User Register and Login

[wignall6]

Hello, I finished off the User Register and Login tutorial and it all worked fine, i moved onto Email activation one and i got some errors.

When i register it all works fine, the user is added to the users table but the activation isn't added to the user_activation table.

The activation email is sent fine.

The error i am getting is:

Fatal error: Call to undefined function valid_credentials() in /home/tomwign/public_html/hackergame/login.php on line 16

My login.php:

[syntax=php]<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])) {
if (empty($_POST['username'])) {
$errors[] = 'The username cannot be empty.';
}

if (empty($_POST['password'])) {
$errors[] = 'The password cannot be empty.';
}

if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false) {
$errors[] = 'Username / Password incorrect.';
}

if (empty($errors) && is_active($_POST['username']) === false) {
$errors[] = 'This account has not yet been activated.';
}

if (empty($errors)) {
$_SESSION['username'] = htmlentities($_POST['username']);

header('Location: protected.php');
die();
}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title> <?php echo $sitetitle; ?> </title>
</head>
<body>

<div class="error">
<?php

if (empty($errors) === false) {
?>
<ul>
<?php
foreach ($errors as $error) {
echo "<li>{$error}</li>";
}
?>
</ul>
<?php
} else {
echo 'Need an account? <a href="register.php">Register</a>.';
}

?>
</div>

<form action="" method="POST">
<p>
<label for="username">Username:</label>
<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
</p>
<p>
<label for="password">Password:</label>
<input type="password" name="password" id="password" />
</p>
<p>
<input type="submit" name="submit" value="Register" />
</p>
</form>

</form>

</body>
</html>[/syntax]

If you need anymore code please reply. I know this is probably going to be a misspelt word or just missing a symbol or something. I have looked through it all and i can't notice any errors. I hope someone else can.

[jacek]

Where do you define the valid_credentials() function ? you may have typoed its name.

[wignall6]

It's in the user.inc.php:

[syntax=php]<?php

// Checks if the username exists in the table
function user_exists($user) {

$user = mysql_real_escape_string($user);
$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");

return (mysql_result($total, 0) == '1') ? true : false;

}

// Checks if the user and password combination is valid
function vaild_credentials($user, $pass) {

$user = mysql_real_escape_string($user);
$pass = sha1($pass);

$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");

return (mysql_result($total, 0) == '1') ? true : false;

}


// Checks if the given user account is active
function is_active($user) {
$user = mysql_real_escape_string($user);

$sql = "SELECT
COUNT(`user_activations`.`user_id`)
FROM `users`
INNER JOIN `user_activations`
ON `users`.`USER_ID = `user_activations.`user_id`
WHERE `users`.`user_name` = '{$user}'";

$result = mysql_query($sql);

return (mysql_result($result, 0) == '0') ? true : false;
}

function activate_account($aid) {
$aid = mysql_real_escape_string($aid);

mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}

// Adds the user to the database
function add_user($user, $email, $pass) {

$user = mysql_real_escape_string(htmlentities($user));
$email = mysql_real_escape_string($email);
$pass = sha1($pass);

$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
$aid = implode('', array_rand($charset, 10));

$body = <<<EMAIL

Hi,

Thanks for registering, before you login you need to activate your account.

To do that simply click the following link.

http://tomwignall.co.uk/hackergame/activate.php?aid={$aid}

EMAIL;

mail($email, 'Activate your account at PHP Game', $body, 'From: noreply@tomwignall.co.uk');

mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");

$user_id = mysql_insert_id();

mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '')'");

}

?>[/syntax]

[Kamal]

function vaild_credentials

[wignall6]

function vaild_credentials

omg i didn't even notice that, i knew it would be a spelling mistake.

[wignall6]

For some reason it still doesn't add the activation to the database. It's in the function is_active.

[jacek]

For some reason it still doesn't add the activation to the database. It's in the function is_active.

[syntax=sql]ON `users`.`USER_ID = `user_activations.`user_id`[/syntax]
Missing ` after user_id on this line

[wignall6]

Thanks very much! All working now.