Sorry, user is not active. Contact your system administrator

Scriptcase 9 General
#1

I get this error after putting in good credentials on the app_Login screen generated by the security module. I’ve regenerated and deployed the applications. Wiped the MySQL security tables and reentered the security information, but can’t get paste this error. Can anyone offer any advice? The code seen below.
$slogin = sc_sql_injection({login});
$spswd = sc_sql_injection(({pswd}));

$sql = "SELECT
priv_admin,
active,
name,
email
FROM sec_users
WHERE login = $slogin
AND pswd = ".$spswd;

sc_lookup(rs, $sql);

if(count({rs}) == 0)
{
sc_log_add(‘login Fail’, {lang_login_fail} . {login});
;
sc_error_message({lang_error_login});
}
else if({rs[0][1]} == ‘Y’)
{
[usr_login] = {login};
[usr_priv_admin] = {rs[0][0]};
[usr_name] = {rs[0][2]};
[usr_email] = {rs[0][3]};
}
else
{
sc_error_message({lang_error_not_active});
sc_error_exit();
}

#2

Not sure. If you have enabled security in your test env. then all works well? Then I suggest you copy your full data to prod. Other option is to log the generated sql statement so you can see what it does and why it fails.

#3

Can you show a sample row returned by the select with the ‘Active’ column?

#4

The message is due to the logic flow of the If statement. Check the count for rs as an output, it might actually pass the first condition. But since it will most definitely not pass the second condition it defaults to the “else”.

#5

Thanks for your input. The code is straight from the Security Module. I’ve used it on a couple of other projects with no problem. Why do you say it not pass the second condition.
If active=='Y
I.E. {rs[0][1]

#6

So, I’ve found that in all my SQL queries, I’m having to prefix the table name with the schema.
Something has changed in my environment, but I’m not sure what. Previously,
“select * from orders” in the SQL for my grids worked fine.
Now I have to “select * from MyDB.orders”. Have I changed something inadvertantly on my server
or in the SC environment?

#7

Try this :-

sc_lookup(ds, ‘Select * from gummybear’); //gummybear doesn’t exist

echo Count(ds);

You will notice, even though the table gummybear doesn’t exist, the count is returned as 1.

So in the security example it passes the first condition. The second condition is where it checks for ‘Y’ which will fail since it compares null to ‘Y’, so it goes to the default message.

For the explicit schema requirement, is it MySQL on both environments? Make sure the user is the schema owner to avoid the issue where you have to explicitly specify the schema plus table.