Jump to content
Larry Ullman's Book Forums

Recommended Posts

I am developing the site, using Ch16 code.  But I can't login.  The error message is "Either the email address or password entered does not match those on file or you have not yet activated your account." Register.php and activate.php seem to work.  I received the register confirmation email and am activated because the "active" value of the database got NULL. Below is the code.

 

<?php
 
require_once ('includes/config.inc.php'); 
$page_title = 'Login';
include ('includes/header.html');
 
if (isset($_POST['submitted'])) {
require_once (MYSQL);
 
// Validate the email address:
if (!empty($_POST['emailm'])) {
$e = mysqli_real_escape_string ($dbc, $_POST['emailm']);
} else {
$e = FALSE;
echo '<p class="error">You forgot to enter your email address!</p>';
}
 
// Validate the password:
if (!empty($_POST['passwordm'])) {
$p = mysqli_real_escape_string ($dbc, $_POST['passwordm']);
} else {
$p = FALSE;
echo '<p class="error">You forgot to enter your password!</p>';
}
 
if ($e && $p) {
 
$q = "SELECT user_id, user_level FROM users WHERE (emailr='$e' AND passwordr=SHA1('$p')) AND active IS NULL";
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
 
if (@mysqli_num_rows($r) == 1) { // A match was made.
 
// Register the values & redirect:
$_SESSION = mysqli_fetch_array ($r, MYSQLI_ASSOC); 
mysqli_free_result($r);
mysqli_close($dbc);
 
$url = BASE_URL . 'home.html'; 
ob_end_clean(); 
header("Location: $url");
exit(); 
 
} else { 
echo '<p class="error">Either the email address or password entered do not match those on file or you have not yet activated your account.</p>';
}
 
} else { 
echo '<p class="error">Please try again.</p>';
}
 
mysqli_close($dbc);
 
 
include ('includes/footer.html');
 
?>
 
The database structure is:
 
user_id int(11) unsigned not null auto_increment
emailr varchar(80) ascii_bin not null 
passwordr char(40) utf8_genaral_ci not null
user_level tinyint(1) unsigned not null default 0 
active char(32) utf8_genaral_ci null default null
registration_date timestamp not null default current_timestamp
 
 
The website is www.7850givenrd.com
 
Please help me.
 
Thanks,
 

 

Link to comment
Share on other sites

Hi jeremy126, i have a question. How are you inserting the data.

$e= mysqli_real_escape_strim($dbc,trim(POST[emailm]) ); or 

are you using  preg_match() function

$trimmed = array_map('trim',$_ POST);
 preg_match('/^A-Z\'.-]{2,20}$/i', $trimmed['$e]);

just for curiosity.Because it seems that if you have a successful registration then the error is the way you are retrieving the data.  

Link to comment
Share on other sites

Thank you for your response, jorgeLP and Larry.

 

jorgeLP, I might not explain about the situation.  Through chapter 16 of the book, it is not necessary to insert the login data because users register the data through register.php and we may make sure whether the login data matches registered data.

 

Larry, I found out the cause after I broke down the query into its three conditions as your advice.

I learned the one method to clear up the cause.

 

Thank you very much. 

Link to comment
Share on other sites

 Share

×
×
  • Create New...