I've been trying to figure out what I'm doing wrong. When it checks if the user is activated on line 26 even if the user is activated it sends the user to line 38 which tells tells them their username or password is incorrect but they are correct. You can find the two lines on the left side of the code.
<?php
require("includes/inc.php");
if ($_SESSION['username'] != null){
# Redirect the user to the member area
header('Location: member.php');
} else {
# Check if the user is trying to login
if ($_GET['do'] == "login"){
# If they are, process the details they have provided. Else, continue with showing the form
$username = trim(sanitize($_POST['username']));
$password = trim(sanitize($_POST['password']));
# Check if the username and password are empty
if (($username == null) || ($password == null)){
header('Location: login.php?error=field_blank');
} else {
$query_accounts = mysql_query("SELECT * FROM users WHERE `username` = '$username' LIMIT 1");
$query_count = mysql_num_rows($query_accounts);
if ($query_count == null){
// User not found
header('Location: login.php?error=details_wrong');
} else {
//Line 26 $active = mysql_fetch_array($query_accounts);
if ($active['active'] == 0) {
header('Location: login.php?error=activate');
} else {
$accounts = mysql_fetch_array($query_accounts);
// Check if the password matches the user's password
if ($accounts[password] == password($password)){
// The password is correct, start a session for the user
$_SESSION['username'] = $username;
header('Location: member.php');
} else {
// Incorrect password
//Line 38 header('Location: login.php?error=details_wrong');
}
}
}
}
} else {
?>
<!doctype html>
<html>
<head>
<title>PHP Login & Registration</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<link rel="stylesheet" type="text/css" href="css/style.css" />
<div id="main">
<h1>Login</h1>
</head>
<body>
Need a account? <a href="register.php">Register</a>
<!-- Display Messages -->
<?php
# -> Messages
if ($_GET['error'] == "field_blank"){ echo "<div class='error'>The username and/or password field was left blank</div>
"; }
elseif ($_GET['error'] == "details_wrong"){ echo "<div class='error'>The username and/or password was incorrect</div>
"; }
elseif ($_GET['error'] == "activate"){ echo "<div class='error'>Please activate your account.</div>
"; }
elseif ($_GET['success'] == "logout"){ echo "<div class='success'>You are now logged out</div>
"; }
elseif ($_GET['success'] == "complete"){ echo "<div class='success'>You are now registered, please activate your account by visiting your email.
"; }
?>
<!-- Login Form -->
<form action="?do=login" method="post" autocomplete="on">
<fieldset>
<p>Username</p>
<input type="text" name="username" size="40" maxlength="20" /> <br />
<p>Password</p>
<input type="password" name="password" size="40" maxlength="30" /> <br />
<input type="submit" value="Login" style="width:80px;" />
</fieldset>
<?php include "footer.php"; ?>
</form>
</div>
</body>
</html>
<?php
} // End Check Login
} // End check if logged in
?>