Activation login.php error
Posted: Fri Apr 13, 2012 5:41 pm
Hello, just want to start by thanking you for creating these good tutorials, i've learnt a lot! 
I have just finished following your activation script tutorial but i've run into a problem with my login page. When i try to login, i get the following message:
My files are:
user.inc.php
I have just finished following your activation script tutorial but i've run into a problem with my login page. When i try to login, i get the following message:
Warning: mysql_result() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\core\inc\user.inc.php on line 37
Don't have an account?, Click here to register.
This account needs to be activated, check your email address for the activation email
This error occurs with every account i try to login with (only accounts which exist though), regardless of whether they're activated or not.My files are:
user.inc.php
<?php
// Checks if the given username already exists in the table.
function user_exists($user) {
$user = mysql_real_escape_string(htmlentities($user));
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
// Checks the username and password combination is valid.
function valid_credentials($user, $pass){
$user = mysql_real_escape_string($user);
$pass = sha1($pass);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
return (mysql_result($total, 0) == '1') ? true : false;
}
function is_active($user){
$user = mysql_real_escape_string($user);
$sql = "SELECT COUNT(`user_activation`.`user_id`)
FROM `users`
INNER JOIN `user_activation`.`user_id`
ON `users`.`user_id` = `user_activation`.`user_id`
WHERE `users`.`user_name` = '{$user}'";
$result = mysql_query($sql);
return (mysql_result($result, 0) == '0') ? true : false;
}
function activate_user($aid){
$aid = mysql_real_escape_string($aid);
mysql_query("DELETE FROM `user_activation` WHERE `activation_code` = '{$aid}'");
}
// This creates a user to the table.
function add_user($user, $email, $pass, $aboutme, $ip) {
$user = mysql_real_escape_string(htmlentities($user));
$email = mysql_real_escape_string(htmlentities($email));
$pass = sha1($pass);
$aboutme = mysql_real_escape_string(htmlentities($aboutme));
$ip = mysql_real_escape_string($ip);
$charset = array_flip(array_merge(range('a', 'z'), range('A','Z'), range(0,9)));
$aid = implode('', array_rand($charset, 31));
$body = "
Hello,
Thanks for registering, before you login you need to activate your account.
To activate your account, click the link below. If the link is not clickable, copy it and paste it in your url.
http://localhost/activate.php?aid={$aid}";
mail($email, 'New account at test.com needs activating', $body, 'From: postmaster@localhost');
mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`, `user_aboutme`, `user_ip`) VALUES ('{$user}', '{$pass}', '{$email}', '{$aboutme}', '{$ip}')");
$user_id = mysql_insert_id();
mysql_query("INSERT INTO `user_activation` (`user_id`, `activation_code`) VALUES ({$user_id}, '{$aid}')");
}
?>
login.php
<?php
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
if (empty($_POST['username'])) {
$errors[] = 'The username is empty.';
}
if (empty($_POST['password'])){
$errors[] = 'The password is empty.';
}
if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
$errors[] = 'Username and/or Password incorrect.';
}
if (empty($errors) && is_active($_POST['username']) === false){
$errors[] = 'This account needs to be activated, check your email address for the activation email';
}
if (empty($errors)){
if (isset($_POST['rcookie']) && $_POST['rcookie'] == '1'){
setcookie('username', $_POST['username'], time() + 604800);
setcookie('password', sha1($_POST['password']), time() + 604800);
}
$_SESSION['username'] = htmlentities($_POST['username']);
header('Location: protected.php');
die();
}
}
if (isset($_SESSION['username']) === TRUE) {
header('Location: protected.php');
die();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
Don't have an account?, <a href="register.php">Click here</a> to register.
<?php
if (empty($errors) === false) {
?>
<ul class="errors">
<?php
foreach ($errors as $error){
echo"<li>{$error}</li>";
}
}
?>
</ul>
<form action="" method="post">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" autocomplete="off" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" autocomplete="off" />
</p>
<p>
<label for="rcookie">Remember Me:</label>
<input type="checkbox" name="rcookie" id="rcookie" value="1"/>
</p>
<p>
<input type="submit" value="Login" />
</p>
</form>
</body>
</html>
and finally, init.inc.php
<?php
session_start();
$exceptions = array('register','login', 'activate');
$page = substr(end(explode('/', $_SERVER['SCRIPT_NAME'])), 0, -4);
mysql_connect('localhost', 'root', '');
mysql_select_db('user_system');
$path = dirname(__FILE__);
include("{$path}/inc/user.inc.php");
if (isset($_COOKIE['username'], $_COOKIE['password']) && isset($_SESSION['username']) === false) {
if (valid_credentials($_COOKIE['username'], $_COOKIE['password'])){
$_SESSION['username'] = htmlentities($_COOKIE['username']);
setcookie('username', $_COOKIE['username'], time() + 604800);
setcookie('password', $_COOKIE['password'], time() + 604800);
}
}
// if page is in the exceptions is equal to false then:
if(in_array($page, $exceptions) === false){
if (isset($_SESSION['username']) === false) {
header('Location: login.php');
die();
}
}
?>