Jeremy126

Thank you for your response, jorgeLP and Larry. jorgeLP, I might not explain about the situation. Through chapter 16 of the book, it is not necessary to insert the login data because users register the data through register.php and we may make sure whether the login data matches registered data. Larry, I found out the cause after I broke down the query into its three conditions as your advice. I learned the one method to clear up the cause. Thank you very much.

I am developing the site, using Ch16 code. But I can't login. The error message is "Either the email address or password entered does not match those on file or you have not yet activated your account." Register.php and activate.php seem to work. I received the register confirmation email and am activated because the "active" value of the database got NULL. Below is the code. <?php require_once ('includes/config.inc.php'); $page_title = 'Login'; include ('includes/header.html'); if (isset($_POST['submitted'])) { require_once (MYSQL); // Validate the email address: if (!empty($_POST['emailm'])) { $e = mysqli_real_escape_string ($dbc, $_POST['emailm']); } else { $e = FALSE; echo '<p class="error">You forgot to enter your email address!</p>'; } // Validate the password: if (!empty($_POST['passwordm'])) { $p = mysqli_real_escape_string ($dbc, $_POST['passwordm']); } else { $p = FALSE; echo '<p class="error">You forgot to enter your password!</p>'; } if ($e && $p) { $q = "SELECT user_id, user_level FROM users WHERE (emailr='$e' AND passwordr=SHA1('$p')) AND active IS NULL"; $r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc)); if (@mysqli_num_rows($r) == 1) { // A match was made. // Register the values & redirect: $_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); mysqli_free_result($r); mysqli_close($dbc); $url = BASE_URL . 'home.html'; ob_end_clean(); header("Location: $url"); exit(); } else { echo '<p class="error">Either the email address or password entered do not match those on file or you have not yet activated your account.</p>'; } } else { echo '<p class="error">Please try again.</p>'; } mysqli_close($dbc); } include ('includes/footer.html'); ?> The database structure is: user_id int(11) unsigned not null auto_increment emailr varchar(80) ascii_bin not null passwordr char(40) utf8_genaral_ci not null user_level tinyint(1) unsigned not null default 0 active char(32) utf8_genaral_ci null default null registration_date timestamp not null default current_timestamp The website is www.7850givenrd.com Please help me. Thanks,