Hay im new here but i looking for some help with
This Tutorial on this site. I've got it all working and running fine and its great. But i've got a slight problem, im using the php along with flash to make a multiplayer game. I've got a login that works fine but i was trying to add in the php that only alows you to login if you have activated you're account.
Current Login.php
Code:
<?
//Database Connectivity Variables//
$DBhost = "localhost";
$DBuser = "";
$DBpass = "";
$db_name = "";
$login_table = "Users";
//Create a connection to the MySQL Database//
$connection = @mysql_connect($DBhost,$DBuser,$DBpass) or die("Couldn't Connect.");
$db = @mysql_select_db($db_name, $connection) or die("Sorry, I could not select the requested Database ");
$password = md5($pass);
//SQL Querys
$sql = "SELECT * FROM $login_table WHERE username = \"$username\" and password = \"$password\"
";
$result = @mysql_query($sql, $connection) or die("Couldn't execute query.");
/*Now checking for the results of the query. if the results are not equal to zero then everything ok, anything else then the authentication failed*/
$num = mysql_num_rows($result);
if ($num != 0) {
// Send Results Back To Flash //
echo "status=Authentication Accepted";
echo "&chklogin=good";
echo "username=$username";
exit;
}
else {
// Send Errors Back To Flash //
echo "chklogin=bad";
echo "&status=Athentication Failed";
}
?>
This currently works fine, but i want to get this code added insome how so that the user has to activate account before logging in!
Code:
<?php
session_start();
include 'config.php';
if(isset($_POST['login']))
{
$username = trim(addslashes($_POST['username']));
$password = md5(trim($_POST['password']));
$query = mysql_query("SELECT * FROM Users WHERE Username = '$username' AND Password = '$password' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($query);
// now we check if they are activated
if(mysql_num_rows($query) > 0)
{
if($row['Activated'] > 0)
{
$_SESSION['s_logged_n'] = 'true';
$_SESSION['s_username'] = $username;
$_SESSION['s_name'] = $row['Name'];
header("Location: member.php");
} else {
echo '
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error"><p>Sorry, you must activate your account first. Please check your email for the email.</p>
<p>Didn'."'".'t get your validation email? <a href="resend.php">Click here</a> to resend the validation email.</p></div>
</body>
</html>
';
}
} else {
echo '
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="error"><p>There was an error processing your login, it appears that your username and/or password was incorrect. Please try again.</p>
<p>Didn'."'".'t get your validation email? <a href="resend.php">Click here</a> to resend the validation email.</p>
</div>
</body>
</html>
';
}
} else {
?>
<html>
<head>
<title>Login</title>
<link href="style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="wrapper">
<div id="head">the login page</div><br>
<div id="main">
<p>You must login to view this page. Enter your username and password below and hit submit:</p>
<form method="post" action="<?= $_SERVER['PHP_SELF'] ?>">
<p>Username:<br>
<input name="username" type="text" Cid="username">
<p>Password:<br>
<input name="password" type="password" id="password">
</p>
<p>
<input name="login" type="submit" id="login" value="Submit">
</p>
</form>
<p>Didn't get your validation email? <a href="resend.php">Click here</a> to resend the validation email.</p>
<p>Need an account? <a href="register.php">Click here</a> to register, it's completely free! </p>
</div>
</div>
</body>
</html>
<? } mysql_close($l); ?>
As you can probably guess, this script utilizes PHP SESSIONS, so a session is started with the session_start() command, and then config.php is included as before. We then check whether the user has submitted the form or not. If they have, it is processed, login details are checked, and the session variables are set to confirm that he/she is logged in. If this is not the case, the user is presented with a nice form instead. Nice and simple!
Activation Script (activate.php)
Not many membership systems include activation scripts, but I wanted to show you how to make yours “unspammable” and this is the easiest way. To put it simply, the user must enter a valid e-mail address otherwise he/she will not be able to validate their account and will not be able to login! Its a nice way to ensure that all your e-mail addresses are valid. Here’s the code you need:
<?php
include 'config.php';
$id = $_GET['id'];
$query = mysql_query("SELECT * FROM Users WHERE Actkey = '$id' LIMIT 1") or die(mysql_error());
$row = mysql_fetch_array($query);
if(mysql_num_rows($query) > 0){
$user = $row['id'];
$do = mysql_query("UPDATE Users SET Activated = 1 WHERE id = '$user' LIMIT 1") or die(mysql_error());
$send = mail($row['Email'] , "Activation Confirmation" , "Thank you for activating your account, you are now fully registered and able to use our services.\n\nTo login, click the link below:\nhttp://CHANGETHISURL.COM/login.php" , "FROM: auto@mailer.com");
if(($do)&&($send))
{
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="success">
<p>Activation successful! A confirmation email has been dispatched. You can now login!</p>
<p><a href="login.php">Click here</a> to goto the login page.</p>
</div>';
} else {
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="error">
<p>We are sorry, there appears to be an error processing your activation. Please try again later.</p>
</div>';
}
} else {
echo '<link href="style.css" rel="stylesheet" type="text/css">
<div id="error">
<p>Sorry, your activation code was incorrect. Please try again.</p>
</div>';
}
mysql_close($l);
?>
Can some one help me out here thanks!