Originally Posted by
fileserverdirect
I am now pretty sure that there is an error with you login system (with MySQL).
Please post your login page here. I do not understand the point of the "Activated" if statement, is that if the user verifyed email, or if the user is logged on? If you have a link to your problamatic code please post it here
For the question regarding the "Activated" if statement, when the user first registers on the website, you are not active so therefore you have to verify your account via email, hope that answers your question.
And for the login script here it is:
PHP Code:
<?php
include 'd/user.connect.inc.php';
if(isset($_POST['login']))
{
$username = trim(addslashes($_POST['username']));
$password = md5(trim($_POST['password']));
$confpass = $_POST['confpass'];
$date = date("l jS F Y, g:i:s a");
$query = mysql_query("SELECT * FROM Users WHERE username = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
$lastsigned = mysql_query("UPDATE Users SET lastsigned = '$date' WHERE username = '$username'") or die(mysql_error());
if(mysql_num_rows($query) == 0)
{
echo '<b>ERROR:</b> We could not find that account, please make sure you have the correct username & password. <br />[<a href="http://users.domain.com/forgotpwd.phtml">Forgot Password</a>] - [<a href="http://users.domain.com/resendemail.phtml">Resend Activation Email</a>]';
include ('footer.php');
exit;
}
$row = mysql_fetch_array($query);
// now we check if they are activated
if($row['attempts'] == '3')
{
echo '<img alt="locked" src="images/icon_padlock.gif" /> Your account has been locked for security purposes, please contact as soon as possible. => <b>'.$row['attempts'].'/3</b> Failed Login Attempts <br />(An email has been sent to you, please check your emails)';
$to = ''.$row['name'].' <'.$row['email'].'>';
$subject = ''.$row['username'].', your account has been locked...';
$message = '
<html>
<body>
<span style="font-size:9pt;font-family:sans-serif;">
Dear <b>'.$row['name'].'</b>,<br /><br />
We are sorry to inform you that your account was locked due to three failed login attempts, this is a security procedure in order to prevent account abuse and hacking attempts.<br />
Once your account is locked it will remain locked, until a member of staff reviews the issue and gets back to you.<br /><br />
Please contact us as soon as possible to resolve this issue.<br /><br />
Username: <b>'.$row['username'].'</b><br >
Email: <b>'.$row['email'].'</b><br />
Failed Attempts: <b>'.$row['attempts'].'/3</b><br /><br />
Kind regards,<br >
Website Team,<br />
www.domain.com
</span>
</body>
</html>
';
$header .= "MIME-Version: 1.0\n";
$header .= "From: Xbox Daily <accounts@domain.com>\nContent-Type: text/html; charset=windows-1252\n";
$header .= "Reply-To: Xbox Daily <support@domain.com>\n";
$header .= "X-Mailer: PHP/".phpversion();
$send = mail($to, $subject, $message, $header);
include ('footer.php');
exit;
}
if($_POST['password'] !== $_POST['confpass'])
{
$upd = mysql_query("UPDATE Users SET attempts = attempts +1 WHERE username = '$username'") or die(mysql_error());
echo '<b>ERROR:</b> Both passwords did not match please check for any uppercase or lowercase characters. <b>'.$row['attempts'].'/3</b> Failed Login Attempts';
include ('footer.php');
exit;
}
if(mysql_num_rows($query) > 0)
{
if($row['activated'] > 0) //checks to see if the user is activated or not.
{
$_SESSION['s_logged_n'] = 'true';
$_SESSION['uid'] = $row['uid'];
$_SESSION['loggedon'] = $row['lastsigned'];
$_SESSION['lastupdate'] = $row['lastupdate'];
$_SESSION['s_pass'] = md5($row['password']);
$_SESSION['s_username'] = $username;
$_SESSION['s_name'] = $row['name'];
$_SESSION['s_email'] = $row['email'];
$_SESSION['s_dob'] = $row['dob'];
$_SESSION['s_reg'] = $row['registered'];
$_SESSION['s_act'] = $row['actkey'];
$_SESSION['msnim'] = $row['msnim'];
$_SESSION['aim'] = $row['aim'];
$_SESSION['yim'] = $row['yim'];
$_SESSION['int'] = $row['interests'];
$_SESSION['hobs'] = $row['hobbies'];
$_SESSION['xbl'] = $row['xblt'];
$_SESSION['fel'] = $row['feeling'];
$_SESSION['ht'] = $row['hometown'];
$_SESSION['ocu'] = $row['occupation'];
$_SESSION['web'] = $row['website'];
echo '<meta http-equiv="refresh" content="4;url=http://users.domain.com/ucp.php">';
echo '<div id="login"><img alt="logging in" src="http://users.domain.com/images/19-1.gif" /><br /><h4>'.$row['username'].'... Signing In</h4><span style="font-size:x-small;font-family:sans-serif;">If this takes longer than 5 minutes, please click <a href="http://users.domain.com/ucp.php">here</a>.</span></div>';
} else {
echo '
<div id="error"><b>ERROR:</b> You need to activate your account, before logging in... Please check your emails for further instructions!</div>';
}
} else {
echo '<b>ERROR:</b> There was a problem proccessing your details, please try again later...';
}
} else {
}
?>
Hopefully this will help you in determining where the issue is coming from, but as i said it logs the user in successfully and allows you to access the Control Panel and allows them to edit their account (e.g. Password, Email, Profile, etc).
And on the login page, it actually shows the person they are still logged in but as the login page was the first page to register the $_SESSION['var'] variables.
I just can't understand why the login page works by showing they are logged in and not the other pages??? I would so much appreciate if you could help me in solving this issue!
Regards,
Ben
Help: Users can login and access their account, but not content?
Reply With Quote
unless theres something out there to solve this annoying issue... I'll be thinking for awhile lol
Bookmarks