Reputation: 25
if and else format? php
I've been trying to figure out what I'm doing wrong. When it checks if the user is activated on line 26 even if the user is activated it sends the user to line 38 which tells tells them their username or password is incorrect but they are correct. You can find the two lines on the left side of the code.
<?php
require("includes/inc.php");
if ($_SESSION['username'] != null){
# Redirect the user to the member area
header('Location: member.php');
} else {
# Check if the user is trying to login
if ($_GET['do'] == "login"){
# If they are, process the details they have provided. Else, continue with showing the form
$username = trim(sanitize($_POST['username']));
$password = trim(sanitize($_POST['password']));
# Check if the username and password are empty
if (($username == null) || ($password == null)){
header('Location: login.php?error=field_blank');
} else {
$query_accounts = mysql_query("SELECT * FROM users WHERE `username` = '$username' LIMIT 1");
$query_count = mysql_num_rows($query_accounts);
if ($query_count == null){
// User not found
header('Location: login.php?error=details_wrong');
} else {
//Line 26 $active = mysql_fetch_array($query_accounts);
if ($active['active'] == 0) {
header('Location: login.php?error=activate');
} else {
$accounts = mysql_fetch_array($query_accounts);
// Check if the password matches the user's password
if ($accounts[password] == password($password)){
// The password is correct, start a session for the user
$_SESSION['username'] = $username;
header('Location: member.php');
} else {
// Incorrect password
//Line 38 header('Location: login.php?error=details_wrong');
}
}
}
}
} else {
?>
<!doctype html>
<html>
<head>
<title>PHP Login & Registration</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/style.css" />
<div id="main">
<h1>Login</h1>
</head>
<body>
Need a account? <a href="register.php">Register</a>
<!-- Display Messages -->
<?php
# -> Messages
if ($_GET['error'] == "field_blank"){ echo "<div class='error'>The username and/or password field was left blank</div>\n"; }
elseif ($_GET['error'] == "details_wrong"){ echo "<div class='error'>The username and/or password was incorrect</div>\n"; }
elseif ($_GET['error'] == "activate"){ echo "<div class='error'>Please activate your account.</div>\n"; }
elseif ($_GET['success'] == "logout"){ echo "<div class='success'>You are now logged out</div>\n"; }
elseif ($_GET['success'] == "complete"){ echo "<div class='success'>You are now registered, please activate your account by visiting your email.\n"; }
?>
<!-- Login Form -->
<form action="?do=login" method="post" autocomplete="on">
<fieldset>
<p>Username</p>
<input type="text" name="username" size="40" maxlength="20" /> <br />
<p>Password</p>
<input type="password" name="password" size="40" maxlength="30" /> <br />
<input type="submit" value="Login" style="width:80px;" />
</fieldset>
<?php include "footer.php"; ?>
</form>
</div>
</body>
</html>
<?php
} // End Check Login
} // End check if logged in
?>
Upvotes: 0
Views: 263
Answers (5)
Reputation: 17720
There are a few issues:
a) You get the row twice (Line 26 $active = mysql_fetch_array($query_accounts); and just below $accounts = mysql_fetch_array($query_accounts); - this may give you two different rows, when really there may be only one match - each "fetch" moves the pointer down a row
b) Check your variable type.
i) mysql_num_rows returns integer, but you're comparing to null
ii) also check $row['active'] is returning an value 0 and not a string null or blank. Might be safer to check for the negatives in both cases, i.e.
if (mysql_num_rows($result) > 0) {
if ($row['active']) {
// active state
} else {
// inactive state
}
} else {
// Not found
}
Upvotes: 1
Reputation: 49
i think you have problem with $accounts = mysql_fetch_array($query_accounts);
$accounts is array that contain row and column as index you need to use while
while($accounts = mysql_fetch_array($query_accounts))
{
}
Upvotes: 0
Reputation: 522451
Your only solution is to simplify! This:
if (...) {
if (...) {
if (...) {
...
}
} else {
...
}
...
} else {
...
}
is much better expressed as:
if ($someImportantCondition == false) {
die('Important condition not met');
}
...
if ($someOtherImportantCondition == false) {
die('Some other important condition not met');
}
...
echo 'Success!';
Instead of just dieing, you could display errors, redirect using header, include error pages, return from a function or whatever else you need to do that stops the logic at that point. Get that flow into a form a normal human can comprehend, then your problems will go away.
Upvotes: 0
Reputation: 60017
I use the notation
if (...)
{
if (...)
{
...
}
else
{
...
}
}
else
{
...
}
You can then easily identify what else part matches the if bit.
If you do this with your code you can find out what is going wrong.
Upvotes: 0
Reputation: 6752
The only thing that stands out to me right off the bat, is the following line
if ($accounts[password] == password($password)){
The key will be translated into a PHP constant, which to my best guess looking at your code, has not been defined. Wrap the key in quotations, like the following.
if ($accounts["password"] == password($password)){
I hope that helps solve your issue :)
Upvotes: 1
Related Questions
- file_exists() returns false even if the file exists
- if statement formatting
- if and elseif condition in PHP
- Using if/else operator in php code
- php if else alternate syntax
- PHP - If and else statements
- Multiple If - else in php
- if / elseif syntax
- PHP if else statements
- Constructing an if, if else, else statement