Adding DB status check to login script

I would like to add to the following script fragment a check for account status. The field status already exists in the DB as an interger field and the possible result are zero or one where 0 = inactive and 1 = active.

If the query returns a value of 1 for status I want the login to continue as it does now. If the value for staus is 0 I want the login to abort and a message to be displayed to the user. LOGIN faied account not active.

I am only including the appropriate fragment of the script. I added the *****comment sections*******

*************post this part**********************
	if( $_POST['username'] && $_POST['password'] ){
		$failed = 1;
		$username = $_POST['username'];
		$password = $_POST['password'];
		$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
#		echo $query;
		$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
		if ( ($result) && (mysql_num_rows($result) > 0) ){
			$row = mysql_fetch_object($result);
			$adlogin = $row->username;
			$myname = $row->username;
			$adpassword = $row->password;
			$myuid = $row->uid;
#			echo $adlogin." ----".$adpassword."<br>";
			if ( ($username != $adlogin) || ($password != $adpassword) ){
				$failed = 1;
			}else{
				$failed = 0;
				$loggedin = 1;
				session_register("loggedin");
				session_register("myuid");
				session_register("myname");
			}
		}else{
			$failed = 1;
		}
	}
	if($loggedin){
		ob_start();
		header("Location: account.php");
	}
*****************end post this part*****************************

PHP:

I appreciate any help you can offer.

Colbyt

 

Try this:

<?php
	if( $_POST['username'] && $_POST['password'] ){
		$failed = 1;
		$username = $_POST['username'];
		$password = $_POST['password'];
		$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
#		echo $query;
		$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
		if ( ($result) && (mysql_num_rows($result) > 0) ){
			$row = mysql_fetch_object($result);
			$status = $row->status;
			if($status=="1"){
			$adlogin = $row->username;
			$myname = $row->username;
			$adpassword = $row->password;
			$myuid = $row->uid;
#			echo $adlogin." ----".$adpassword."<br>";
			if ( ($username != $adlogin) || ($password != $adpassword) ){
				$failed = 1;
			}else{
				$failed = 0;
				$loggedin = 1;
				session_register("loggedin");
				session_register("myuid");
				session_register("myname");
			}
		}
		else
		{
			$failed=1;
			echo"LOGIN failed account not active";
		}
		}
		else
		{
			$failed = 1;
		}
	}
	if($loggedin){
		ob_start();
		header("Location: account.php");
	}

?>

PHP:

 

That looked like it should work but it did not.

I am going to fight with this on Saturday.

At the moment I am thinking a second query for status is the way to go.


Colbyt

 

SImple query

$query = "SELECT * from table WHERE username='".$_post["username"]."' AND pass = '".$_POST["pass"]."' AND active = '1'"'

 

In the original code you posted, during the variable assignment add:

$status = $row->status;

Then change your code to:

if ( ($username != $adlogin) || ($password != $adpassword) )
{
     $failed = 1;
}
else if ( $status != 1 )
{
     die("LOGIN failed account not active.");
}
else
{
     $failed = 0;
     $loggedin = 1;
     session_register("loggedin");
     session_register("myuid");
     session_register("myname");
}

PHP:

 

Thanks for all the replies.

This login script was posting the username and password to another script. No matter what I did if a valid username and password was entered the second script was invoked.

I found it reasonably easy to add a query for status ($status) to that second script and these lines of code did the trick.

No PHP tags on quick reply.


Colbyt