0

Hey everyone,

I have another issue with my login page...It is in the checkuser.php and after I register, get the automated email that directs me to a page where my account has been activated..and redirects me to a log in page..I put in my info that the email gives me and it says that I either have not "activated my account" (which I clearly have..) or I didn't put in my info (which I clearly did) so I'm not sure what I'm doing wrong. Any help would be GREATLY appreciated! Here is the check user.php:

<?php
/* Check User Script */
session_start();  // Start Session

include 'membership_db.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];

if((!$username) || (!$password)){
	echo "Please enter ALL of the information! <br />";
	include 'logIn.html';
	exit();
}

// Convert password to md5 hash
$password = md5($password);

// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='0'");
$login_check = mysql_num_rows($sql);

if($login_check > 0){
	while($row = mysql_fetch_array($sql)){
	foreach( $row AS $key => $val ){
		$$key = stripslashes( $val );
	}
		// Register some session variables!
		session_register('first_name');
		$_SESSION['first_name'] = $first_name;
		session_register('last_name');
		$_SESSION['last_name'] = $last_name;
		session_register('email_address');
		$_SESSION['email_address'] = $email_address;
		session_register('special_user');
		$_SESSION['user_level'] = $user_level;
		
		mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
		
		header("Location: login_success.php");
	}
} else {
	echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
	Please try again!<br />";
	include 'logIn.html';
}
?>
4
Contributors
9
Replies
10
Views
5 Years
Discussion Span
Last Post by geneh23
0

Hi,

Without any intend of disrespect, session_register is deprecated in php version 5.3.x . Plus it is a dangerous thing to do security wise. http://php.net/manual/en/function.session-register.php

Just in case some people are trap into using this php function, because their sessions are stack within an array.. The simple solution is put the sessions in an array as shown below.
$session_inarray = array($user,$info1,$info2, $info3, $some_moreinfo_here);
## assign the above into session
$_SESSION = $session_inarray;
## to get the values in the session onto the other page, we simply do it
$user = $_SESSION[0]; $info1 = $_SESSION[1];...and so forth.

My post may not directly answer your questions, but it addressed one of the most critical issues on your script.

0

Dear geneh23,
Please use below mention rectified user login page coding. i hope this will solve your problem:

<?php
/* Check User Script */
session_start();  // Start Session

if (isset($_POST['Submit'])) //Replace Submit with your submit button name.
{

include 'membership_db.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
 
if((!$username) || (!$password)){
	echo "Please enter ALL of the information! <br />";
	include 'logIn.html';
	exit();
}
 
// Convert password to md5 hash
$password = md5($password);
 
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='0'");
$login_check = mysql_num_rows($sql);
 
if($login_check > 0){
	while($row = mysql_fetch_array($sql)){
	foreach( $row AS $key => $val ){
		$$key = stripslashes( $val );
	}
		// Register some session variables!
		session_register('first_name');
		$_SESSION['first_name'] = $first_name;
		session_register('last_name');
		$_SESSION['last_name'] = $last_name;
		session_register('email_address');
		$_SESSION['email_address'] = $email_address;
		session_register('special_user');
		$_SESSION['user_level'] = $user_level;
 
		mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");
 
		header("Location: login_success.php");
	}
} else {
	echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
	Please try again!<br />";
	include 'logIn.html';
}
}
?>

I hope that the above mention code is solve your problem. if solved then please mark this thread as solved.

0

@hemgoyal 1990: Is there some other code that I could use instead of "session_register" since it's depreciated in PHP version 5.3 stated by Veedeoo?

0

Please use the below mention code for batter security. this will not contain "session_register":

<?php
/* Check User Script */
session_start();  // Start Session
 
if (isset($_POST['Submit'])) //Replace Submit with your submit button name.
{
 
include 'membership_db.php';
// Conver to simple variables
$username = $_POST['username'];
$password = $_POST['password'];
 
if((!$username) || (!$password)){
	echo "Please enter ALL of the information! <br />";
	include 'logIn.html';
	exit();
}
 
// Convert password to md5 hash
$password = md5($password);
 
// check if the user info validates the db
$sql = mysql_query("SELECT * FROM users WHERE username='$username' AND password='$password' AND activated='0'");
$login_check = mysql_num_rows($sql);

$r = mysql_query($q);

 if ( $obj = @mysql_fetch_object($r) )
  {
  
  while ($r = mysql_fetch_array($r))
  {
  
  // Login good, create session variables
  $_SESSION["valid_id"] = $obj->id;
  $_SESSION['first_name'] = $row['$first_name'];
  $_SESSION['last_name'] = $row['$last_name'];
  $_SESSION['email_address'] = $row['$email_address'];
  $_SESSION['user_level'] = $row['$user_level'];
  $_SESSION["valid_time"] = time();
  
  }
  
  mysql_query("UPDATE users SET last_login=now() WHERE userid='$userid'");

  // Redirect to member page 
  header("Location: login_success.php");
  }

 else {
	echo "You could not be logged in! Either the username and password do not match or you have not validated your membership!<br />
	Please try again!<br />";
	include 'logIn.html';
}
}
?>

if you get any error in above mention script then please post your query here. i hope this will solve your problem.
Wbr:
Hemant Goyal

0

at hemgoyal1990: I still get the same error when I try to login..it says my account has either not been activated, which it clearly has or my information to log in is wrong, which it clearly is since I copied and pasted the info.. and by posting my query, what do you mean by that? ..Sorry for the lack of knowledge..I'm just waking up..

0

@ geneh23
What you copy and from where?
If you try to copy the password from the database, then it will not work because of this line

$password = md5($password);

do know the function of

md5()

.
try by removing this function first.
I hope it will help.........

0

Can you please confirm if the password in your database was posted as md5 hash? You can check it on your MyPhpAdmin..locate the member in questions, and then check the password column. In the password column the password should look something like this 9cafeef08db2dd477098a0293e71f90a, or you can check the form processor on your registration page if the password made by the new user is being posted as md5..for example $password = md5($_POST).

If it was not or your registration form processor does not convert the password to md5, then do what prvnkmr194 is suggesting.

0

@geneh23,
may be your error coming for md5 password conversion. please check your password field in your database thru phpmyadmin that is your password field stored with md5 value. if not then remove md5 conversion from this script. or one time please remove the below mention line and try:

$password = md5($password);

Wbr:
Hemant Goyal

0

Sorry for taking forever to reply...I've been really busy lately..the problem is solved, I just needed to take out the include file of basically the same script. Thanks everyone who helped! It was greatly appreciated!!

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.