1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Adding DB status check to login script

Discussion in 'PHP' started by Colbyt, Mar 17, 2006.

  1. #1
    I would like to add to the following script fragment a check for account status. The field status already exists in the DB as an interger field and the possible result are zero or one where 0 = inactive and 1 = active.

    If the query returns a value of 1 for status I want the login to continue as it does now. If the value for staus is 0 I want the login to abort and a message to be displayed to the user. LOGIN faied account not active.

    I am only including the appropriate fragment of the script. I added the *****comment sections*******

    *************post this part**********************
    	if( $_POST['username'] && $_POST['password'] ){
    		$failed = 1;
    		$username = $_POST['username'];
    		$password = $_POST['password'];
    		$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    #		echo $query;
    		$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    		if ( ($result) && (mysql_num_rows($result) > 0) ){
    			$row = mysql_fetch_object($result);
    			$adlogin = $row->username;
    			$myname = $row->username;
    			$adpassword = $row->password;
    			$myuid = $row->uid;
    #			echo $adlogin." ----".$adpassword."<br>";
    			if ( ($username != $adlogin) || ($password != $adpassword) ){
    				$failed = 1;
    			}else{
    				$failed = 0;
    				$loggedin = 1;
    				session_register("loggedin");
    				session_register("myuid");
    				session_register("myname");
    			}
    		}else{
    			$failed = 1;
    		}
    	}
    	if($loggedin){
    		ob_start();
    		header("Location: account.php");
    	}
    *****************end post this part*****************************
    PHP:


    I appreciate any help you can offer.

    Colbyt
    SEMrush
     
    Colbyt, Mar 17, 2006 IP
    SEMrush
  2. mad4

    mad4 Peon

    Messages:
    6,989
    Likes Received:
    493
    Best Answers:
    0
    Trophy Points:
    0
    #2
    Try this:
    
    <?php
    	if( $_POST['username'] && $_POST['password'] ){
    		$failed = 1;
    		$username = $_POST['username'];
    		$password = $_POST['password'];
    		$query = "SELECT * FROM users WHERE username='$username' AND password='$password'";
    #		echo $query;
    		$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
    		if ( ($result) && (mysql_num_rows($result) > 0) ){
    			$row = mysql_fetch_object($result);
    			$status = $row->status;
    			if($status=="1"){
    			$adlogin = $row->username;
    			$myname = $row->username;
    			$adpassword = $row->password;
    			$myuid = $row->uid;
    #			echo $adlogin." ----".$adpassword."<br>";
    			if ( ($username != $adlogin) || ($password != $adpassword) ){
    				$failed = 1;
    			}else{
    				$failed = 0;
    				$loggedin = 1;
    				session_register("loggedin");
    				session_register("myuid");
    				session_register("myname");
    			}
    		}
    		else
    		{
    			$failed=1;
    			echo"LOGIN failed account not active";
    		}
    		}
    		else
    		{
    			$failed = 1;
    		}
    	}
    	if($loggedin){
    		ob_start();
    		header("Location: account.php");
    	}
    
    ?>
    
    PHP:
     
    mad4, Mar 17, 2006 IP
  3. Colbyt

    Colbyt Notable Member

    Messages:
    3,224
    Likes Received:
    185
    Best Answers:
    0
    Trophy Points:
    210
    #3
    That looked like it should work but it did not.

    I am going to fight with this on Saturday.

    At the moment I am thinking a second query for status is the way to go.


    Colbyt
     
    Colbyt, Mar 17, 2006 IP
  4. onlyican.com

    onlyican.com Peon

    Messages:
    206
    Likes Received:
    3
    Best Answers:
    0
    Trophy Points:
    0
    #4
    SImple query

    $query = "SELECT * from table WHERE username='".$_post["username"]."' AND pass = '".$_POST["pass"]."' AND active = '1'"'
     
    onlyican.com, Mar 18, 2006 IP
  5. rvarcher

    rvarcher Peon

    Messages:
    69
    Likes Received:
    4
    Best Answers:
    0
    Trophy Points:
    0
    #5
    In the original code you posted, during the variable assignment add:

    $status = $row->status;

    Then change your code to:

    
    if ( ($username != $adlogin) || ($password != $adpassword) )
    {
         $failed = 1;
    }
    else if ( $status != 1 )
    {
         die("LOGIN failed account not active.");
    }
    else
    {
         $failed = 0;
         $loggedin = 1;
         session_register("loggedin");
         session_register("myuid");
         session_register("myname");
    }
    
    PHP:
     
    rvarcher, Mar 18, 2006 IP
  6. Colbyt

    Colbyt Notable Member

    Messages:
    3,224
    Likes Received:
    185
    Best Answers:
    0
    Trophy Points:
    210
    #6
    Thanks for all the replies.

    This login script was posting the username and password to another script. No matter what I did if a valid username and password was entered the second script was invoked.

    I found it reasonably easy to add a query for status ($status) to that second script and these lines of code did the trick.

    No PHP tags on quick reply.


    Colbyt
     
    Colbyt, Mar 18, 2006 IP