Jump to content

Recommended Posts

Heya,

 

when a user joins mysite they get sent an email to verify there email address, which is what its suppose to do, but if even if they dont validate the email, they can still login to the site, again this is what the script allows, but what I want is, unless they verify there account via the email they get sent, I dont want them to be able to login to the site as it defeats the purpose of even sending the email in the 1st place to make sure its a valid email, the code below works on 1 or 0 for verified emails, but im sure it can be done in a way to stop members logging in until they verify there email address, any help on this is appreciated.

 

 

<?php
ob_start("ob_gzhandler");

session_start();
include("includes/config.php");

  $email=str_replace("'","",$HTTP_POST_VARS["email"]);
  $password=str_replace("'", "", $HTTP_POST_VARS["password"]);
  $password=md5($password);

        $sql="select * from members where member_email like '$email' and member_password like '$password' and enabled = '1'";
        $result=mysql_query($sql);
        $num_rows=mysql_num_rows($result);
        $RSUser=mysql_fetch_array($result);
  if ($num_rows==0)
  {
        print ("<script language='JavaScript'> window.location='index.php?err=1'; </script>");
  }
  else
  {
  //if($RSUser["email_verify"]==0)
  //{
  //      print ("<script language='JavaScript'> window.location='login.php?err=2'; </script>");
  //}
  //else
  //{
        $posted_on=date("m/d/Y");
        $ip_address=$_SERVER['REMOTE_ADDR'];

Link to comment
https://forums.phpfreaks.com/topic/146021-solved-account-validationlogin/
Share on other sites

HTTP_POST has been depreciated use $_POST instead.

 

On the login verification page do you set enabled to be 0? If not that is your problem. To me it does not seem like that is what you are doing. From this code, given what you stated it "should" work. But yea, without seeing where the register information is entered, it is hard to say.

 

Also you should set member_password to be = not like, this can be a security risk/vunerability. Same with the member email.

thanks for your help so far, and in the members table verify email, its default setting is 0, so im guessing a code in the above file to allow login only if there is "1" instead of "0". but to be very honest I have no clue on how to go about it, hence asking for help here.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.