You can login there and it will register the user okay to the mysql database. Originally, the "activation" was set to "null". For some reason, when the user gets the welcome email, they click the link but it does not change the activate membership on the mysql side. It remains null. So just for a test, I set the default to "1" which will activate the account.
click on "signup.html" and it lets you create an account just fine. If you go to "login.html" it will let you login and gives the message just fine as well. The problem is when you don't enter your credentials correctly it just sits at a blank page. Here is the code:
$username = $_POST["username"];
$password = $_POST["password"];
$result = MYSQL_QUERY("SELECT * from users WHERE username='$username'and password='$password'")
or die ("Name and password not found or not matched");
A few things. First off, about the parse error. Without seeing code I can't help too much about the problem. Most common parse errors are caused by a missing semi-colon or quotations. Check on the lines above the line the parse error provides you.
As for the blank page. What I would do personnaly is rather than using the die statement, I would check to see if results were returned.
One thing I noticed about your script, you have SQL injections in the queries. This can cause major security situations via the database depending on how exactly PHP is configured. What I mean exactly is the query you're using. You should use addslashes. What that funciton will do is escape the quotes in your post vairables. Let me show you an example of something someone can do:
If someone puts their username as:
admin' AND password <>
And their password as:
AND email <> '
Your query will turn out like this after php parses the query and when MySQL attempts to execute the query:
SELECT * from users WHERE username='admin' AND password <> ' and password=' AND email <> ''
There should be a space before the above line.
So basically the way you have wrote that. All I would have to do is place those two entries above in the username and password field. It will give me access as long as there is a user with the username as admin and it's password does not equal ' and password=' (without the quotes) and that same user's email is not empty.
That would grant me access and actually give me full admin access as long as that was the correct username.
That's just a little help! ;)
Let me know if you have any other questions.
EDIT: I actually tested it and it appears your server has PHP configured to automatically escape post variables, which is good, but you should always addslashes to variables and or intval the variables using intval.
What you can do is post a reply using the "Go Advanced" button.
Under where you can type click on the "Manage Attachments" button and then upload that file here in order for me to be able to download the file and take a look at it. Once I read through it and modify it I'll attach my version.