Hi there,
Yesterday I found Scrowler's tutorial and it's exactly what I need. However, since I already have a working login system, I only needed the parts relating to activating the account. I did a bit of cut and paste, but now it seems the system wont let anyone log in, activated or not.
PHP Code:
<?
/**
* Checks whether or not the given pid is in the
* database, if so it checks if the given password is
* the same password in the database for that user.
* If the user doesn't exist or if the passwords don't
* match up, it returns an error code (1 or 2).
* On success it returns 0.
*/
function confirmUser($pid, $password){
global $conn;
/* Add slashes if necessary (for query) */
if(!get_magic_quotes_gpc()) {
$pid = addslashes($pid);
}
/* Verify that user is in database */
$q = "select password from roster where pid = '$pid'";
$result = mysql_query($q,$conn);
if(!$result || (mysql_numrows($result) < 1)){
return 1; //Indicates pid failure
}
/* Retrieve password from result, strip slashes */
$dbarray = mysql_fetch_array($result);
$dbarray['password'] = stripslashes($dbarray['password']);
$password = stripslashes($password);
/* Validate that password is correct */
if($password == $dbarray['password']){
return 0; //Success! pid and password confirmed
}
else{
return 2; //Indicates password failure
}
}
/**
* checkLogin - Checks if the user has already previously
* logged in, and a session with the user has already been
* established. Also checks to see if user has been remembered.
* If so, the database is queried to make sure of the user's
* authenticity. Returns true if the user has logged in.
*/
function checkLogin(){
/* Check if user has been remembered */
if(isset($_COOKIE['cookname']) && isset($_COOKIE['cookpass'])){
$_SESSION['pid'] = $_COOKIE['cookname'];
$_SESSION['password'] = $_COOKIE['cookpass'];
}
/* pid and password have been set */
if(isset($_SESSION['pid']) && isset($_SESSION['password'])){
/* Confirm that pid and password are valid */
if(confirmUser($_SESSION['pid'], $_SESSION['password']) != 0){
/* Variables are incorrect, user not logged in */
unset($_SESSION['pid']);
unset($_SESSION['password']);
return false;
}
return true;
}
/* User not logged in */
else{
return false;
}
}
/**
* Determines whether or not to display the login
* form or to show the user that he is logged in
* based on if the session variables are set.
*/
function displayLogin(){
global $logged_in;
if($logged_in){
?>
<link href="images/mm_entertainment.css" rel="stylesheet" type="text/css" />
<p align="center"><span class="pageName">Logged In!</span></p>
<p align="center"> Welcome <b><?php $pid=$_SESSION["pid"];
$result = mysql_query("SELECT first_name FROM roster WHERE pid='$pid'");
if (!$result) {
echo("<P>Error performing query: " . mysql_error() . "</P>");
exit(); }
echo(mysql_result($result,0));?></b>, you are logged in. <a href="logout.php">Logout</a>
<?php
}
else{
?>
</p>
</p>
<link href="images/mm_entertainment.css" rel="stylesheet" type="text/css" />
<form action="" method="post">
<table align="left" border="0" cellspacing="0" cellpadding="3">
<tr>
<td colspan="2" class="pageName"><div align="center">Login</div></td>
</tr>
<tr><td class="bodyText">Pilot ID:</td><td><input type="text" name="pid" maxlength="3" size="15"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" maxlength="20" size="15"></td></tr>
<tr><td colspan="2" align="right"><input type="submit" name="sublogin" value="Login"></td></tr>
</table>
</form>
<?
}
}
/**
* Checks to see if the user has submitted his
* pid and password through the login form,
* if so, checks authenticity in database and
* creates session.
*/
if(isset($_POST['sublogin'])){
$l = mysql_connect ( "mysql12.servage.net" , "sca" , "harmony" ) or die("Error connecting: <br><br>".mysql_error());
mysql_select_db( "sca" ) or die("Error getting db: <br><br>".mysql_error());
$username = trim(addslashes($_POST['pid']));
$password = md5(trim($_POST['password']));
$query = mysql_query("SELECT * FROM roster WHERE pid = '$username' AND password = '$password' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($query);
// now we check if they are activated
if($row['Activated'] == 0)
{
/* Check that all fields were typed in */
if(!$_POST['pid'] || !$_POST['password']){
die('You didn\'t fill in a required field.');
}
/* Spruce up pid, check length */
$_POST['pid'] = trim($_POST['pid']);
if(strlen($_POST['pid']) > 30){
die("Sorry, the pid is longer than 30 characters, please shorten it.");
}
/* Checks that pid is in database and password is correct */
$md5pass = md5($_POST['password']);
$result = confirmUser($_POST['pid'], $md5pass);
/* Check error codes */
if($result == 1){
die('That pid doesn\'t exist in our database.');
}
else if($result == 2){
die('Incorrect password, please try again.');
}
/* pid and password correct, register session variables */
$_POST['pid'] = stripslashes($_POST['pid']);
$_SESSION['pid'] = $_POST['pid'];
$_SESSION['password'] = $md5pass;
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his pid,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
//if(isset($_POST['remember'])){
setcookie("cookname", $_SESSION['pid'], time()+60*60*24*100, "/");
setcookie("cookpass", $_SESSION['password'], time()+60*60*24*100, "/");
//}
/* Quick self-redirect to avoid resending data on refresh */
echo "<meta http-equiv=\"Refresh\" content=\"0;url=$HTTP_SERVER_VARS[PHP_SELF]\">";
return;
}
/* Sets the value of the logged_in variable, which can be used in your code */
$logged_in = checkLogin();
} else {
echo "activation required";
}
?>
This is the entire login.php page. Note that I have inserted Scrowler's activation code about halfway, after the form.
I didn't use the code as is in the tutorial, because I need this login to set cookies as I reference them in other pages.
If you could give me a clue as to why it isn't working, I'd be much appreciative.
Cheers.