How do I fix my code to run the script to activate my membership

I learned through video tutorials and built a membership site. However, I can’t log into my site and I haven’t been able to spot the problem.

<?php error_reporting(E_ALL); ini_set('display_errors', '1'); //----------------------------------------------------------------------------------------------------------------------------------- if ($_GET['id'] != "") { //Connect to the database through an include include_once "connect_to_mysql.php"; $id = $_GET['id']; $hashpass = $_GET['sequence']; $id = mysql_real_escape_string($id ); $id = preg_match("`", "", $id); $hashpass = mysql_real_escape_string($hashpass); $hashpass = preg_match("`", "", $hashpass); $sql = mysql_query("UPDATE memberFiles SET email_activated='1' WHERE id='$id' AND password='$hashpass'"); $sql_doublecheck = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hashpass' AND email_activated='1'"); $doublecheck = mysql_num_rows($sql_doublecheck); if($doublecheck == 0){ $msgToUser = "

Your account could not be activated!

Please email site administrator and request manual activation. "; include 'msgToUser.php'; exit(); } elseif ($doublecheck > 0) { $msgToUser = "

Your account has been activated!

Log In anytime up top.

"; include 'msgToUser.php'; exit(); } } // close first if When I try to activate the membership I get this error:[code] Warning: preg_match() [function.preg-match]: No ending delimiter '`' found in /home/content/53/8957353/html/activation.php on line 16 Warning: preg_match() [function.preg-match]: No ending delimiter '`' found in /home/content/53/8957353/html/activation.php on line 19 Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/content/53/8957353/html/activation.php on line 24 Warning: session_start() [function.session-start]: Cannot send session cookie - headers already sent by (output started at /home/content/53/8957353/html/activation.php:16) in /home/content/53/8957353/html/scripts/checkuserlog.php on line 2 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/53/8957353/html/activation.php:16) in /home/content/53/8957353/html/scripts/checkuserlog.php on line 2 [/code] Any help would be appreciated

Well, your problems are with the “preg_match” functions.
Preg_match is in this format:
preg_match(search, subject, result-array)

So, this first preg_match line in your code:
$id = preg_match("`", “”, $id);

Looks for single-quote inside of NOTHING and places all it finds into $id.
Not sure what this code does for you! You should add a line that displays this so you can see what ID you are using for your queries. If you do not have the correct ID, nothing else works for you.

use: die($id);
That will display the value of $id and then stop. If it does not show you your id then you know it’s the preg_match code. Here is a link for learning preg_match, but, this is one of the hardest functions to understand. It is not really needed for a log-in script.
http://www.tipsntutorials.com/tutorials/PHP/50

good luck!

Thank you. Although I do understand your explanation, I don’t understand exactly what to put there to fix the problem. The account has been activated, and information has been fed into the database. But when I try to log in on the home page or my login page, I get: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/content/53/8957353/html/login.php on line 15.

Well again, your two preg_match commands are invalid and mess up your entire program.
You can comment them out for now with // … Then, go back where you got the strange code
and see if you can figure out what these two lines are supposed to be.

You program will not work if your $id is not set correctly. Because of your preg_match code, your
$id gets set to nothing and you can not run your queries without your $id… Hope that all makes sense!

Thank you. Although I do understand your explanation, I don’t understand exactly what to put there to fix the problem. The account has been activated, and information has been fed into the database. But when I try to log in on the home page or my login page, I get: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/content/53/8957353/html/login.php on line 15. This is the script for my activation page:

<?php error_reporting(E_ALL); ini_set('display_errors', '1'); //----------------------------------------------------------------------------------------------------------------------------------- if ($_GET['id'] != "") { include_once "connect_to_mysql.php"; $id = $_GET['id']; $hashpass = $_GET['sequence']; $id = mysql_real_escape_string($id ); // $id = preg_match("`", "`", $id); $hashpass = mysql_real_escape_string($hashpass); // $hashpass = preg_match("`", "`", $hashpass); $sql = mysql_query("UPDATE memberFiles SET email_activated='1' WHERE id='$id' AND password='$hashpass'"); $sql_doublecheck = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hashpass' AND email_activated='1'"); $doublecheck = mysql_num_rows($sql_doublecheck); if($doublecheck == 0){ $msgToUser = "

Your account could not be activated!

Please email site administrator and request manual activation. "; include 'msgToUser.php'; exit(); } elseif ($doublecheck > 0) { $msgToUser = "

Your account has been activated!

Log In anytime up top.

"; include 'msgToUser.php'; exit(); } } // close first if So since that didn't work I tried to login at the top of the header and at the login script and get this: Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/content/53/8957353/html/activation.php on line 24 Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/content/53/8957353/html/activation.php:24) in /home/content/53/8957353/html/scripts/checkuserlog.php on line 2 This is my login script: [php]<?php if ($_POST['email']) { include_once "connect_to_mysql.php"; $email = stripslashes($_POST['email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all database data that - // cannot be changed by member into SESSION variables. // Data that you want member to be able to change - // should never be set into a SESSION variable. $sql = mysql_query("SELECT * FROM memberFiles WHERE email='$email' AND password='$password' AND emailactivated='1'"); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Get member ID into a session variable $id = $row["id"]; session_register('id'); $_SESSION['id'] = $id; // Get member username into a session variable $username = $row["username"]; session_register('username'); $_SESSION['username'] = $username; // Update last_log_date field for this member now mysql_query("UPDATE memberFiles SET lastlogin=now() WHERE id='$id'"); // Print success message here if all went well then exit the script header("http://www.istreamflix.com/ member_profile.php?id=$id"); exit(); } // close while } else { // Print login failure message to the user and link them back to your login page print '

No match in our records, try again

Click here to go back to the login page.'; exit(); } }// close if post ?>[/php]

ANY help would be appreciated.

Okay, since you have the preg_match, we should check to see if it is working correctly.
So, we will have to change one line of the query line and the add a couple more to display some
values for the variables.

First, change these lines:

$sql = mysql_query(“SELECT * FROM memberFiles WHERE email=’$email’ AND password=’$password’ AND emailactivated=‘1’”);
$sql = mysql_query($query);

To these:

$query = “SELECT * FROM memberFiles WHERE email=’$email’ AND password=’$password’ AND emailactivated=‘1’”;
echo “email=” . $email . “

”;
echo “password=” . $password . “

”;
die($sql);
$sql = mysql_query($query);

This will kill the program just before the login query is executed. It will display the REAL value of
$email, $password and show you the query with these two in place. So, then we will know if your
input data is getting to the first query needed to log in.

You do not have to post the values since it’s a password deal, but, you make sure the email and password match correctly. and that the query looks correct with the data in place where belongs.

then verify the query. Let us know…

Thanks again for your help and the change did help, just not as expected. The login page now gives me the email address and the hashed password but I still cannot see my account and I’m not sure what to do.

Okay, post your latest code and I will look at it. Please use the PHP tags above.
To use them press on the PHP above when you are writing. This will place something like [ php ] and an end tag, too. You just paste a copy of your file in the middle of those tags. In that way we can copy it easy and put it into our own editors. Thanks…

Once again, thank you for helping me and I’m sorry to be so thick headed. Attached is the login script. I’m not sure if you needed the activation script too, so it is after the login script here:

[php]<?php
if ($_POST[‘email’]) {
//Connect to the database through our include
include_once “connect_to_mysql.php”;
$email = stripslashes($_POST[‘email’]);
$email = strip_tags($email);
$email = mysql_real_escape_string($email);
$password = preg_replace("[^A-Za-z0-9]", “”, $_POST[‘password’]); // filter everything but numbers and letters
$password = md5($password);
// Make query and then register all database data that -
// cannot be changed by member into SESSION variables.
// Data that you want member to be able to change -
// should never be set into a SESSION variable.
$query = “SELECT * FROM memberFiles WHERE email=’$email’ AND password=’$password’ AND emailactivated=‘1’”;
echo “email=” . $email . “

”;
echo “password=” . $password . “

”;
die($sql);
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
// Get member ID into a session variable
$id = $row[“id”];
session_register(‘id’);
$_SESSION[‘id’] = $id;
// Get member username into a session variable
$username = $row[“username”];
session_register(‘username’);
$_SESSION[‘username’] = $username;
// Update last_log_date field for this member now
mysql_query(“UPDATE memberFiles SET lastlogin=now() WHERE id=’$id’”);
// Print success message here if all went well then exit the script
header(“http://www.istreamflix.com/ member_profile.php?id=$id”);
exit();
} // close while
} else {
// Print login failure message to the user and link them back to your login page
print ‘

No match in our records, try again


Click here to go back to the login page.’;
exit();
}
}// close if post
?>

Login to your profile

Email Address:
Password:

[/php]

Here is the activation script:

[php]<?php
// If the GET variable id is not empty, we run this script, if variable is empty we give message at bottom
// Force script errors and warnings to show on page in case php.ini file is set to not display them
error_reporting(E_ALL);
ini_set(‘display_errors’, ‘1’);
//-----------------------------------------------------------------------------------------------------------------------------------
if ($_GET[‘id’] != “”) {

//Connect to the database through an include 
include_once "connect_to_mysql.php";

$id = $_GET['id']; 
$hashpass = $_GET['sequence']; 

$id  = mysql_real_escape_string($id );

// $id = preg_match("", "", $id);

$hashpass = mysql_real_escape_string($hashpass);

// $hashpass = preg_match("", "", $hashpass);

$sql = mysql_query("UPDATE memberFiles SET email_activated='1' WHERE id='$id' AND password='$hashpass'"); 

$sql_doublecheck = mysql_query("SELECT * FROM memberFiles WHERE id='$id' AND password='$hashpass' AND email_activated='1'"); 
$doublecheck = mysql_num_rows($sql_doublecheck); 

if($doublecheck == 0){ 
    $msgToUser = "<br /><br /><h3><strong><font color=red>Your account could not be activated!</font></strong><h3><br />
    <br />
    Please email site administrator and request manual activation.
    "; 
include 'msgToUser.php'; 
exit();
} elseif ($doublecheck > 0) { 

    $msgToUser = "<br /><br /><h3><font color=\"#0066CC\"><strong>Your account has been activated! <br /><br />
    Log In anytime up top.</strong></font></h3>";

include 'msgToUser.php'; 
exit();

}

} // close first if

print "Essential data from the activation URL is missing! Close your browser, go back to your email inbox, and please use the full URL supplied in the activation link we sent you.



[email protected]
";
?>[/php]

Again, thank you for all your help!

I found a few very minor issues. But, first, what are the file names of the two posts you sent me.
The first one you called your “login script” is the name login.php?

I was looking at the preg_match issue…
( // $hashpass = preg_match("", "", $hashpass); )
I noticed that you are trying to change BACKWARDS-quotes. Perhaps this line was supposed to change all backward quotes to forward quotes??? Can you look back to where you got this line from and see if the second one is a normal quote? That might make sense then…

Yes they are the login.php and activation.php scripts. Looking at that line, I’m not sure of that question. I learned this as part of the tutorial series and while I went over the tutorial several times, that line was never really explained. I see what you’re saying and the question I have is whether or not making all of these parameters match will have an effect. Because that line was commented out, I was never sure what that meant.

Butch,

I think I found it… A very small hard to find problem. An EXTRA space!
In your PHP code, if all is well it redirects to the member profile page. But, it does not because
there is an extra space in front of the page name.

I also found a couple minor errors. First, you had an extra “exit();” command that was useless. It would never be used. Also, one was a print then exit. For that you should use die(“message”); saves a line and is designed for that use. The Javascript had a few extra spaces that I removed.

Here is a new version of that file. I commented out the displays we used for testing, but, left them in the code, in case we need them again. Also, I reformatted the PHP code so I could read it a bit easier. Sorry if that messes you up. Anyway, try this version and let me know…

login.php:
[php]

<?php if ($_POST['email']) { //Connect to the database through our include include_once "connect_to_mysql.php"; $email = stripslashes($_POST['email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all database data that - // cannot be changed by member into SESSION variables. // Data that you want member to be able to change - // should never be set into a SESSION variable. $query = "SELECT * FROM memberFiles WHERE email='$email' AND password='$password' AND emailactivated='1'"; //echo "email=" . $email . "

"; //echo "password=" . $password . "

"; //die($sql); $login_check = mysql_num_rows($sql); if($login_check > 0){ while($row = mysql_fetch_array($sql)){ // Get member ID into a session variable $id = $row["id"]; session_register('id'); $_SESSION['id'] = $id; // Get member username into a session variable $username = $row["username"]; session_register('username'); $_SESSION['username'] = $username; // Update last_log_date field for this member now mysql_query("UPDATE memberFiles SET lastlogin=now() WHERE id='$id'"); // Print success message here if all went well then exit the script header("http://www.istreamflix.com/member_profile.php?id=$id"); } // close while } else { // Print login failure message to the user and link them back to your login page die('

No match in our records, try again

Click here to go back to the login page.'); } } // close if post ?> Login to your profile

Email Address:
Password:

[/php]

Changed out the code and got a different result:
Warning: mysql_num_rows() expects parameter 1 to be resource, null given in /home/content/53/8957353/html/login.php on line 20

No match in our records, try again

Oh, yes, you need one more line… Hold on…

Sorry, I was focused on the other errors… Change these 3 lines:
$login_check = mysql_num_rows($sql);
if($login_check > 0){
while($row = mysql_fetch_array($sql)){
To:
[php]
$results = mysql_query($sql);
$login_check = mysql_num_rows($results);
if($login_check > 0){
while($row = mysql_fetch_array($results)){
[/php]
You never actually did the database query! I called the results of the query $results.
That can be changed to something you would like to call it…
Hope that works, Let us know…

Thank U for all your help, I know how hard it is to work with beginners. (I used to teach a GED class.) I swapped out the three lines but it only gave me the initial result of my email address and the hashed up password:

[email protected]

password=2dc4b29f6ffae4e627f6af1b40bc17bb

I still can’t enter into the members area.

Did you replace the entire page that I posted and then alter the 3 lines?
There should not be any displays of email= on the page.
Here is the entire page again with all the fixes…

login.php:
[php]

<?php if ($_POST['email']) { //Connect to the database through our include include_once "connect_to_mysql.php"; $email = stripslashes($_POST['email']); $email = strip_tags($email); $email = mysql_real_escape_string($email); $password = preg_replace("[^A-Za-z0-9]", "", $_POST['password']); // filter everything but numbers and letters $password = md5($password); // Make query and then register all database data that - // cannot be changed by member into SESSION variables. // Data that you want member to be able to change - // should never be set into a SESSION variable. $sql = "SELECT * FROM memberFiles WHERE email='$email' AND password='$password' AND emailactivated='1'"; //echo "email=" . $email . "

"; //echo "password=" . $password . "

"; //die($sql); $results = mysql_query($sql); $login_check = mysql_num_rows($results); if($login_check > 0){ while($row = mysql_fetch_array($results)){ // Get member ID into a session variable $id = $row["id"]; $_SESSION['id'] = $id; // Get member username into a session variable $username = $row["username"]; $_SESSION['username'] = $username; // Update last_log_date field for this member now mysql_query("UPDATE memberFiles SET lastlogin=now() WHERE id='$id'"); // Print success message here if all went well then exit the script header("http://www.istreamflix.com/member_profile.php?id=$id"); } // close while } else { // Print login failure message to the user and link them back to your login page die('

No match in our records, try again

Click here to go back to the login page.'); } } // close if post ?> Login to your profile

Email Address:
Password:

[/php]

Oh, also, you used session_register() a couple times. I deleted those, they are no longer used!

You have the patience of a saint. So I’m gonna say a little prayer. I selected the entire code and copied and pasted it so I wouldn’t screw up. I ran it only to come back with this:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in /home/content/53/8957353/html/login.php on line 22

No match in our records, try again

Well, there is nothing wrong with your nums-rows. So, I am guessing we still have a query issue.
One issue with all of your coding is that is doesn’t really have much for error checking. We have
added some so far. Sooo, to add error checking to the actual query to see if it is getting an error,
Change your query (this line):
$results = mysql_query($sql);
to this line with the added error checking are display of errors:
[php]
$results = mysql_query($sql) or die ("Error in query: $qry " . mysql_error());
[/php]
After you rerun, if the query is really bad, it will display why and show the query…
Hope that helps, I am here for a couple more hours, let me know what happens…

Now we’re rolling…the code tells me I don’t have a database table to update, even though I do have the information IN the database. Of course, it is in the WRONG database, so now I feel even dumberer…(sic)I suspect that I had that one table ided one way and with your code, I am now able to see what the problem morphed into. Thanks!! At least now I know where to start. If there is anyway for me to repay you, let me know. I’m sure I’ll have more questions. (I’m using cakephp as well to construct a different part of the sight and so far I can’t get Dreamweaver to recognize some of the files. I know that’s a bit much but do you have any suggestions?