Member Avatar for andyy121

in database i have added the random and activated with boolean type and the defaul was set to As defined with 0 value.when i click log in it must desplay this: your accoun si not activate.Please check your email.
but i show you are in click here to click here to enter in member page,any solutin from you??plzz help

session_start();
$username =@$_POST['username'];
$password =@$_POST['password'] ;
if($username&&$password)
{
$connect = mysql_connect("localhost","root","") or ("Couldn't connect!");
mysql_select_db("phplogin") or die ("Couldn't find db");

$query = mysql_query("Select * FROM users WHERE username='$username'");

$numrow= mysql_num_rows($query);
if ($numrow!=0)
{

while($row = mysql_fetch_assoc($query))
{
$dbusername = @$row['username'];
$dbpassword = @$row['password'];
$acivated = $row=['activated'];

if(@$activated=='0')
{
die("your accoun si not activate.Please check your email!");
exit();
}
}
// check to see if they match
if($username==$dbusername&&md5($password)==$dbpassword)

{
  echo("You are in!<a href='member.php'>Click</a>here to enter in member page.");
  @$_SESSION['username']=$username;
}
else
    echo ("Incorrect password!");
}
else
     die ("That user doesn't exist!");


}
else
echo ("Please enter a username and a password!");
?>
Edited by diafol because: Not a code snippet - but a thread topic
  • 2 Contributors
  • 4 Replies
  • 191 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by andyy121
Member Avatar for diafol

I'd pull al the @ if I were you - surpressing the errors here will not make for production code. OK, I've rewritten the code to suit myself - you need to indent your code.

<?php
session_start();

//check form is sent and that all values are not empty
if(!empty($_POST['username']) && !empty($_POST['password'])){

    $username =mysql_real_escape_string($_POST['username']);
    $password =mysql_real_escape_string($_POST['password']);

    $connect = mysql_connect("localhost","root","") or ("Couldn't connect!");
    mysql_select_db("phplogin",$connect) or die ("Couldn't find db"); //you need the link identitifier

    $query = mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
    if(mysql_num_rows($query)){
        $row = mysql_fetch_assoc($query);
        $dbpassword = $row['password'];

        if($row['activated'] == 0) die("Your account is not activated. Please check your email!");

        if(md5($password)==$dbpassword){
            echo "You are in!<a href='member.php'>Click</a>here to enter in member page.";
            $_SESSION['username'] = $username;
        }else{
            echo "Incorrect password!";
        }
    }else{
         echo ("That user doesn't exist!");
    }
}else{
    echo ("Please enter a username and a password!");
}
?>

Note that exit() and die() are pretty much the same thing, so you don't need both.
You can use LIMIT 1 in the SQL to stop searching once it finds a match.
You don't need while loop if you're processing a single row.
You must sanitize your input (POST) with mysql_real_escape_string.
There's no need to check usernames are equal again - you've already done that for the query.

Edited by diafol
Member Avatar for andyy121

this is the link which i have added the id value and the code with a random number:http://localhost/site%202/avtivate.php?id=24&code=25922797 i have added the id number 10 and the code number,it shuw me this:Your account is activated.You may now log in. when i log in i wouldn't show this:Your account is activated.You may now log in.

Member Avatar for andyy121

i mean if i have to log in the activated code in database must have to changed 1 it is 0 again :/ what i have to change now help

Member Avatar for andyy121

diafol can you help me what i have to do now??

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.