0

in database i have added the random and activated with boolean type and the defaul was set to As defined with 0 value.when i click log in it must desplay this: your accoun si not activate.Please check your email.
but i show you are in click here to click here to enter in member page,any solutin from you??plzz help

session_start();
$username =@$_POST['username'];
$password =@$_POST['password'] ;
if($username&&$password)
{
$connect = mysql_connect("localhost","root","") or ("Couldn't connect!");
mysql_select_db("phplogin") or die ("Couldn't find db");

$query = mysql_query("Select * FROM users WHERE username='$username'");

$numrow= mysql_num_rows($query);
if ($numrow!=0)
{

while($row = mysql_fetch_assoc($query))
{
$dbusername = @$row['username'];
$dbpassword = @$row['password'];
$acivated = $row=['activated'];

if(@$activated=='0')
{
die("your accoun si not activate.Please check your email!");
exit();
}
}
// check to see if they match
if($username==$dbusername&&md5($password)==$dbpassword)

{
  echo("You are in!<a href='member.php'>Click</a>here to enter in member page.");
  @$_SESSION['username']=$username;
}
else
    echo ("Incorrect password!");
}
else
     die ("That user doesn't exist!");


}
else
echo ("Please enter a username and a password!");
?>

Edited by diafol: Not a code snippet - but a thread topic

2
Contributors
4
Replies
6
Views
4 Years
Discussion Span
Last Post by andyy121
0

I'd pull al the @ if I were you - surpressing the errors here will not make for production code. OK, I've rewritten the code to suit myself - you need to indent your code.

<?php
session_start();

//check form is sent and that all values are not empty
if(!empty($_POST['username']) && !empty($_POST['password'])){

    $username =mysql_real_escape_string($_POST['username']);
    $password =mysql_real_escape_string($_POST['password']);

    $connect = mysql_connect("localhost","root","") or ("Couldn't connect!");
    mysql_select_db("phplogin",$connect) or die ("Couldn't find db"); //you need the link identitifier

    $query = mysql_query("SELECT * FROM users WHERE username='$username' LIMIT 1");
    if(mysql_num_rows($query)){
        $row = mysql_fetch_assoc($query);
        $dbpassword = $row['password'];

        if($row['activated'] == 0) die("Your account is not activated. Please check your email!");

        if(md5($password)==$dbpassword){
            echo "You are in!<a href='member.php'>Click</a>here to enter in member page.";
            $_SESSION['username'] = $username;
        }else{
            echo "Incorrect password!";
        }
    }else{
         echo ("That user doesn't exist!");
    }
}else{
    echo ("Please enter a username and a password!");
}
?>

Note that exit() and die() are pretty much the same thing, so you don't need both.
You can use LIMIT 1 in the SQL to stop searching once it finds a match.
You don't need while loop if you're processing a single row.
You must sanitize your input (POST) with mysql_real_escape_string.
There's no need to check usernames are equal again - you've already done that for the query.

Edited by diafol

0

i mean if i have to log in the activated code in database must have to changed 1 it is 0 again :/ what i have to change now help

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.