ryanharper Posted January 7, 2010 Share Posted January 7, 2010 I have a site protected with PHP and SQL. Once registered you are automatically in the database and log in. Is there a way that I can have a user register and approve their account before they are able to login? Please Help!! Link to comment https://forums.phpfreaks.com/topic/187596-php-password-protect-site/ Share on other sites More sharing options...
ignace Posted January 7, 2010 Share Posted January 7, 2010 Add an additional field that indicates wether they may login: is_approved BOOLEAN NOT NULL DEFAULT FALSE On login: WHERE username = '$username' AND password = '$password' AND is_approved = TRUE Link to comment https://forums.phpfreaks.com/topic/187596-php-password-protect-site/#findComment-990412 Share on other sites More sharing options...
JAY6390 Posted January 7, 2010 Share Posted January 7, 2010 Simply add a field 'activated' (bool) and have it set to false by default. when you approve it, change it to true. To implement it just check that the activated value is true, if not show an error page or w/e Link to comment https://forums.phpfreaks.com/topic/187596-php-password-protect-site/#findComment-990413 Share on other sites More sharing options...
ryanharper Posted January 7, 2010 Author Share Posted January 7, 2010 Ignace, my login-exec.php page contains the following <?php //Start session session_start(); //Include database connection details require_once('config.php'); //Array to store validation errors $errmsg_arr = array(); //Validation error flag $errflag = false; //Connect to mysql server $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); if(!$link) { die('Failed to connect to server: ' . mysql_error()); } //Select database $db = mysql_select_db(DB_DATABASE); if(!$db) { die("Unable to select database"); } //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return mysql_real_escape_string($str); } //Sanitize the POST values $login = clean($_POST['login']); $password = clean($_POST['password']); //Input Validations if($login == '') { $errmsg_arr[] = 'Login ID missing'; $errflag = true; } if($password == '') { $errmsg_arr[] = 'Password missing'; $errflag = true; } //If there are input validations, redirect back to the login form if($errflag) { $_SESSION['ERRMSG_ARR'] = $errmsg_arr; session_write_close(); header("location: login-form.php"); exit(); } //Create query $qry="SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."'"; $result=mysql_query($qry); //Check whether the query was successful or not if($result) { if(mysql_num_rows($result) == 1) { //Login Successful session_regenerate_id(); $member = mysql_fetch_assoc($result); $_SESSION['SESS_MEMBER_ID'] = $member['member_id']; $_SESSION['SESS_FIRST_NAME'] = $member['firstname']; $_SESSION['SESS_LAST_NAME'] = $member['lastname']; session_write_close(); header("location: member-index.php"); exit(); }else { //Login failed header("location: login-failed.php"); exit(); } }else { die("Query failed"); } ?> where do I add the code you suggested to make this work? Link to comment https://forums.phpfreaks.com/topic/187596-php-password-protect-site/#findComment-990424 Share on other sites More sharing options...
ignace Posted January 7, 2010 Share Posted January 7, 2010 "SELECT * FROM members WHERE login='$login' AND passwd='".md5($_POST['password'])."' AND is_approved = TRUE" Link to comment https://forums.phpfreaks.com/topic/187596-php-password-protect-site/#findComment-990503 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.