0

I'm trying to create a php scipt that checks if members are verified as they land on a page. If they are not they get redierected to login with an error message & instructions. So on the page I have this code:

<?php
    if (loggedin()) {
        $check_active = "SELECT active FROM members WHERE username == '$username'";
        $active = mysql_query($check_active);
        if ($active < 1) {
            header("Location: login.php?verify=true");
        } else {
            exit();
        }
    }
?>

It is redirecting the user back to the login page but it doing it whether they are active or not. The values for active members are 0(not verified) & 1(verified). Is htere something wrong in the script I'm using?

Thank You

Improve this question
4
  • You're not fetching a row from the query result. Commented Mar 15, 2013 at 20:40
  • 1
    does == work in this context? Commented Mar 15, 2013 at 20:41
  • 1
    $active is always less than 1 because the integer value of the resource (not an integer) returned by mysql_query is always 0. Second, mysql_ functions are deprecated as of PHP 5.5 and should be replace with odbc_connect, ADO, or PDO object connections. Commented Mar 15, 2013 at 20:49
  • You are assigning the mysql_query retuned value to the variable. mysql_query returns Zero if the statement was successful. Nonzero if an error occurred. What happens here is it will not authenticate user if the username is valid. You should fetch a row as @jeroen said. Commented Mar 15, 2013 at 20:59

3 Answers 3

Reset to default
3

You'll need to handle the $active result and put it into a PHP variable/array. $active as it is in your code is simply a resource (see here) Try this:

$active = mysql_query($check_active); // run query and return resource

$row = mysql_fetch_assoc($active);  // put resource data into php array   

if ($row['active'] < 1) {
    header("Location: login.php?verify=true");
} else {
    exit();
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Please don't use old mysql, use mysqli_ or read topic on http://php.net/manual/en/function.mysql-query.php.

Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information.

Improve this answer

Comments

0

You aren't fetching the data correctly after the query.

Right after you do the the mysql_query function. Try this:

$output = mysql_fetch_assoc($active);
$active_result = $ouput['active'];

Don't know if it might work.

And add a little more security for SQL injection there. And use MySQLi instead since you aren't keen on preventing SQL injection yourself.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.