[SOLVED] php Login page

dhossai · #1 Oct 16th, 2007, 13:54

Hi Fellows!
I have a login page that check the database userid and password filed before log in. If match it allow them to log in and redirect that to a welcome page. It is working fine. Now what I want is ....it should check the table 'active' filed to verify whether user's activated or not their account. If it activated the field is empty. so if it was not activated they will get an messaga saying account is not activated. If the account is activated then it will check the userid and password filed. Iknow it sould very easy but I am kind of stuck. Here is my working login page code..........

PHP: Select all


include "include/session.php";
include "include/z_db.php";
//////////////////////////////
 
?>
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<title>(Type a title for your page here)</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">
<?
$userid=mysql_real_escape_string($userid);
$password=md5(mysql_real_escape_string($password));
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'"))){
 if(($rec['userid']==$userid)&&($rec['password']==$password)){
  include "include/newsession.php";
            echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=welcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>";
     print "<script>";
       print " self.location='welcome.php';"; // Comment this line if you don't want to redirect
          print "</script>";
    } 
  } 
 else {
  session_unset();
echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct  Userid and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
 
 }
?>
</body>
</html>

c010depunkk · #2 Oct 16th, 2007, 14:25

Just change your SQL query:

Code: Select all

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password' AND active != ''

dhossai · #3 Oct 16th, 2007, 14:47

Hi c010depunkk,
Could u pls show me the code for the query, I am kind of novice ther?

karinne · #4 Oct 16th, 2007, 14:52

see the bold

Code: Select all

$userid=mysql_real_escape_string($userid);
$password=md5(mysql_real_escape_string($password));
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'"))){
 if(($rec['userid']==$userid)&&($rec['password']==$password)){

dhossai · #5 Oct 16th, 2007, 15:01

Hi C010,
Thanks for our quick reponse but you are not giving me the corrected code that it should be you just showed me where to change but I need to know the changed code to incorporate my objective. Thanks

alexgeek · #6 Oct 16th, 2007, 15:05

He did change it Dhossai.
He changed:

Code: Select all

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'

to:

Code: Select all

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password' AND active != ''

dhossai · #7 Oct 16th, 2007, 15:08

Hi alexgeek,
where it got change? I don't see where it check the 'active' filed from the table to verify whether it was activated or not? Pls explain a bit.

karinne · #8 Oct 16th, 2007, 15:41

Oh dear!

See the green part in alexgeek's code

dhossai · #9 Oct 16th, 2007, 15:49

Hi Karinne,

Could u pls check my original post and check the code, I do not see any changes it is exactly same as I had. Pls let me know.

karinne · #10 Oct 16th, 2007, 15:52

In your code you have

SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'

and c010depunkk added AND active != '' at the end

Now ... if you don't understand this ... I don't know how else to explain the simplicity of this thread.

dhossai · #11 Oct 16th, 2007, 16:06

Hi Karrine,
Thanks for this. Now I can see the text but I still can not see any text on Alexe's post anywhere. I don't know it might be my browser is not allowing me to see this or what? It is interesting!!!!! Anyway, How to echo the notice if account was not activated. In my database it it was activated the 'active' field would be empty. Thanks

karinne · #12 Oct 16th, 2007, 16:07

What platform and browser are you in?

Quote:

In my database it it was activated the 'active' field would be empty.

and that's what the != ' ' is for

c010depunkk · #13 Oct 16th, 2007, 16:35

OK, back for round two. Here's your code, modified. This should work:

PHP: Select all


include "include/session.php";
include "include/z_db.php";
//////////////////////////////

?>
<!doctype html public "-//w3c//dtd html 3.2//en">
<html>
<head>
<title>(Type a title for your page here)</title>
<meta name="GENERATOR" content="Arachnophilia 4.0">
<meta name="FORMATTER" content="Arachnophilia 4.0">
</head>
<body bgcolor="#ffffff" text="#000000" link="#0000ff" vlink="#800080" alink="#ff0000">
<?
$userid=mysql_real_escape_string($userid);
$password=md5(mysql_real_escape_string($password));
if($rec=mysql_fetch_object(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid'"))){
    if($rec->active!='') {
        if($password==$rec->password) {
            include "include/newsession.php";
            echo "<p class=data> <center>Successfully,Logged in<br><br><a href='logout.php'> Log OUT </a><br><br><a href=welcome.php>Click here if your browser is not redirecting automatically or you don't want to wait.</a><br></center>";
            print "<script>";
            print " self.location='welcome.php';"; // Comment this line if you don't want to redirect
            print "</script>";
        } else {
            // password wrong
        }
    } else {
        // account not activated
    }
}else {
    session_unset();
    echo "<font face='Verdana' size='2' color=red>Wrong Login. Use your correct  Userid and Password and Try <br><center><input type='button' value='Retry' onClick='history.go(-1)'></center>";
}
?>
</body>
</html>

dhossai · #14 Oct 16th, 2007, 16:48

Hi karrine,
In the table field active is populated with number, with this new code I still can log in. User should only be allowed to if the active filed is empty. If the field active is populated I should not be allowed to log in and should get the error messase account is not activated. I am using MySql database.
I am using this....

if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password' AND active !=' '"))){
if(($rec['userid']==$userid)&&($rec['password']==$password)){
include "include/newsession.php";
if($rec=mysql_fetch_array(mysql_query("SELECT * FROM tbl_login WHERE userid='$userid' AND password = '$password'"))){
if(($rec['userid']==$userid)&&($rec['password']==$password)){
include "include/newsession.php";

dhossai · #15 Oct 16th, 2007, 17:20

Hi C010,

Thanks for the code. I tried but user can still log in if the active filed still populated means user did not activate the account. My active field is a m5f enrypted filed which is hidden and generate automatically when user register to the site using " $a = md5(uniqid(rand(), true)); " this. Hope this will help to solve it.

c010depunkk · #16 Oct 16th, 2007, 18:39

I've provided two methods so far.... Both could work, but you are also going to have to try and understand the code or all the help we give you is useless!

Or try wording your question a bit more coherently and provide a bit more info about what you are exactly trying to do....

dhossai · #17 Oct 16th, 2007, 20:05

Hi c010,
Well I don't know how much i have to explain to get it out. Ok, here I go again, in my 'tbl_login' table i have a field called "ctive". If the filed is empty that means user have activated the account. How user activate it? When user signup, active field in tbl_login got populated with random number whis is md5 encrypted using ----$a = md5(uniqid(rand(), true)); --- this methond. user get an email with activation link. When user click that link account is activated and active field in tbl_login become empty. So I want to make sure that user can not log on to unless they activate the account and if they try they will get an error message saying account is not activated. And if account is activated then it will check the userid and password. I hope I was able to explain so that you understand. Thanks for your time.

		Webforumz.com > Main Forums > Program Your Website > PHP Forum
[SOLVED] php Login page