Here's the file that handles the login process, login.php:
CODE
<?php
require ('../includes/functions.php');
url();
// Set parameters
$username = $_POST['username'];
$password = $_POST['password'];
$safe_password = md5($password);
$remember = $_POST['remember'];
$database['server'] = 'localhost';
$database['username'] = 'username';
$database['password'] = 'password';
$database['name'] = 'database';
// Protect against MySQL Injection
$username = stripslashes($username);
$password = stripslashes($password);
// Connect to MySQL Database
mysql_connect($database['server'], $database['username'], $database['password']);
mysql_select_db($database['name']);
// See if user is valid
function valid_user() {
global $username, $password, $safe_password;
if (mysql_num_rows(mysql_query("SELECT ID FROM users WHERE username = '$username' AND password = '$password' AND safe_password = '$safe_password'")) > 0) return true;
}
// Log in the user
if (count($_POST) > 0) {
$grab_id = mysql_query("SELECT ID FROM users WHERE username = '$username' AND password = '$password' AND safe_password = '$safe_password'");
$id = mysql_fetch_row($grab_id);
if (!valid_user()) {
header ('Location: ' . root . '/login?error=invalid');
}
else if (valid_user() && activated()) {
if ($remember) setcookie('hyfb_user', $username, time() + 31556926, '/');
else {
setcookie ('hyfb_user', $username, 0, '/');
setcookie ('hyfb_id', $id[0], 0, '/');
}
header ('Location: ' . root . '/account/dashboard');
}
else {
header ('Location: ' . root . '/account/activate');
}
}
else {
header ('Location: ' . root . '/login?error=invalid');
}
?>
require ('../includes/functions.php');
url();
// Set parameters
$username = $_POST['username'];
$password = $_POST['password'];
$safe_password = md5($password);
$remember = $_POST['remember'];
$database['server'] = 'localhost';
$database['username'] = 'username';
$database['password'] = 'password';
$database['name'] = 'database';
// Protect against MySQL Injection
$username = stripslashes($username);
$password = stripslashes($password);
// Connect to MySQL Database
mysql_connect($database['server'], $database['username'], $database['password']);
mysql_select_db($database['name']);
// See if user is valid
function valid_user() {
global $username, $password, $safe_password;
if (mysql_num_rows(mysql_query("SELECT ID FROM users WHERE username = '$username' AND password = '$password' AND safe_password = '$safe_password'")) > 0) return true;
}
// Log in the user
if (count($_POST) > 0) {
$grab_id = mysql_query("SELECT ID FROM users WHERE username = '$username' AND password = '$password' AND safe_password = '$safe_password'");
$id = mysql_fetch_row($grab_id);
if (!valid_user()) {
header ('Location: ' . root . '/login?error=invalid');
}
else if (valid_user() && activated()) {
if ($remember) setcookie('hyfb_user', $username, time() + 31556926, '/');
else {
setcookie ('hyfb_user', $username, 0, '/');
setcookie ('hyfb_id', $id[0], 0, '/');
}
header ('Location: ' . root . '/account/dashboard');
}
else {
header ('Location: ' . root . '/account/activate');
}
}
else {
header ('Location: ' . root . '/login?error=invalid');
}
?>
And here's the function to check if a user is activated, activated():
CODE
function activated() {
$id = $_COOKIE['hyfb_id'];
$username = $_COOKIE['hyfb_user'];
$database['server'] = 'localhost';
$database['username'] = 'username';
$database['password'] = 'password';
$database['name'] = 'database';
$connection = mysql_connect($database['server'], $database['username'], $database['password']);
mysql_select_db($database['name'], $connection);
$activation_find = mysql_query("SELECT activation_key FROM users WHERE ID = '$id' AND username = '$username'");
$activation_key = mysql_fetch_row($activation_find);
$status_find = mysql_query("SELECT status FROM users WHERE ID = '$id' AND username = '$username'");
$status = mysql_fetch_row($status_find);
if ($activation_key[0] == '' && $status[0] == 'verified') return true;
mysql_close($connection);
}
$id = $_COOKIE['hyfb_id'];
$username = $_COOKIE['hyfb_user'];
$database['server'] = 'localhost';
$database['username'] = 'username';
$database['password'] = 'password';
$database['name'] = 'database';
$connection = mysql_connect($database['server'], $database['username'], $database['password']);
mysql_select_db($database['name'], $connection);
$activation_find = mysql_query("SELECT activation_key FROM users WHERE ID = '$id' AND username = '$username'");
$activation_key = mysql_fetch_row($activation_find);
$status_find = mysql_query("SELECT status FROM users WHERE ID = '$id' AND username = '$username'");
$status = mysql_fetch_row($status_find);
if ($activation_key[0] == '' && $status[0] == 'verified') return true;
mysql_close($connection);
}
Okay, so, the weird thing is, if you look in the activated() function where it says:
CODE
if ($activation_key[0] == '' && $status[0] == 'verified') return true;
it's telling me that my account is activated, yet if I go into phpMyAdmin, I see that my "activation_key" field is " " (or empty, as intended) and my "status" field is "verified".
So, I'm wondering if it could be login.php file, specifically around the part where it's setting the cookies and everything.
Help?
