NSW42 Posted February 19, 2009 Share Posted February 19, 2009 Heya, when a user joins mysite they get sent an email to verify there email address, which is what its suppose to do, but if even if they dont validate the email, they can still login to the site, again this is what the script allows, but what I want is, unless they verify there account via the email they get sent, I dont want them to be able to login to the site as it defeats the purpose of even sending the email in the 1st place to make sure its a valid email, the code below works on 1 or 0 for verified emails, but im sure it can be done in a way to stop members logging in until they verify there email address, any help on this is appreciated. <?php ob_start("ob_gzhandler"); session_start(); include("includes/config.php"); $email=str_replace("'","",$HTTP_POST_VARS["email"]); $password=str_replace("'", "", $HTTP_POST_VARS["password"]); $password=md5($password); $sql="select * from members where member_email like '$email' and member_password like '$password' and enabled = '1'"; $result=mysql_query($sql); $num_rows=mysql_num_rows($result); $RSUser=mysql_fetch_array($result); if ($num_rows==0) { print ("<script language='JavaScript'> window.location='index.php?err=1'; </script>"); } else { //if($RSUser["email_verify"]==0) //{ // print ("<script language='JavaScript'> window.location='login.php?err=2'; </script>"); //} //else //{ $posted_on=date("m/d/Y"); $ip_address=$_SERVER['REMOTE_ADDR']; Quote Link to comment Share on other sites More sharing options...
premiso Posted February 19, 2009 Share Posted February 19, 2009 HTTP_POST has been depreciated use $_POST instead. On the login verification page do you set enabled to be 0? If not that is your problem. To me it does not seem like that is what you are doing. From this code, given what you stated it "should" work. But yea, without seeing where the register information is entered, it is hard to say. Also you should set member_password to be = not like, this can be a security risk/vunerability. Same with the member email. Quote Link to comment Share on other sites More sharing options...
Cal Posted February 19, 2009 Share Posted February 19, 2009 Maybe in your database the field "enabled" is 1 by default, check that. Also, escape your email variable. $email = mysql_real_escape_string(str_replace("'","",$HTTP_POST_VARS["email"])); Quote Link to comment Share on other sites More sharing options...
NSW42 Posted February 19, 2009 Author Share Posted February 19, 2009 thanks for your help so far, and in the members table verify email, its default setting is 0, so im guessing a code in the above file to allow login only if there is "1" instead of "0". but to be very honest I have no clue on how to go about it, hence asking for help here. Quote Link to comment Share on other sites More sharing options...
Cal Posted February 19, 2009 Share Posted February 19, 2009 wheres the register script Quote Link to comment Share on other sites More sharing options...
NSW42 Posted February 19, 2009 Author Share Posted February 19, 2009 actually cal I fixed it, the code is actually in what I pasted, but was disabled, if you take a good look it hits you right between the eyes again thanks for any help provided to me and thats why I love this place. Regards Quote Link to comment Share on other sites More sharing options...
NSW42 Posted February 19, 2009 Author Share Posted February 19, 2009 thanks again Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.