BetterPHP

Hello, after register and using the activation code out of my mailbox i want to login, but there always shows the error that the account is not activated. I don't know where the error is.
The code is;
login.php

<?php 
include('core/init.inc.php');
$errors = array();
if (isset($_POST['username'], $_POST['password'])){
	if (empty($_POST['username'])){
		$errors[] = 'De gebruikersnaam mag niet leeg wezen.';
	}
	if (empty($_POST['password'])){
		$errors[] = 'Het paswoord mag niet leeg zijn.';
	}
	if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false){
		$errors[] = 'Gebruikersnaam/paswoord zijn niet goed ingevuld.';
	}
	if (empty($errors) && is_active($_POST['username']) === false){
		$errors[] = 'Deze account is niet geactiveerd.';
	}
	if (empty($errors)){
		if(isset($_POST['set_cookie']) && $_POST['set_cookie'] == '1'){
			setcookie('username', $_POST['username'], time() + 684800);
			setcookie('password', sha1($_POST['password']), time() + 684800);
		}
		$_SESSION['username'] = htmlentities($_POST['username']);
	header('location:beschermd.php');
	die();
	}
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>

<body>
<div>
<?php 
if (empty($errors) === false){
	?>
    <ul>
    <?php
		foreach ($errors as $error){
			echo"<li>{$error}</li>";
		}
	?>
   </ul>
   <?php
}else{
	echo 'Wil je je inschrijven? <a href="register.php">Schrijf je hier in</a>';
}
?>

</div>
<form action="" method="post">
	<p>
	<label for="username">Gebruikersnaam:</label>
    <input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
    </p>
    <p>
	<label for="password">Paswoord:</label>
    <input type="password" name="password" id="password" />
    </p>
    	<p>
        <label for="set_cookie">Onthoud mij:</label>
        <input type="checkbox" name="set_cookie" id="set_cookie" value="1" />
        </p>
    <p>
    <input type="submit" value="Login" />
  </p>
 </form> 
    <a href="forgot_pass.php">Paswoord vergeten? Klik hier.</a>

</body>
</html>

user.inc.php

<?php
//bestaat de gebruikersnaam in de database
function user_exists($user){
	$user = mysql_real_escape_string($user);
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `user_system` WHERE `user_name` = '{$user}'");
	return (mysql_result($total, 0) == '1') ? true : false;
}
//is de gebruikersnaam en paswoord combinatie correct
function valid_credentials($user, $pass){
	$user = mysql_real_escape_string($user);
	$pass = mysql_real_escape_string($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `user_system` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	    
	return (mysql_result($total, 0) == '1') ? true : false;
}
function is_active($user){
	$user = mysql_real_escape_string($user);
	
	$sql = "SELECT
			COUNT(`user_activations`.`user_id`)
			FROM `user_system`
			INNER JOIN `user_activations`
			ON `user_system`.`user_id` = `user_activations`.`user_id`
			WHERE `user_system`.`user_name` = '{$user}'";
			
	$result = mysql_query($sql);
	return (mysql_result($result, 0) == '0') ? true : false;
}
function activate_account($aid){
		$aid = mysql_real_escape_string($aid);
		
		mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
		
}
//paswoord vergeten 
function random_string($length){
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)));
	
	shuffle($charset);
	$password = array_slice($charset, 0, $length);
	return implode('', $password);
}
//voegt een gebruiker toe aan de database
function add_user($user, $email, $pass){
	$user  = mysql_real_escape_string(htmlentities($user));
	$email = mysql_real_escape_string($email);
	$pass  = sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range(0, 9)));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL
	
	Hallo,
	dank voor het registreren, voordat je gaat inloggen is het nodig dat je je account gaat activeren.
	omdat de doen kan je gewoon op deze link klikken, http://www.robcnossen.nl/login/activated.php?aid={$aid}
EMAIL;

mail($email, 'je nieuwe account in robbcnossen.nl', $body, 'From: test@test.nl');	
	
	mysql_query("INSERT INTO `user_system` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	$user_id = mysql_insert_id();
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ('{$user_id}', '{$aid}')");
}

?>

At first i thought that i used the sha1 and the mysql_real_escape_string functions wrong, but no matter hat i did, nothing changed. I also don't see any syntax errors. Hopefully someone see what i am doing wrong.
Thanks,
Robbedoesie

There are two places the problem could be, either the row is not being removed from the table, or the check to see if the account is active or not is failing and always returning false. So could you check the database and see if the row is removed ?

The row is not removed.

That means this function fails.:

function activate_account($aid){
                $aid = mysql_real_escape_string($aid);
               
                mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
               
}

echo mysql_error(); under the query to see if it tells you anything.

My apologizes, because i noticed now that the email link send me directly to the login page instead of the activate page. This was because i misspelled activate in the init.inc page in the exception variable.

Robbedoesie wrote:My apologizes, because i noticed now that the email link send me directly to the login page instead of the activate page. This was because i misspelled activate in the init.inc page in the exception variable.

Good spot ! That is probably the last thing I would have suggested !