Page 1 of 1

User Register and Login

Posted: Tue May 31, 2011 10:03 am
by wignall6
Hello, I finished off the User Register and Login tutorial and it all worked fine, i moved onto Email activation one and i got some errors.

When i register it all works fine, the user is added to the users table but the activation isn't added to the user_activation table.

The activation email is sent fine.

The error i am getting is:
Fatal error: Call to undefined function valid_credentials() in /home/tomwign/public_html/hackergame/login.php on line 16
My login.php:
<?php

include('core/init.inc.php');

$errors = array();

if (isset($_POST['username'], $_POST['password'])) {
	if (empty($_POST['username'])) {
		$errors[] = 'The username cannot be empty.';
	}
	
	if (empty($_POST['password'])) {
		$errors[] = 'The password cannot be empty.';
	}
	
	if (valid_credentials($_POST['username'], sha1($_POST['password'])) === false) {
		$errors[] = 'Username / Password incorrect.';
	}
	
	if (empty($errors) && is_active($_POST['username']) === false) {
		$errors[] = 'This account has not yet been activated.';
	}
	
	if (empty($errors)) {
		$_SESSION['username'] = htmlentities($_POST['username']);
		
		header('Location: protected.php');
		die();
	}
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
	<title> <?php echo $sitetitle; ?> </title>
</head>
<body>

<div class="error">
	<?php
	
		if (empty($errors) === false) {
			?>
			<ul>
				<?php
					foreach ($errors as $error) {
						echo "<li>{$error}</li>";
					}
				?>
			</ul>
			<?php
		} else {
			echo 'Need an account? <a href="register.php">Register</a>.';
		}
	
	?>
</div>

<form action="" method="POST">
	<p>
		<label for="username">Username:</label>
		<input type="text" name="username" id="username" value="<?php if (isset($_POST['username'])) echo htmlentities($_POST['username']); ?>" />
	</p>
	<p>
		<label for="password">Password:</label>
		<input type="password" name="password" id="password" />
	</p>
	<p>
		<input type="submit" name="submit" value="Register" />
	</p>
</form>

</form>

</body>
</html>
If you need anymore code please reply. I know this is probably going to be a misspelt word or just missing a symbol or something. I have looked through it all and i can't notice any errors. I hope someone else can.

Re: User Register and Login

Posted: Tue May 31, 2011 11:03 am
by jacek
Where do you define the valid_credentials() function ? you may have typoed its name.

Re: User Register and Login

Posted: Tue May 31, 2011 11:26 am
by wignall6
It's in the user.inc.php:
<?php

// Checks if the username exists in the table
function user_exists($user) {

	$user = mysql_real_escape_string($user);
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;
	
}

// Checks if the user and password combination is valid
function vaild_credentials($user, $pass) {

	$user = mysql_real_escape_string($user);
	$pass = sha1($pass);
	
	$total = mysql_query("SELECT COUNT(`user_id`) FROM `users` WHERE `user_name` = '{$user}' AND `user_password` = '{$pass}'");
	
	return (mysql_result($total, 0) == '1') ? true : false;

}


// Checks if the given user account is active
function is_active($user) {
	$user = mysql_real_escape_string($user);
	
	$sql = "SELECT
				COUNT(`user_activations`.`user_id`)
			FROM `users`
			INNER JOIN `user_activations`
			ON `users`.`USER_ID	 = `user_activations.`user_id`
			WHERE `users`.`user_name` = '{$user}'";
	
	$result = mysql_query($sql);
	
	return (mysql_result($result, 0) == '0') ? true : false;
}

function activate_account($aid) {
	$aid = mysql_real_escape_string($aid);
	
	mysql_query("DELETE FROM `user_activations` WHERE `activation_code` = '{$aid}'");
}

// Adds the user to the database
function add_user($user, $email, $pass) {

	$user = mysql_real_escape_string(htmlentities($user));
	$email = mysql_real_escape_string($email);
	$pass = sha1($pass);
	
	$charset = array_flip(array_merge(range('a', 'z'), range('A', 'Z'), range('0', '9')));
	$aid = implode('', array_rand($charset, 10));
	
	$body = <<<EMAIL
	
	Hi,
	
	Thanks for registering, before you login you need to activate your account.
	
	To do that simply click the following link.
	
	http://tomwignall.co.uk/hackergame/acti ... ?aid={$aid}

EMAIL;

	mail($email, 'Activate your account at PHP Game', $body, 'From: noreply@tomwignall.co.uk');
	
	mysql_query("INSERT INTO `users` (`user_name`, `user_password`, `user_email`) VALUES ('{$user}', '{$pass}', '{$email}')");
	
	$user_id = mysql_insert_id();
	
	mysql_query("INSERT INTO `user_activations` (`user_id`, `activation_code`) VALUES ({$user_id}, '')'");

}

?>

Re: User Register and Login

Posted: Tue May 31, 2011 11:30 am
by Kamal
function vaild_credentials

Re: User Register and Login

Posted: Tue May 31, 2011 11:41 am
by wignall6
Kamal wrote:function vaild_credentials
omg i didn't even notice that, i knew it would be a spelling mistake.

Re: User Register and Login

Posted: Tue May 31, 2011 11:53 am
by wignall6
For some reason it still doesn't add the activation to the database. It's in the function is_active.

Re: User Register and Login

Posted: Tue May 31, 2011 12:22 pm
by jacek
wignall6 wrote:For some reason it still doesn't add the activation to the database. It's in the function is_active.
ON `users`.`USER_ID      = `user_activations.`user_id`
Missing ` after user_id on this line ;)

Re: User Register and Login

Posted: Tue May 31, 2011 5:19 pm
by wignall6
Thanks very much! All working now.