Results 1 to 4 of 4

Thread: PHP Turtorials: User login HELP!

  1. #1
    Join Date
    Oct 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Question PHP Turtorials: User login HELP!

    Hello guys.

    My problem is that everything works just fine, but i cant log in. When i try to log in with a correct username and password and the account IS activated it still says "Array ( [0] => Activate your account ) "

    This is the function:

    PHP Code:
    function user_active($username) {
            
    $username sanitize($username);
            return(
    mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE `username` = '$username' AND 'active' = '1'"), 0) == ) ? true false;
     } 
    And this is the code/session from login.php ( i copied the whole thing) :
    PHP Code:
    <?php
    include 'core/init.php';

    if (empty(
    $_POST) === false) {
        
    $username $_POST['username'];
        
    $password $_POST['password'];
        
        if (empty(
    $username) === true || empty ($password) === true) {
                 
    $errors [] = 'You need to enter a username and password';
        }   else if (
    user_exists($username) === false) {
                 
    $errors [] = 'We can\'t find that username. Have you registered?';
        }   else if (
    user_active($username) === false) {
                  
    $errors [] = 'Activate your account';
        }   else {
                
    $loginlogin($username$password);
                if (
    $login === false) {
                   
    $errors [] = 'That username/pasword combination is incorrect';    
        }   else {
                
    $_SESSION['user_id'] = $login;
                
    header('Location: index.php');
                exit();
        }
        
    }

        
    print_r($errors);
    }
    ?>
    Thank you.
    Last edited by szucsy11; 10-15-2012 at 12:12 PM.

  2. #2
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    works for me. what does your sanitize function do? my first suspicion would be that it's altering your input values (rather than simply preparing them for use in your query, which is what it would seem to be intended to do).

    aside from that, you should seriously consider two things:

    1. DO NOT give any error messages to the user, aside from "username+password combo not found."
    .....telling an unknown user (who might be malicious) anything more than that is a security/privacy risk.

    2. do not use the mysql_* functions.
    .....ext/mysql is outdated and scheduled for deprecation
    .....(choose another API instead, such as ext/mysqli or PDO).

    3. I don't know that you're doing this, but it would seem like a possibility based on the code you've given:
    .....don't store user passwords in plain text.
    .....they should be hashed before being stored or used in a query.

  3. #3
    Join Date
    Oct 2012
    Posts
    3
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Default

    Quote Originally Posted by traq View Post
    works for me. what does your sanitize function do? my first suspicion would be that it's altering your input values (rather than simply preparing them for use in your query, which is what it would seem to be intended to do).

    aside from that, you should seriously consider two things:

    1. DO NOT give any error messages to the user, aside from "username+password combo not found."
    .....telling an unknown user (who might be malicious) anything more than that is a security/privacy risk.

    2. do not use the mysql_* functions.
    .....ext/mysql is outdated and scheduled for deprecation
    .....(choose another API instead, such as ext/mysqli or PDO).

    3. I don't know that you're doing this, but it would seem like a possibility based on the code you've given:
    .....don't store user passwords in plain text.
    .....they should be hashed before being stored or used in a query.
    Its sanitizing data.

    PHP Code:
    <?php
    function sanitize($data) {
        return 
    mysql_real_escape_string($data);
    }  
    ?>

  4. #4
    Join Date
    Apr 2008
    Location
    So.Cal
    Posts
    3,643
    Thanks
    63
    Thanked 516 Times in 502 Posts
    Blog Entries
    5

    Default

    try adding this line to the function user_active (and remove it afterwards):
    Code:
    function user_active($username) { 
            die( $username == sanitize($username) ); 
            $username = sanitize($username); 
            return(mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE `username` = '$username' AND 'active' = '1'"), 0) == 1 ) ? true : false; 
     }
    if that doesn't print 1, try this modification:
    Code:
    function user_active($username) { 
            $username = sanitize($username); 
    //        return(mysql_result(mysql_query("SELECT COUNT(user_id) FROM users WHERE `username` = '$username' AND 'active' = '1'"), 0) == 1 ) ? true : false; 
    die( mysql_result( mysql_query("SELECT COUNT(user_id) FROM users WHERE `username` = '$username'  AND 'active' = '1'"), 0 ) ); 
     }
    let me know the results.

    Edit:

    whup, just caught it:
    Code:
     'active' = '1'
    
    # SHOULD BE
     `active` = '1'
    
    # _backticks_, not single-quotes.  :)
    Last edited by traq; 10-14-2012 at 09:58 PM.

Similar Threads

  1. Replies: 1
    Last Post: 10-28-2010, 01:31 PM
  2. PHP User Login/Register
    By Rockonmetal in forum PHP
    Replies: 7
    Last Post: 05-17-2010, 09:13 AM
  3. mutiple user Login Script
    By jandjweb in forum JavaScript
    Replies: 1
    Last Post: 10-25-2007, 10:28 PM
  4. PhP User Login and CSS Integration
    By goringpsa in forum PHP
    Replies: 1
    Last Post: 09-20-2007, 08:09 PM
  5. MYSQL User Login
    By Rockonmetal in forum MySQL and other databases
    Replies: 3
    Last Post: 09-15-2007, 11:17 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •