure that user can not log on to unless they activate the account and if they try they will get an error message saying account is not activated. And if account is activated then it will check the userid and password. I hope I was able to explain so that you understand. Thanks for your time.

c010depunkk · October 16th, 2007, 06:05 PM

OK, I've understood it now, but why doesn't the code that I posted work?

If you copy the 'session_unset()' function and the error message into the two places where I put comments, then it should work just like you described: The user can only log in when 1) the user name exists, 2) the 'active' field is empty (account has activated), and 3) the password is correct. You have to use the 'userid' to get a result from the database, that's why i did the validation in that order.

You could also do this with one SQL query (like the one in the first solution I posted), but this way you can output the errors more accurately because you know where the login process failed.

dhossai · October 16th, 2007, 06:54 PM

Hi c010,
I have checked line by line and did what exactly you told, but still user can log in even the account is not activated. Some how ---if($rec->active!='') {------This part is not working.
Again Thanks for your time.

dhossai · October 16th, 2007, 07:56 PM

Hi c010,
Just to let you know that your first solution work fine with adding AND active = '' at the end of my query but I still prefe the 2nd one to work as that is more informative. Pls Help!